Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Windows XP
Go to first new post Problems after uninstalling NVIDIA
Go to first new post Slow internet and issues with some websi ...
Go to first new post Windows claims it cannot find URL, but i ...
Go to first new post slow startup
Go to first new post Correct Caching in xp
Go to first new post cd player
Go to first new post I have 2 administrator folders in my doc ...
Go to first new post disables rename extensions warning PLEAS ...
Go to first new post stop programs from changing volume
Go to first new post Irritating Password prompt
Go to first new post another ATI ****..
Go to first new post Problems installing Windows xp pro SP3
Go to first new post pps files
Go to first new post Blue Screen Of Death XP
Go to first new post Slow pc
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard mouse network printer problem ram registry repair router slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Operating Systems > Windows XP >
Help! Per instructions, ALL logs included: HJT, DDS txt, DDC attch,ARK txt

Page 1 of 2 1 2
Reply  
Thread Tools
redhawk50's Avatar
Computer Specs
Junior Member with 21 posts.
  
Join Date: Aug 2009
Location: Alabama
Experience: Intermediate
05-Sep-2010, 04:30 PM #1
Help! Per instructions, ALL logs included: HJT, DDS txt, DDC attch,ARK txt
I'm running Windows XP Home with SP 3.
AVG 9.0 runs daily, also regularly run Malwarebytes, SUPERAntispy, Ccleaner and Wise Reg.Cleaner. But despite all that, in the last couple of weeks my pc has been getting slower and slower. The past two days it's been so slow that it takes almost three minutes for it to boot up, and a restart takes over five and a half minutes!

Yesterday, Windows Media Player, Limewire and Myspace Playlist quit working. I got an error
message from Windows Media Player that said it can't play the file because of a problem
with a sound device. It said there may not be a device installed, it may be in use by another
program or may not be functioning properly. However, I hear all the Microsoft Windows chimes,
bells and whistles, just nothing from the above mentioned apps.

So I ran all of the above "cleaners", and as per instructions downloaded and ran the following:

HijackThis
DDS.scr
GMER

Also per those instructions I've copied and pasted below, the logs from HJT, DDS.txt, ark.txt
and will attempt to send DDS.attach log as an attachment to this post.

I make my living as a professional eBay seller, listing my items every Sunday evening. SOooo...
Your help is greatly appreciated!

Sincerely,

Joe - "RedHawk50"


HJT LOG
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:15:43 PM, on 9/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.v-com.com/www2/register.p...full.p.t00.eng
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1041417460468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1257544677125
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{90FCCF32-BA71-455F-9E2E-DAFBCD5C39B7}: NameServer = 216.165.129.157,216.170.153.146
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Card Adapter (NETDown) - Unknown owner - C:\WINDOWS\smss.exe (file missing)
--
End of file - 6574 bytes
___________________________________ 0 _____________________________________________
DDS.TXT LOG

DDS (Ver_10-03-17.01) - NTFSx86
Run by Joe at 21:42:36.73 on Sat 09/04/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.131 [GMT -5:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Documents and Settings\Joe\Desktop\DOWNLOADS\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.aol.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.v-com.com/www2/register.php3?pid=ss.6.0.1.full.p.t00.eng
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [LXCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCCtime.dll,_RunDLLEntry@16
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\joe\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1041417460468
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257544677125
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: {90FCCF32-BA71-455F-9E2E-DAFBCD5C39B7} = 216.165.129.157,216.170.153.146
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-25 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-25 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-25 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-11-23 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-18 308136]
S2 NETDown;Card Adapter;c:\windows\smss.exe --> c:\windows\smss.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-3-19 430152]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 12872]
=============== Created Last 30 ================

