First post - Extremely Slow PC - Slow too boot

**jinxie** · 2011-10-08, 05:24

Thank in advance

PC is well over 5 minutes to boot and access a webpage.
Very slow when surfing and accessing programs.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Derek Smith at 22:16:26 on 2011-10-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.73 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Soluto\soluto.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 8\cbService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.weatheroffice.gc.ca/city/pages/mb-38_metric_e.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SuperPoke Pets Toolbar: {84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45} - c:\program files\superpoke_pets\prxtbSup0.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: SuperPoke Pets Toolbar: {84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45} - c:\program files\superpoke_pets\prxtbSup0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SuperPoke Pets Toolbar: {84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45} - c:\program files\superpoke_pets\prxtbSup0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Cobian Backup 8 interface] "c:\program files\cobian backup 8\cbInterface.exe" -service
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [WUSB54Gv2] c:\program files\linksys wireless-g usb wireless network monitor\InvokeSvc3.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://design-concept.ca/Core/Player/2020PlayerAX_Win32.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.100.254 142.161.130.154
TCP: Interfaces\{1F268CEC-6ADF-4F70-85A7-BC3096970FFD} : DhcpNameServer = 208.67.220.220,208.67.222.222
TCP: Interfaces\{39F81828-0E93-4D57-B509-713BFB34BF34} : DhcpNameServer = 192.168.100.254 142.161.130.154
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2011-7-26 51144]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-5 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 74480]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-5 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-5 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-5 66616]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2011-7-21 392224]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-26 08:41:09 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-21 16:33:54 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 22:19:02.73 ===============

Attachment 8627

**ken545** · 2011-10-09, 19:13

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Nothing jumping out at me on your log, do you download programs or music via the torrents ?

Looks like you dont have a whole lot of free space left on your hard drive, this can slow you down
C: is FIXED (NTFS) - 49 GiB total, 4.545 GiB free.

Lets run a few scans
Download CKScanner by askey127 from Here & save it to your Desktop.

Doubleclick CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

Please download Malwarebytes from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

Post the logs from the above scanners, if they all wont fit in one reply than take as many replies as you need

1. CKScanner log
2. aswMBR log
3. Malwarebytes log

**jinxie** · 2011-10-10, 19:38

Ok.....here we go......

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\zhu zhu pets\sounds\crack.ogg
scanner sequence 3.AP.11.BANAJF
----- EOF -----

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-10 10:38:43
-----------------------------
10:38:43.778 OS Version: Windows 5.1.2600 Service Pack 3
10:38:43.778 Number of processors: 1 586 0x401
10:38:43.778 ComputerName: DEREK-FC4F55BE8 UserName: Derek Smith
10:38:46.262 Initialize success
10:38:57.575 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
10:38:57.575 Disk 0 Vendor: WDC_WD2500JB-55REA0 20.00K20 Size: 238475MB BusType: 3
10:38:57.606 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
10:38:57.606 Disk 1 Vendor: WDC_WD2500JB-55REA0 20.00K20 Size: 238475MB BusType: 3
10:38:59.606 Disk 0 MBR read successfully
10:38:59.606 Disk 0 MBR scan
10:38:59.606 Disk 0 Windows XP default MBR code
10:38:59.606 Disk 0 scanning sectors +488392065
10:38:59.637 Disk 0 malicious Win32:MBRoot code @ sector 488392068 !
10:38:59.637 Disk 0 PE file @ sector 488392090 !
10:38:59.700 Disk 0 scanning C:\WINDOWS\system32\drivers
10:39:19.528 Service scanning
10:39:20.887 Modules scanning
10:39:29.372 Disk 0 trace - called modules:
10:39:29.903 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:39:29.903 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fd19c0]
10:39:29.903 3 CLASSPNP.SYS[f8702fd7] -> nt!IofCallDriver -> \Device\00000060[0x82f72f18]
10:39:29.903 5 ACPI.sys[f8679620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82f71030]
10:39:29.919 Scan finished successfully
10:39:37.825 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Derek Smith\Desktop\MBR.dat"
10:39:37.825 The log file has been saved successfully to "C:\Documents and Settings\Derek Smith\Desktop\aswMBR.txt"

