Very Slow Operation

**RKennedy** · 2012-02-12, 22:19

Hello:

My wifes laptop running very sluggishly:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19019
Run by Marilyn at 15:06:02 on 2012-02-12
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.111 [GMT -6:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICEA.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\search\YSearchSuggest.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: XBTBPos00 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\my.freeze.com toolbar\freeze_us.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EPSON Stylus CX8400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticea.exe /fu "c:\windows\temp\E_S144E.tmp" /EF "HKCU"
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\users\marilyn\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.1
TCP: Interfaces\{7D8C1777-6FBE-4F0D-BB7C-7C9DEB0C4971} : DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
AppInit_DLLs: avgrsstx.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-17 335240]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver;c:\windows\system32\drivers\avgmfx86.sys [2007-12-25 27784]
.
=============== Created Last 30 ================
.
2012-02-12 18:23:11 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6a8197b0-18ef-477e-86ba-9de3fb81c52c}\mpengine.dll
2012-02-12 17:51:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-02-12 17:51:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-02-12 17:51:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-02-12 17:51:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-02-12 17:51:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-02-12 17:51:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-02-12 17:51:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2012-01-29 11:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 15:09:53.01 ===============

**ken545** · 2012-02-19, 19:44

I believe I helped you a few years back

my.freeze <-- This is not recommended, please uninstall it via Programs and Features in the Control Panel.

Download TFC to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

**RKennedy** · 2012-02-20, 02:13

Hello Ken.

I think you have helped on some other machines.

The my.freeze was not in the programs and features. I ran spybot last week ....I think it was after I had posted here. It did find a few things so maybe it was remvoed then?

By the way i also downloaded a lot of Windows updates since my original post here. So I should be up to date with those.

Log attached.

**RKennedy** · 2012-02-20, 02:50

First scan did not work correctly.

Attached is a scan that made it through the entire process.

aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
Run date: 2012-02-19 19:15:23
-----------------------------
19:15:23.178 OS Version: Windows 6.0.6002 Service Pack 2
19:15:23.178 Number of processors: 2 586 0x4802
19:15:23.178 ComputerName: MARILYNLAPTOP UserName: Marilyn
19:15:24.816 Initialize success
19:15:41.961 AVAST engine defs: 12021901
19:15:52.694 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
19:15:52.694 Disk 0 Vendor: ST912082 3.BH Size: 114473MB BusType: 8
19:15:52.740 Disk 0 MBR read successfully
19:15:52.756 Disk 0 MBR scan
19:15:52.834 Disk 0 unknown MBR code
19:15:52.865 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 107701 MB offset 63
19:15:52.912 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 6769 MB offset 220572450
19:15:52.943 Disk 0 scanning sectors +234436545
19:15:53.115 Disk 0 scanning C:\Windows\system32\drivers
19:16:52.776 Service scanning
19:17:22.026 Modules scanning
19:17:28.797 Disk 0 trace - called modules:
19:17:28.843 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor.sys
19:17:28.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84f2a3b8]
19:17:28.890 3 CLASSPNP.SYS[82ba68b3] -> nt!IofCallDriver -> [0x844aae00]
19:17:28.906 5 acpi.sys[8060b6bc] -> nt!IofCallDriver -> \Device\00000061[0x844abb88]
19:17:29.811 AVAST engine scan C:\Windows
19:17:38.500 AVAST engine scan C:\Windows\system32
19:29:27.943 AVAST engine scan C:\Windows\system32\drivers
19:30:02.622 AVAST engine scan C:\Users\Marilyn
19:42:23.719 AVAST engine scan C:\ProgramData
19:46:39.793 Scan finished successfully
19:47:08.419 Disk 0 MBR has been saved successfully to "C:\Users\Marilyn\Documents\MBR.dat"
19:47:08.419 The log file has been saved successfully to "C:\Users\Marilyn\Documents\aswMBR2.txt"

**ken545** · 2012-02-20, 03:10

oK, we can remove leftovers from that during the cleaning.

Just copy and paste the logs and reports we ask for into this thread in lew of attaching them, its easier for us to analyse

What brand of computer is this ?

Download MBRCheck.exe to your desktop.

Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

**RKennedy** · 2012-02-20, 03:46

This is HP Pavillion Laptop

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6000 (RV018UA#ABA)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 157):
0x81C36000 \SystemRoot\system32\ntkrnlpa.exe
0x81C03000 \SystemRoot\system32\hal.dll
0x80403000 \SystemRoot\system32\kdcom.dll
0x8040A000 \SystemRoot\system32\PSHED.dll
0x8041B000 \SystemRoot\system32\BOOTVID.dll
0x80423000 \SystemRoot\system32\CLFS.SYS
0x80464000 \SystemRoot\system32\CI.dll
0x80544000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80603000 \SystemRoot\system32\drivers\acpi.sys
0x80649000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80652000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065A000 \SystemRoot\system32\drivers\pci.sys
0x80681000 \SystemRoot\System32\drivers\partmgr.sys
0x80690000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80693000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8069D000 \SystemRoot\system32\drivers\volmgr.sys
0x806AC000 \SystemRoot\System32\drivers\volmgrx.sys
0x806F6000 \SystemRoot\system32\drivers\pciide.sys
0x806FD000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8070B000 \SystemRoot\System32\drivers\mountmgr.sys
0x8071B000 \SystemRoot\system32\drivers\atapi.sys
0x80723000 \SystemRoot\system32\drivers\ataport.SYS
0x80741000 \SystemRoot\system32\drivers\nvstor.sys
0x8074E000 \SystemRoot\system32\drivers\storport.sys
0x8078F000 \SystemRoot\system32\drivers\fltmgr.sys
0x807C1000 \SystemRoot\system32\drivers\fileinfo.sys
0x807D1000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8220E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82280000 \SystemRoot\system32\drivers\ndis.sys
0x8238B000 \SystemRoot\system32\drivers\msrpc.sys
0x823B6000 \SystemRoot\system32\drivers\NETIO.SYS
0x82807000 \SystemRoot\System32\drivers\tcpip.sys
0x828F1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x82A09000 \SystemRoot\System32\Drivers\Ntfs.sys
0x82B19000 \SystemRoot\system32\drivers\volsnap.sys
0x82B52000 \SystemRoot\System32\Drivers\spldr.sys
0x82B5A000 \SystemRoot\System32\Drivers\mup.sys
0x82B69000 \SystemRoot\System32\drivers\ecache.sys
0x82B90000 \SystemRoot\system32\drivers\disk.sys
0x82BA1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x82BC2000 \SystemRoot\system32\drivers\crcdisk.sys
0x82BEF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x82A00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8290C000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x82BFA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8291C000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x8291F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8292F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x82936000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8293F000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x89E04000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8A244000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8A2E4000 \SystemRoot\System32\drivers\watchdog.sys
0x8A2F0000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8A2F3000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8A2FD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A33B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A34A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8A362000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8A368000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8A378000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8A386000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8A3A0000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8A3AE000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8A409000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8A45A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A4E7000 \SystemRoot\system32\DRIVERS\nvm60x32.sys
0x8A5A9000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A5BC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A5C7000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8A5F2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8A5F4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8A3C2000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8A3F1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x829C5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x829DC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x807DA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x829E7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x805CD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x805E1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8A803000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8A813000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8A815000 \SystemRoot\system32\DRIVERS\ks.sys
0x8A83F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8A849000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8A856000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8A85F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8A894000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8A8A5000 \SystemRoot\system32\drivers\CHDART.sys
0x8A8CE000 \SystemRoot\system32\drivers\portcls.sys
0x8A8FB000 \SystemRoot\system32\drivers\drmk.sys
0x8A920000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8AA09000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8AB0C000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8ABC0000 \SystemRoot\system32\drivers\modem.sys
0x8ABCD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8AC04000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x8AF57000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8AF64000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x8AF6B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8AF74000 \SystemRoot\System32\Drivers\Null.SYS
0x8AF7B000 \SystemRoot\System32\Drivers\Beep.SYS
0x8AF82000 \SystemRoot\System32\drivers\vga.sys
0x8AF8E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8AFAF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8AFB7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8AFBF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8AFCA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8AFD8000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8AFE1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8A95D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8ABE4000 \SystemRoot\system32\DRIVERS\smb.sys
0x8A98F000 \SystemRoot\system32\drivers\afd.sys
0x8A9D7000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8A9ED000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8AFF7000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x90205000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90218000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90254000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9025E000 \SystemRoot\System32\Drivers\dfsc.sys
0x90275000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x9027B000 \SystemRoot\System32\Drivers\avgldx86.sys
0x902CC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x902D9000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x902E3000 \SystemRoot\System32\Drivers\dump_nvstor.sys
0x98650000 \SystemRoot\System32\win32k.sys
0x902F0000 \SystemRoot\System32\drivers\Dxapi.sys
0x902FA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98870000 \SystemRoot\System32\TSDDD.dll
0x98890000 \SystemRoot\System32\cdd.dll
0x90309000 \SystemRoot\system32\drivers\luafv.sys
0x9032C000 \SystemRoot\system32\DRIVERS\RMCAST.sys
0x9035C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9036C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x90396000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x903A0000 \SystemRoot\system32\DRIVERS\pnarp.sys
0x903AA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9E80C000 \SystemRoot\system32\drivers\HTTP.sys
0x9E879000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9E896000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9E8AF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9E8C4000 \SystemRoot\system32\drivers\mrxdav.sys
0x9E8E5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9E904000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9E93D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9E955000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9E97D000 \SystemRoot\System32\DRIVERS\srv.sys
0x9F002000 \SystemRoot\system32\drivers\spsys.sys
0x9F0B4000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9F0B8000 \SystemRoot\system32\drivers\peauth.sys
0x9F196000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F1A0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9F1AC000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9F1B4000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9F1CA000 \??\C:\Users\Marilyn\AppData\Local\Temp\aswMBR.sys
0x77290000 \Windows\System32\ntdll.dll