==================== Find3M ====================
2010-07-18 07:09:21 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-18 07:09:13 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-18 07:06:57 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-17 10:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15:28 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15:26 17408 ------w- c:\windows\system32\corpol.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-11-08 05:45:34 9728 ----a-w- c:\program files\kerneld.amd64
2009-11-08 05:45:34 7168 ----a-w- c:\program files\kerneld.wnt
2009-11-08 05:45:34 29181 ----a-w- c:\program files\license.txt
2009-11-08 05:45:34 16384 ----a-w- c:\program files\kerneld.ia64
2009-11-08 05:45:34 11324 ----a-w- c:\program files\kerneld.w9x
2009-11-08 05:45:32 5220 ----a-w- c:\program files\everest.web
2009-11-08 05:45:32 408066 ----a-w- c:\program files\everest.dat
2009-11-08 05:45:32 39936 ----a-w- c:\program files\everest.exe
2009-11-08 05:45:32 2502 ----a-w- c:\program files\everest.mem
2009-11-08 05:45:32 187904 ----a-w- c:\program files\everest_cpl.cpl
2009-11-08 05:45:32 1067681 ----a-w- c:\program files\everest.chm
2009-11-08 05:45:31 1434112 ----a-w- c:\program files\everest.bin
2006-10-23 22:07:18 531174 -csha-w- c:\windows\system32\wyadd.bak2
2009-10-01 15:18:39 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-10-01 15:18:39 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009100120091002\index.dat
============= FINISH: 21:43:53.50 ===============
______________________________________ 0 ________________________________________

ARK.TXT LOG
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-05 11:07:56
Windows 5.1.2600 Service Pack 3
Running: i9mcdocc.exe; Driver: C:\DOCUME~1\Joe\LOCALS~1\Temp\pwtdapog.sys

---- Kernel code sections - GMER 1.0.15 ----
? yxqvgdj.sys The system cannot find the file specified. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{6802E635-CB18-F544-790D-700BAC51E508}\InprocServer32@ C:\WINDOWS\system32\scrobj.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{6802E635-CB18-F544-790D-700BAC51E508}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{6802E635-CB18-F544-790D-700BAC51E508}\ProgID@ Scriptlet.Context
---- EOF - GMER 1.0.15 ----
Attached Files
File Type: txt Attach.txt (12.0 KB, 13 views)
Register for free to hide this ad!
redhawk50's Avatar
Computer Specs
Junior Member with 21 posts.
  
Join Date: Aug 2009
Location: Alabama
Experience: Intermediate
05-Sep-2010, 11:58 PM #2
bump
dvk01's Avatar
Moderator & Malware Removal Specialist with 37,223 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
06-Sep-2010, 06:51 AM #3
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully

Download ComboFix from Here or Hereto your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
redhawk50's Avatar
Computer Specs
Junior Member with 21 posts.
  
Join Date: Aug 2009
Location: Alabama
Experience: Intermediate
06-Sep-2010, 09:54 PM #4
Thanks dvk, will download combofix now and get back to you.
redhawk50's Avatar
Computer Specs
Junior Member with 21 posts.
  
Join Date: Aug 2009
Location: Alabama
Experience: Intermediate
06-Sep-2010, 11:58 PM #5
Here is the Combofix log per your request, but I'm sorry to say that didn't seem to fix the problem, it's still running extremely slow.

*NOTE
After running combofix when I logged on to the Internet I got a message saying IE was not my default
browser and ask if I wanted to make it my default browser. I clicked 'yes' before I thought about asking
you first. I hope that's not a problem.

Please know that your help is greatly appreciated!