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7917

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/10/2011 11:31:30 AM
mbam-log-2011-10-10 (11-31-29).txt

Scan type: Quick scan
Objects scanned: 194380
Time elapsed: 17 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**ken545** · 2011-10-10, 19:55

Lets try this, thanks for the logs by the way

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

**jinxie** · 2011-10-11, 06:34

ComboFix 11-10-10.04 - Derek Smith 10/10/2011 23:11:10.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.206 [GMT -5:00]
Running from: c:\documents and settings\Derek Smith\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\GuffinsEI
.
.
((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 )))))))))))))))))))))))))))))))
.
.
2011-10-10 15:44 . 2011-10-10 15:44 -------- d-----w- c:\documents and settings\Derek Smith\Application Data\Sammsoft
2011-10-10 15:44 . 2011-10-10 15:44 -------- d-----w- c:\program files\ARO 2011
2011-10-08 03:06 . 2011-10-08 03:06 -------- d-----w- c:\program files\ERUNT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2004-08-03 23:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 22:00 . 2010-12-05 03:35 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-26 08:41 . 2010-12-05 23:30 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-26 08:41 . 2010-12-05 23:30 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-21 16:33 . 2011-07-27 01:02 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2011-07-15 13:29 . 2004-08-03 22:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45}"= "c:\program files\SuperPoke_Pets\prxtbSup0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45}]
2011-01-17 14:54 175912 ----a-w- c:\program files\SuperPoke_Pets\prxtbSup0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45}"= "c:\program files\SuperPoke_Pets\prxtbSup0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{84E53B2B-B8F6-4B9A-AB0C-FC293D0F7A45}"= "c:\program files\SuperPoke_Pets\prxtbSup0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-17 139264]
"AROReminder"="c:\program files\ARO 2011\aro.exe" [2011-01-25 2312048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-12-14 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-12-14 118784]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Cobian Backup 8 interface"="c:\program files\Cobian Backup 8\cbInterface.exe" [2007-09-27 2425856]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"WUSB54Gv2"="c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 24576]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-05 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-11 16:00 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdeletesprestrt
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqimzone.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2917:TCP"= 2917:TCP:Services
"4334:TCP"= 4334:TCP:Services
"3225:TCP"= 3225:TCP:Services
"4950:TCP"= 4950:TCP:Services
.
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [7/26/2011 8:02 PM 51144]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/5/2010 6:30 PM 136360]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [7/21/2011 11:52 AM 392224]
S3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [10/12/2010 12:59 PM 206072]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.weatheroffice.gc.ca/city/pages/mb-38_metric_e.html
uInternet Connection Wizard,ShellNext = yes
uInternet Connection Wizard,ShellNext = 0a000000
uInternet Connection Wizard,ShellNext = yes
uInternet Connection Wizard,ShellNext = 01000000
uInternet Connection Wizard,ShellNext = yes
uInternet Connection Wizard,ShellNext = 1a000000
uInternet Connection Wizard,ShellNext = 1a000000
uInternet Connection Wizard,ShellNext = Microsoft Corporation
uInternet Connection Wizard,ShellNext = MICROSO
uInternet Connection Wizard,ShellNext = 6.0.2600.0000
uInternet Connection Wizard,ShellNext = no
uInternet Connection Wizard,ShellNext = yes
uInternet Connection Wizard,ShellNext = \0
uInternet Connection Wizard,ShellNext = about:NoAdd-ons
uInternet Connection Wizard,ShellNext = about:SecurityRisk
uInternet Connection Wizard,ShellNext = 0 (0x0)
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.100.254 142.161.130.154
TCP: Interfaces\{1F268CEC-6ADF-4F70-85A7-BC3096970FFD}: DhcpNameServer = 208.67.220.220,208.67.222.222
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-10 23:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1804)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
Completion time: 2011-10-10 23:32:41
ComboFix-quarantined-files.txt 2011-10-11 04:32
ComboFix2.txt 2010-12-05 23:22
ComboFix3.txt 2010-12-05 19:24
.
Pre-Run: 5,173,444,608 bytes free
Post-Run: 6,289,915,904 bytes free
.
- - End Of File - - 4D080139ED62D26C8FE865A7CC339759

**ken545** · 2011-10-11, 10:15

Good Morning

Step 1 | Download MBRCheck.exe to your desktop.

Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

**jinxie** · 2011-10-12, 03:54

Here it is...........

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fd

Kernel Drivers (total 136):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF8BC2000 \WINDOWS\system32\KDCOM.DLL
0xF8AD2000 \WINDOWS\system32\BOOTVID.dll
0xF8673000 ACPI.sys
0xF8BC4000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8662000 pci.sys
0xF86C2000 isapnp.sys
0xF8C8A000 pciide.sys
0xF8942000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8BC6000 intelide.sys
0xF86D2000 MountMgr.sys
0xF8643000 ftdisk.sys
0xF8BC8000 dmload.sys
0xF861D000 dmio.sys
0xF894A000 PartMgr.sys
0xF86E2000 VolSnap.sys
0xF8605000 atapi.sys
0xF86F2000 disk.sys
0xF8702000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF85E5000 fltmgr.sys
0xF85D3000 sr.sys
0xF8712000 PxHelp20.sys
0xF85BC000 KSecDD.sys
0xF852F000 Ntfs.sys
0xF8502000 NDIS.sys
0xF8722000 Soluto.sys
0xF84E8000 Mup.sys
0xF7CB4000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF783F000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF782B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF8A82000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7807000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8A8A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF77E3000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF8762000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8A92000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8A9A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8772000 \SystemRoot\system32\DRIVERS\serial.sys
0xF8BBA000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF8AA2000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\parport.sys
0xF8782000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8792000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF87A2000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF77AC000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8AAA000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF771E000 \SystemRoot\system32\drivers\smwdm.sys
0xF76FA000 \SystemRoot\system32\drivers\portcls.sys
0xF87B2000 \SystemRoot\system32\drivers\drmk.sys
0xF8C04000 \SystemRoot\system32\drivers\aeaudio.sys
0xF8E19000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF87C2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF84C4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF76E3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF87D2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF87E2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8AB2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF76D2000 \SystemRoot\system32\DRIVERS\psched.sys
0xF87F2000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8ABA000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8AC2000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF76A2000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8812000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8C08000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7644000 \SystemRoot\system32\DRIVERS\update.sys
0xF84A4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8822000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEF577000 \SystemRoot\system32\drivers\ialmkchw.sys
0xEF559000 \SystemRoot\system32\drivers\ialmsbw.sys
0xF8842000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8C14000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF896A000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF8C16000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8D7B000 \SystemRoot\System32\Drivers\Null.SYS
0xF8C18000 \SystemRoot\System32\Drivers\Beep.SYS
0xF897A000 \SystemRoot\System32\drivers\vga.sys
0xF8C1A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8C1C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8982000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF898A000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF786B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEF4FE000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEF4A5000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEF47D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEF45B000 \SystemRoot\System32\drivers\afd.sys
0xF8862000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF8992000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF899A000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xEF40E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF89A2000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xEF3E3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEF373000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8872000 \SystemRoot\System32\Drivers\Fips.SYS