Processes (total 81):
0 System Idle Process
4 System
404 C:\Windows\System32\smss.exe
472 csrss.exe
520 C:\Windows\System32\wininit.exe
532 csrss.exe
580 C:\Windows\System32\services.exe
592 C:\Windows\System32\lsass.exe
600 C:\Windows\System32\lsm.exe
632 C:\Windows\System32\winlogon.exe
872 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\audiodg.exe
1260 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\SLsvc.exe
1328 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\svchost.exe
1712 C:\Windows\System32\spoolsv.exe
1736 C:\Windows\System32\svchost.exe
1984 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2040 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
256 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
300 C:\Program Files\Bonjour\mDNSResponder.exe
316 C:\Windows\System32\svchost.exe
420 C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
536 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1472 C:\Program Files\AVG\AVG8\avgrsx.exe
724 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
684 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
732 C:\Windows\System32\svchost.exe
2068 C:\Windows\System32\svchost.exe
2096 C:\Windows\System32\svchost.exe
2116 C:\Windows\System32\SearchIndexer.exe
2248 C:\Windows\System32\drivers\XAudio.exe
2260 C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
2300 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2364 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
3120 C:\Windows\System32\taskeng.exe
3288 C:\Windows\System32\taskeng.exe
3304 C:\Windows\System32\dwm.exe
3356 C:\Windows\explorer.exe
2416 C:\Program Files\Windows Defender\MSASCui.exe
3584 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3600 C:\Program Files\HP\QuickPlay\QPService.exe
2716 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
3404 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
3264 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2840 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
2560 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
584 C:\Program Files\AVG\AVG8\avgtray.exe
2764 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2728 C:\Windows\vsnp2uvc.exe
1780 C:\Program Files\QuickTime\QTTask.exe
1848 C:\Program Files\iTunes\iTunesHelper.exe
576 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1484 C:\Program Files\Windows Sidebar\sidebar.exe
1444 C:\Windows\ehome\ehtray.exe
1048 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3024 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
3096 C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
2548 C:\Windows\System32\rundll32.exe
3316 WmiPrvSE.exe
644 C:\Program Files\iPod\bin\iPodService.exe
3028 C:\Windows\System32\svchost.exe
2984 C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
2620 C:\Program Files\Internet Explorer\iexplore.exe
4712 C:\Program Files\Internet Explorer\iexplore.exe
3112 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
3380 C:\Program Files\Windows Media Player\wmpnscfg.exe
2812 C:\Program Files\Windows Media Player\wmpnetwk.exe
4944 C:\Program Files\AVG\AVG8\avgui.exe
2640 C:\Program Files\AVG\AVG8\avgcfgex.exe
5712 C:\Windows\servicing\TrustedInstaller.exe
5200 taskeng.exe
5580 C:\Windows\System32\SearchProtocolHost.exe
4764 C:\Windows\System32\SearchFilterHost.exe
5344 C:\Users\Marilyn\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001a`4b564400 (NTFS)

PhysicalDrive0 Model Number: ST9120822AS, Rev: 3.BH

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

**ken545** · 2012-02-20, 10:00

Good Morning,

Besides running sluggish, are your browsers redirecting you to sites you dont know ?

Please download TDSSKiller.zip

Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)

Click on Start > Control Panel> Administrative Tools> Computer Management> then on the left pane Disk Management, when it opens, expand it to fill the page, then press Alt. PrintScreen, open up a picture editor, Paint will be fine if thats all you have and paste the picture into it, save it to your desktop and attach the picture for me to see in your next reply.

**RKennedy** · 2012-02-20, 16:44

I cant seem to unzip the TDSSKiller.zip file. I have tried several solutions that I found online to get Vista to open the zip with explorer.exe but it does not seem to take.

Is this connected with whatever problem I might have?

i assume I need the TDSSkiller to be on the machine?

**RKennedy** · 2012-02-20, 18:09

Update....I was able to unzip....goofy Vista download thing.

Anyway.....NO THREATS FOUND.

And no, I don't seem to be getting any re-directs.

**ken545** · 2012-02-20, 18:26

Let me take a quick peak at this

Click on Start > Control Panel> Administrative Tools> Computer Management> then on the left pane Disk Management, when it opens, expand it to fill the page, then press Alt. PrintScreen, open up a picture editor, Paint will be fine if thats all you have and paste the picture into it, save it to your desktop and attach the picture for me to see in your next reply.

Thread: Very Slow Operation

Thread Tools

Display

Very Slow Operation

Posting Permissions