ComboFix 10-09-06.03 - Joe 09/06/2010 20:46:29.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.130 [GMT -5:00]
Running from: c:\documents and settings\Joe\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\wyadd.bak2
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NETDOWN
-------\Service_NETDown

((((((((((((((((((((((((( Files Created from 2010-08-07 to 2010-09-07 )))))))))))))))))))))))))))))))
.
2010-09-05 01:08 . 2010-09-05 01:08 388096 ----a-r- c:\documents and settings\Joe\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-03 20:41 . 2010-09-03 20:41 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-09 16:22 . 2010-08-09 16:22 503808 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3cc57488-n\msvcp71.dll
2010-08-09 16:22 . 2010-08-09 16:22 499712 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3cc57488-n\jmc.dll
2010-08-09 16:22 . 2010-08-09 16:22 61440 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-13688f11-n\decora-sse.dll
2010-08-09 16:22 . 2010-08-09 16:22 348160 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3cc57488-n\msvcr71.dll
2010-08-09 16:22 . 2010-08-09 16:22 12800 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-13688f11-n\decora-d3d.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 01:13 . 2009-11-24 23:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-06 03:47 . 2009-09-25 23:52 -------- d-----w- c:\program files\Lx_cats
2010-09-05 00:28 . 2010-02-22 01:21 -------- d-----w- c:\documents and settings\Joe\Application Data\LimeWire
2010-09-04 23:38 . 2010-02-28 03:34 117760 ----a-w- c:\documents and settings\Joe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-04 22:50 . 2009-11-27 02:22 -------- d-----w- c:\program files\CCleaner
2010-09-03 20:40 . 2005-07-19 17:29 -------- d-----w- c:\program files\Common Files\Ahead
2010-09-03 20:34 . 2009-08-10 12:16 -------- d-----w- c:\program files\LimeWire
2010-09-03 20:33 . 2006-06-19 00:59 -------- d-----w- c:\program files\Common Files\Java
2010-08-23 19:00 . 2009-09-25 23:49 -------- d-----w- c:\program files\Lexmark 3300 Series
2010-08-09 17:19 . 2010-05-20 03:15 -------- d-----w- c:\program files\Java
2010-07-18 07:09 . 2009-09-26 01:13 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-18 07:09 . 2009-09-26 01:13 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-18 07:06 . 2009-09-26 01:12 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-17 10:00 . 2010-05-20 03:17 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31 . 2004-08-04 05:56 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2004-08-04 05:56 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2009-08-11 15:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2004-08-04 05:56 17408 ------w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2004-08-04 04:17 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 04:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 05:56 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-07-19 16:28 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 05:56 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-11-08 05:45 . 2005-08-18 06:00 9728 ----a-w- c:\program files\kerneld.amd64
2009-11-08 05:45 . 2005-08-18 06:00 7168 ----a-w- c:\program files\kerneld.wnt
2009-11-08 05:45 . 2005-08-18 06:00 29181 ----a-w- c:\program files\license.txt
2009-11-08 05:45 . 2005-08-18 06:00 16384 ----a-w- c:\program files\kerneld.ia64
2009-11-08 05:45 . 2005-08-18 06:00 11324 ----a-w- c:\program files\kerneld.w9x
2009-11-08 05:45 . 2005-08-18 06:00 5220 ----a-w- c:\program files\everest.web
2009-11-08 05:45 . 2005-08-18 06:00 408066 ----a-w- c:\program files\everest.dat
2009-11-08 05:45 . 2005-08-18 06:00 39936 ----a-w- c:\program files\everest.exe
2009-11-08 05:45 . 2005-08-18 06:00 2502 ----a-w- c:\program files\everest.mem
2009-11-08 05:45 . 2005-08-18 06:00 187904 ----a-w- c:\program files\everest_cpl.cpl
2009-11-08 05:45 . 2005-08-18 06:00 1067681 ----a-w- c:\program files\everest.chm
2009-11-08 05:45 . 2005-08-18 06:00 1434112 ----a-w- c:\program files\everest.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 15:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-07 114688]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 55296]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]
"C-Media Mixer"="Mixer.exe" [2002-04-29 1433600]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-18 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-18 07:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Joe^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-07-06 17:04 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-04-07 07:19 155648 ----a-r- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
2005-02-21 11:21 192512 ----a-w- c:\program files\Lexmark 3300 Series\lxccmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-09-04 23:44 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\StubInstaller.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/25/2009 8:12 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/25/2009 8:13 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/23/2009 9:43 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 9:43 AM 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/18/2010 2:09 AM 308136]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [3/19/2010 12:46 AM 430152]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 9:43 AM 12872]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.v-com.com/www2/register.php3?pid=ss.6.0.1.full.p.t00.eng
TCP: {90FCCF32-BA71-455F-9E2E-DAFBCD5C39B7} = 216.165.129.157,216.170.153.146
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-06 21:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ?????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(656)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(2112)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\Mixer.exe
.
**************************************************************************
.
Completion time: 2010-09-06 21:18:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-07 02:18
Pre-Run: 25,460,342,784 bytes free
Post-Run: 25,743,454,208 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 2A296B38D1147DB148C06166422AFD47
dvk01's Avatar
Moderator & Malware Removal Specialist with 37,223 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
07-Sep-2010, 08:55 AM #6
Run tdss killer from http://support.kaspersky.com/viruses...?qid=208280684