0xEF34D000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF8882000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEE613000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF8C24000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF8922000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEE5FB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8C4E000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEF531000 \SystemRoot\System32\drivers\Dxapi.sys
0xF89DA000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8D36000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF073000 \SystemRoot\System32\ialmdd5.DLL
0xBF0EF000 \SystemRoot\System32\ATMFD.DLL
0xEE4A4000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xEE490000 \SystemRoot\system32\DRIVERS\mdc8021x.sys
0xEE0A7000 \SystemRoot\system32\drivers\wdmaud.sys
0xEE1D4000 \SystemRoot\system32\drivers\sysaudio.sys
0xEDDA4000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF8C82000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEDA2C000 \SystemRoot\system32\DRIVERS\srv.sys
0xF89AA000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xED747000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xED547000 \??\C:\WINDOWS\system32\GTNDIS5.SYS
0xED3D2000 \SystemRoot\System32\Drivers\HTTP.sys
0xF89D2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xED91C000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF89BA000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF8A4A000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF8A7A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xED17A000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xEE09B000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xECC09000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xECA20000 \SystemRoot\system32\DRIVERS\WUSB20XP.sys
0xED0DA000 \??\C:\DOCUME~1\DEREKS~1\LOCALS~1\Temp\aswMBR.sys
0xF8C2A000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xF8972000 \??\C:\DOCUME~1\DEREKS~1\LOCALS~1\Temp\catchme.sys
0xEC6FA000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 56):
0 System Idle Process
4 System
772 C:\WINDOWS\system32\smss.exe
844 csrss.exe
868 C:\WINDOWS\system32\winlogon.exe
912 C:\WINDOWS\system32\services.exe
924 C:\WINDOWS\system32\lsass.exe
1088 C:\WINDOWS\system32\svchost.exe
1148 PresentationFontCache.exe
1180 svchost.exe
1324 C:\WINDOWS\system32\svchost.exe
1440 svchost.exe
1512 svchost.exe
1540 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
1696 C:\Program Files\Soluto\Soluto.exe
1984 C:\WINDOWS\system32\spoolsv.exe
2028 C:\WINDOWS\system32\igfxtray.exe
2036 C:\Program Files\Avira\AntiVir Desktop\sched.exe
2044 C:\WINDOWS\system32\hkcmd.exe
208 C:\Program Files\Cobian Backup 8\cbInterface.exe
300 C:\Program Files\PowerISO\PWRISOVM.EXE
548 C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
596 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
608 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
640 C:\Program Files\Common Files\Java\Java Update\jusched.exe
684 C:\Program Files\iTunes\iTunesHelper.exe
712 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
720 C:\WINDOWS\system32\ctfmon.exe
752 svchost.exe
1300 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1472 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
968 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
1500 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1640 C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
1872 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
172 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
312 C:\Program Files\Bonjour\mDNSResponder.exe
412 C:\Program Files\Cobian Backup 8\cbService.exe
816 C:\Program Files\Java\jre6\bin\jqs.exe
2400 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
2472 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
2604 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
2656 C:\WINDOWS\system32\svchost.exe
2696 C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
2732 C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
2880 C:\Program Files\Canon\CAL\CALMAIN.exe
3584 C:\Program Files\iPod\bin\iPodService.exe
2096 alg.exe
336 C:\Program Files\Soluto\SolutoService.exe
3980 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
2904 C:\WINDOWS\system32\HPZipm12.exe
1804 C:\WINDOWS\explorer.exe
972 C:\Program Files\Internet Explorer\iexplore.exe
236 C:\Program Files\Internet Explorer\iexplore.exe
4072 C:\WINDOWS\system32\wscntfy.exe
3836 C:\Documents and Settings\Derek Smith\Local Settings\Temporary Internet Files\Content.IE5\MEWKTDSH\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`007e0000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000000c`34f2cc00 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500JB-55REA0, Rev: 20.00K20
PhysicalDrive1 Model Number: WDCWD2500JB-55REA0, Rev: 20.00K20