post back with its log
redhawk50's Avatar
Computer Specs
Junior Member with 21 posts.
  
Join Date: Aug 2009
Location: Alabama
Experience: Intermediate
07-Sep-2010, 01:55 PM #7
Here's the log from tdss


2010/09/07 11:47:28.0546 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/07 11:47:28.0546 =========================================================================== =====
2010/09/07 11:47:28.0546 SystemInfo:
2010/09/07 11:47:28.0546
2010/09/07 11:47:28.0546 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/07 11:47:28.0546 Product type: Workstation
2010/09/07 11:47:28.0546 ComputerName: DEBBIE
2010/09/07 11:47:28.0546 UserName: Joe
2010/09/07 11:47:28.0546 Windows directory: C:\WINDOWS
2010/09/07 11:47:28.0546 System windows directory: C:\WINDOWS
2010/09/07 11:47:28.0546 Processor architecture: Intel x86
2010/09/07 11:47:28.0546 Number of processors: 1
2010/09/07 11:47:28.0546 Page size: 0x1000
2010/09/07 11:47:28.0546 Boot type: Normal boot
2010/09/07 11:47:28.0546 =========================================================================== =====
2010/09/07 11:47:29.0859 Initialize success
2010/09/07 11:47:46.0093 =========================================================================== =====
2010/09/07 11:47:46.0093 Scan started
2010/09/07 11:47:46.0093 Mode: Manual;
2010/09/07 11:47:46.0093 =========================================================================== =====
2010/09/07 11:47:47.0500 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/07 11:47:47.0609 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/07 11:47:47.0781 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/07 11:47:47.0890 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/07 11:47:48.0187 ALCXWDM (02d94d2d336d3de8c5e8fe04a62d552d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/09/07 11:47:48.0640 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/07 11:47:48.0703 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/07 11:47:48.0890 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/09/07 11:47:49.0015 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/07 11:47:49.0125 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/07 11:47:49.0296 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2010/09/07 11:47:49.0390 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2010/09/07 11:47:49.0500 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
2010/09/07 11:47:49.0625 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/07 11:47:49.0781 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/07 11:47:49.0953 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/07 11:47:50.0046 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/07 11:47:50.0109 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/07 11:47:50.0343 cmuda (924ab66e831e9cf3e20dbc6b63103516) C:\WINDOWS\system32\drivers\cmuda.sys
2010/09/07 11:47:50.0671 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/07 11:47:50.0781 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/07 11:47:50.0906 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/07 11:47:51.0015 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/07 11:47:51.0125 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/07 11:47:51.0265 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/07 11:47:51.0359 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/07 11:47:51.0437 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/07 11:47:51.0500 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/07 11:47:51.0562 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/07 11:47:51.0640 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/07 11:47:51.0750 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/07 11:47:51.0812 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/07 11:47:51.0906 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/09/07 11:47:52.0156 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/07 11:47:52.0234 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/07 11:47:52.0390 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
2010/09/07 11:47:52.0515 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
2010/09/07 11:47:52.0687 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/07 11:47:52.0906 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/07 11:47:53.0015 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/09/07 11:47:53.0125 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/07 11:47:53.0281 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/09/07 11:47:53.0375 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/07 11:47:53.0453 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/07 11:47:53.0562 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/07 11:47:53.0671 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/07 11:47:53.0750 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/07 11:47:53.0812 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/07 11:47:53.0890 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/07 11:47:53.0984 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/07 11:47:54.0109 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/07 11:47:54.0156 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/07 11:47:54.0265 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/07 11:47:54.0484 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/09/07 11:47:54.0593 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/07 11:47:54.0687 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/07 11:47:54.0734 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/07 11:47:54.0796 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/07 11:47:54.0921 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/07 11:47:55.0078 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/07 11:47:55.0203 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/07 