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
232 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

**ken545** · 2011-10-12, 10:32

It looks like your MBR (Master Boot Record ) may be infected, thats a real sensitive area so lets run this other program first and see what it comes up with

Please download TDSSKiller.zip

Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)

**jinxie** · 2011-10-13, 01:39

18:37:40.0734 3632 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54
18:37:41.0078 3632 ============================================================
18:37:41.0093 3632 Current date / time: 2011/10/12 18:37:41.0078
18:37:41.0093 3632 SystemInfo:
18:37:41.0093 3632
18:37:41.0093 3632 OS Version: 5.1.2600 ServicePack: 3.0
18:37:41.0093 3632 Product type: Workstation
18:37:41.0093 3632 ComputerName: DEREK-FC4F55BE8
18:37:41.0093 3632 UserName: Derek Smith
18:37:41.0093 3632 Windows directory: C:\WINDOWS
18:37:41.0093 3632 System windows directory: C:\WINDOWS
18:37:41.0093 3632 Processor architecture: Intel x86
18:37:41.0093 3632 Number of processors: 1
18:37:41.0093 3632 Page size: 0x1000
18:37:41.0093 3632 Boot type: Normal boot
18:37:41.0093 3632 ============================================================
18:37:42.0937 3632 Initialize success
18:37:50.0531 0808 ============================================================
18:37:50.0531 0808 Scan started
18:37:50.0531 0808 Mode: Manual;
18:37:50.0531 0808 ============================================================
18:37:51.0906 0808 Abiosdsk - ok
18:37:51.0953 0808 abp480n5 - ok
18:37:52.0015 0808 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:37:52.0031 0808 ACPI - ok
18:37:52.0078 0808 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:37:52.0140 0808 ACPIEC - ok
18:37:52.0171 0808 adpu160m - ok
18:37:52.0218 0808 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
18:37:52.0281 0808 aeaudio - ok
18:37:52.0328 0808 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:37:52.0375 0808 aec - ok
18:37:52.0437 0808 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:37:52.0437 0808 AFD - ok
18:37:52.0468 0808 Aha154x - ok
18:37:52.0500 0808 aic78u2 - ok
18:37:52.0531 0808 aic78xx - ok
18:37:52.0578 0808 AliIde - ok
18:37:52.0593 0808 amsint - ok
18:37:52.0656 0808 asc - ok
18:37:52.0687 0808 asc3350p - ok
18:37:52.0734 0808 asc3550 - ok
18:37:52.0812 0808 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:37:52.0828 0808 AsyncMac - ok
18:37:52.0859 0808 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:37:52.0859 0808 atapi - ok
18:37:52.0890 0808 Atdisk - ok
18:37:52.0953 0808 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:37:52.0984 0808 Atmarpc - ok
18:37:53.0031 0808 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:37:53.0078 0808 audstub - ok
18:37:53.0140 0808 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
18:37:53.0171 0808 avgio - ok
18:37:53.0234 0808 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:37:53.0234 0808 avgntflt - ok
18:37:53.0281 0808 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:37:53.0343 0808 avipbb - ok
18:37:53.0390 0808 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:37:53.0437 0808 Beep - ok
18:37:53.0562 0808 catchme - ok
18:37:53.0625 0808 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:37:53.0656 0808 cbidf2k - ok
18:37:53.0687 0808 cd20xrnt - ok
18:37:53.0718 0808 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:37:53.0750 0808 Cdaudio - ok
18:37:53.0812 0808 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:37:53.0812 0808 Cdfs - ok
18:37:53.0859 0808 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:37:53.0906 0808 Cdrom - ok
18:37:54.0046 0808 Changer - ok
18:37:54.0125 0808 CmdIde - ok
18:37:54.0171 0808 Cpqarray - ok
18:37:54.0203 0808 dac2w2k - ok
18:37:54.0234 0808 dac960nt - ok
18:37:54.0281 0808 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:37:54.0296 0808 Disk - ok
18:37:54.0359 0808 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:37:54.0468 0808 dmboot - ok
18:37:54.0515 0808 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
18:37:54.0531 0808 dmio - ok
18:37:54.0546 0808 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:37:54.0546 0808 dmload - ok
18:37:54.0609 0808 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:37:54.0640 0808 DMusic - ok
18:37:54.0687 0808 dpti2o - ok
18:37:54.0718 0808 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:37:54.0750 0808 drmkaud - ok
18:37:54.0812 0808 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:37:54.0812 0808 E100B - ok
18:37:54.0906 0808 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:37:54.0968 0808 Fastfat - ok
18:37:55.0046 0808 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:37:55.0078 0808 Fdc - ok
18:37:55.0140 0808 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:37:55.0171 0808 Fips - ok
18:37:55.0218 0808 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:37:55.0250 0808 Flpydisk - ok
18:37:55.0312 0808 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:37:55.0312 0808 FltMgr - ok
18:37:55.0359 0808 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:37:55.0390 0808 Fs_Rec - ok
18:37:55.0453 0808 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:37:55.0453 0808 Ftdisk - ok
18:37:55.0515 0808 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:37:55.0531 0808 GEARAspiWDM - ok
18:37:55.0578 0808 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:37:55.0609 0808 Gpc - ok
18:37:55.0656 0808 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
18:37:55.0718 0808 GTNDIS5 - ok
18:37:55.0781 0808 hpn - ok
18:37:55.0843 0808 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:37:55.0890 0808 HPZid412 - ok
18:37:55.0921 0808 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:37:55.0968 0808 HPZipr12 - ok
18:37:56.0015 0808 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:37:56.0062 0808 HPZius12 - ok
18:37:56.0156 0808 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:37:56.0171 0808 HTTP - ok
18:37:56.0203 0808 i2omgmt - ok
18:37:56.0218 0808 i2omp - ok
18:37:56.0281 0808 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:37:56.0343 0808 i8042prt - ok
18:37:56.0390 0808 ialm (3db0a9c35a5cf76386aadceda014e5e6) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
18:37:56.0421 0808 ialm - ok
18:37:56.0484 0808 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:37:56.0515 0808 Imapi - ok
18:37:56.0593 0808 ini910u - ok
18:37:56.0656 0808 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:37:56.0656 0808 IntelIde - ok
18:37:56.0703 0808 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:37:56.0750 0808 intelppm - ok
18:37:56.0796 0808 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:37:56.0828 0808 Ip6Fw - ok
18:37:56.0906 0808 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:37:56.0937 0808 IpFilterDriver - ok
18:37:57.0015 0808 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:37:57.0046 0808 IpInIp - ok
18:37:57.0093 0808 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:37:57.0109 0808 IpNat - ok
18:37:57.0156 0808 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:37:57.0171 0808 IPSec - ok
18:37:57.0218 0808 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:37:57.0218 0808 IRENUM - ok
18:37:57.0281 0808 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:37:57.0281 0808 isapnp - ok
18:37:57.0312 0808 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:37:57.0359 0808 Kbdclass - ok
18:37:57.0406 0808 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:37:57.0468 0808 kmixer - ok
18:37:57.0546 0808 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:37:57.0546 0808 KSecDD - ok
18:37:57.0609 0808 lbrtfdc - ok
18:37:57.0671 0808 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
18:37:57.0703 0808 MDC8021X - ok
18:37:57.0750 0808 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:37:57.0781 0808 mnmdd - ok
18:37:57.0843 0808 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:37:57.0875 0808 Modem - ok
18:37:57.0921 0808 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:37:57.0953 0808 Mouclass - ok
18:37:58.0062 0808 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:37:58.0062 0808 MountMgr - ok
18:37:58.0093 0808 mraid35x - ok
18:37:58.0156 0808 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:37:58.0156 0808 MRxDAV - ok
18:37:58.0218 0808 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:37:58.0234 0808 MRxSmb - ok
18:37:58.0312 0808 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:37:58.0312 0808 Msfs - ok
18:37:58.0375 0808 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:37:58.0390 0808 MSKSSRV - ok
18:37:58.0453 0808 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:37:58.0468 0808 MSPCLOCK - ok
18:37:58.0531 0808 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:37:58.0546 0808 MSPQM - ok
18:37:58.0593 0808 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:37:58.0593 0808 mssmbios - ok
18:37:58.0640 0808 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:37:58.0640 0808 Mup - ok
18:37:58.0750 0808 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:37:58.0750 0808 NDIS - ok
18:37:58.0796 0808 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:37:58.0796 0808 NdisTapi - ok
18:37:58.0843 0808 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:37:58.0875 0808 Ndisuio - ok
18:37:58.0937 0808 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:37:58.0984 0808 NdisWan - ok
18:37:59.0046 0808 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:37:59.0046 0808 NDProxy - ok
18:37:59.0093 0808 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:37:59.0093 0808 NetBIOS - ok
18:37:59.0140 0808 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:37:59.0171 0808 NetBT - ok
18:37:59.0281 0808 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:37:59.0281 0808 Npfs - ok
18:37:59.0343 0808 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:37:59.0375 0808 Ntfs - ok
18:37:59.0421 0808 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:37:59.0453 0808 Null - ok
18:37:59.0500 0808 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:37:59.0531 0808 NwlnkFlt - ok
18:37:59.0593 0808 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:37:59.0625 0808 NwlnkFwd - ok
18:37:59.0703 0808 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:37:59.0718 0808 Parport - ok
18:37:59.0750 0808 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:37:59.0750 0808 PartMgr - ok
18:37:59.0812 0808 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:37:59.0843 0808 ParVdm - ok
18:37:59.0890 0808 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:37:59.0890 0808 PCI - ok
18:37:59.0921 0808 PCIDump - ok
18:37:59.0984 0808 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:37:59.0984 0808 PCIIde - ok
18:38:00.0031 0808 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:38:00.0078 0808 Pcmcia - ok
18:38:00.0125 0808 PDCOMP - ok
18:38:00.0156 0808 PDFRAME - ok
18:38:00.0187 0808 PDRELI - ok
18:38:00.0218 0808 PDRFRAME - ok
18:38:00.0234 0808 perc2 - ok
18:38:00.0265 0808 perc2hib - ok
18:38:00.0359 0808 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:38:00.0390 0808 PptpMiniport - ok
18:38:00.0468 0808 PRISM_A02 (57e95881e5f014816a8a53ad94ee0c48) C:\WINDOWS\system32\DRIVERS\WUSB20XP.sys
18:38:00.0500 0808 PRISM_A02 - ok
18:38:00.0562 0808 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:38:00.0593 0808 PSched - ok
18:38:00.0625 0808 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:38:00.0671 0808 Ptilink - ok
18:38:00.0734 0808 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:38:00.0734 0808 PxHelp20 - ok
18:38:00.0765 0808 ql1080 - ok
18:38:00.0796 0808 Ql10wnt - ok
18:38:00.0828 0808 ql12160 - ok
18:38:00.0859 0808 ql1240 - ok
18:38:00.0890 0808 ql1280 - ok
18:38:00.0921 0808 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:38:00.0937 0808 RasAcd - ok
18:38:01.0015 0808 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:38:01.0062 0808 Rasl2tp - ok
18:38:01.0125 0808 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:38:01.0140 0808 RasPppoe - ok
18:38:01.0171 0808 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:38:01.0203 0808 Raspti - ok
18:38:01.0281 0808 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:38:01.0281 0808 Rdbss - ok
18:38:01.0328 0808 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:38:01.0343 0808 RDPCDD - ok
18:38:01.0406 0808 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:38:01.0468 0808 rdpdr - ok
18:38:01.0531 0808 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:38:01.0531 0808 RDPWD - ok
18:38:01.0609 0808 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:38:01.0640 0808 redbook - ok
18:38:01.0750 0808 SASDIFSV (bfbc4be8d6ac6d33ad93f3f5f2e11499) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:38:01.0796 0808 SASDIFSV - ok
18:38:01.0812 0808 SASENUM (7f1085895e499907f68df7731924122b) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
18:38:01.0843 0808 SASENUM - ok
18:38:01.0875 0808 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
18:38:01.0921 0808 SASKUTIL - ok
18:38:02.0015 0808 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\WINDOWS\system32\drivers\SCDEmu.sys
18:38:02.0046 0808 SCDEmu - ok
18:38:02.0140 0808 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:38:02.0156 0808 Secdrv - ok
18:38:02.0234 0808 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:38:02.0250 0808 serenum - ok
18:38:02.0296 0808 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:38:02.0343 0808 Serial - ok
18:38:02.0421 0808 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:38:02.0453 0808 Sfloppy - ok
18:38:02.0515 0808 Simbad - ok
18:38:02.0578 0808 smwdm (bf208c85119770e6a9b6577019a3d810) C:\WINDOWS\system32\drivers\smwdm.sys
18:38:02.0687 0808 smwdm - ok
18:38:02.0750 0808 Soluto (ff35c2d01ac36b446a1b997f305f0fc2) C:\WINDOWS\system32\DRIVERS\Soluto.sys
18:38:02.0750 0808 Soluto - ok
18:38:02.0796 0808 Sparrow - ok
18:38:02.0859 0808 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:38:02.0890 0808 splitter - ok
18:38:02.0968 0808 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:38:02.0968 0808 sr - ok
18:38:03.0031 0808 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:38:03.0046 0808 Srv - ok
18:38:03.0125 0808 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:38:03.0140 0808 ssmdrv - ok
18:38:03.0250 0808 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:38:03.0265 0808 swenum - ok
18:38:03.0359 0808 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:38:03.0406 0808 swmidi - ok
18:38:03.0437 0808 symc810 - ok
18:38:03.0484 0808 symc8xx - ok
18:38:03.0515 0808 sym_hi - ok
18:38:03.0546 0808 sym_u3 - ok
18:38:03.0609 0808 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:38:03.0656 0808 sysaudio - ok
18:38:03.0734 0808 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:38:03.0750 0808 Tcpip - ok
18:38:03.0796 0808 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:38:03.0843 0808 TDPIPE - ok
18:38:03.0906 0808 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:38:03.0921 0808 TDTCP - ok
18:38:03.0984 0808 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:38:04.0015 0808 TermDD - ok
18:38:04.0078 0808 TosIde - ok
18:38:04.0140 0808 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:38:04.0171 0808 Udfs - ok
18:38:04.0218 0808 ultra - ok
18:38:04.0281 0808 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:38:04.0328 0808 Update - ok
18:38:04.0437 0808 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:38:04.0468 0808 USBAAPL - ok
18:38:04.0531 0808 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:38:04.0562 0808 usbccgp - ok
18:38:04.0625 0808 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:38:04.0656 0808 usbehci - ok
18:38:04.0703 0808 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:38:04.0734 0808 usbhub - ok
18:38:04.0796 0808 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:38:04.0828 0808 usbprint - ok
18:38:04.0890 0808 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:38:04.0921 0808 usbscan - ok
18:38:05.0000 0808 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:38:05.0000 0808 USBSTOR - ok
18:38:05.0062 0808 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:38:05.0078 0808 usbuhci - ok
18:38:05.0140 0808 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:38:05.0156 0808 VgaSave - ok
18:38:05.0187 0808 ViaIde - ok
18:38:05.0234 0808 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:38:05.0234 0808 VolSnap - ok
18:38:05.0296 0808 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:38:05.0312 0808 Wanarp - ok
18:38:05.0359 0808 WDICA - ok
18:38:05.0421 0808 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:38:05.0453 0808 wdmaud - ok
18:38:05.0625 0808 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:38:05.0656 0808 WudfPf - ok
18:38:05.0703 0808 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:38:05.0734 0808 WudfRd - ok
18:38:05.0843 0808 {6080A529-897E-4629-A488-ABA0C29B635E} (9c4b8ead60c0ce09c0fcf49f6788bb19) C:\WINDOWS\system32\drivers\ialmsbw.sys
18:38:05.0890 0808 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
18:38:05.0937 0808 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (dfebdcc9e3678fad34b14867c47c1036) C:\WINDOWS\system32\drivers\ialmkchw.sys
18:38:06.0000 0808 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
18:38:06.0031 0808 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:38:06.0218 0808 \Device\Harddisk0\DR0 - ok
18:38:06.0234 0808 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
18:38:06.0250 0808 \Device\Harddisk1\DR1 - ok
18:38:06.0281 0808 Boot (0x1200) (ab1736fc6632f41a2c260c13f2aa94ea) \Device\Harddisk0\DR0\Partition0
18:38:06.0281 0808 \Device\Harddisk0\DR0\Partition0 - ok
18:38:06.0296 0808 Boot (0x1200) (edebf617b266f44100175f3c7edc1aee) \Device\Harddisk0\DR0\Partition1
18:38:06.0296 0808 \Device\Harddisk0\DR0\Partition1 - ok
18:38:06.0296 0808 Boot (0x1200) (1680c3e452f374135df63d77ba2a5ec6) \Device\Harddisk1\DR1\Partition0
18:38:06.0312 0808 \Device\Harddisk1\DR1\Partition0 - ok
18:38:06.0312 0808 ============================================================
18:38:06.0312 0808 Scan finished
18:38:06.0312 0808 ============================================================
18:38:06.0343 3996 Detected object count: 0
18:38:06.0343 3996 Actual detected object count: 0
18:38:23.0968 2124 Deinitialize success

**ken545** · 2011-10-13, 01:44

Your ok, no infection in that area

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
1. Click on to download the ESET Smart Installer. Save it to your desktop.
2. Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

Thread: First post - Extremely Slow PC - Slow too boot

Thread Tools

Display

First post - Extremely Slow PC - Slow too boot

Posting Permissions