11:47:55.0328 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/07 11:47:55.0406 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/07 11:47:55.0500 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/07 11:47:55.0593 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/07 11:47:55.0703 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/07 11:47:55.0812 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2010/09/07 11:47:55.0890 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/07 11:47:55.0984 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/07 11:47:56.0046 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/07 11:47:56.0109 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/07 11:47:56.0171 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/07 11:47:56.0234 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/07 11:47:56.0281 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/07 11:47:56.0359 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/07 11:47:56.0531 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/07 11:47:56.0609 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/07 11:47:56.0750 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/07 11:47:56.0843 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/07 11:47:56.0937 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/07 11:47:57.0031 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/07 11:47:57.0093 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/07 11:47:57.0187 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/07 11:47:57.0281 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/07 11:47:57.0421 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/07 11:47:57.0500 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/07 11:47:57.0921 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/07 11:47:57.0984 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/07 11:47:58.0062 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/07 11:47:58.0359 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/07 11:47:58.0453 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/07 11:47:58.0546 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/07 11:47:58.0640 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/07 11:47:58.0750 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/07 11:47:58.0859 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/07 11:47:58.0953 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/07 11:47:59.0062 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/07 11:47:59.0203 RTL8023xp (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2010/09/07 11:47:59.0296 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/09/07 11:47:59.0453 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/09/07 11:47:59.0531 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/09/07 11:47:59.0718 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/09/07 11:47:59.0890 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/07 11:47:59.0968 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/07 11:48:00.0000 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/07 11:48:00.0093 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/07 11:48:00.0296 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/07 11:48:00.0375 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/07 11:48:00.0484 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/07 11:48:00.0593 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/07 11:48:00.0671 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/07 11:48:00.0937 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/07 11:48:01.0062 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/07 11:48:01.0171 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/07 11:48:01.0250 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/07 11:48:01.0328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/07 11:48:01.0500 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/07 11:48:01.0671 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/07 11:48:01.0796 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/07 11:48:01.0890 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/07 11:48:01.0984 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/07 11:48:02.0046 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/07 11:48:02.0109 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/07 11:48:02.0187 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/07 11:48:02.0250 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/07 11:48:02.0296 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/07 11:48:02.0453 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/07 11:48:02.0562 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/07 11:48:02.0703 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/07 11:48:02.0859 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
2010/09/07 11:48:03.0265 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/09/07 11:48:03.0390 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2010/09/07 11:48:03.0468 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2010/09/07 11:48:03.0546 =========================================================================== =====
2010/09/07 11:48:03.0546 Scan finished
2010/09/07 11:48:03.0546 =========================================================================== =====

I was really surprised and disappointed no threats were found
dvk01's Avatar
Moderator & Malware Removal Specialist with 37,223 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
07-Sep-2010, 03:01 PM #8
it is starting to look like it isn't malware related but something else

see if this helps

http://winhlp.com/node/10 select option 1 quick fix
dvk01's Avatar
Moderator & Malware Removal Specialist with 37,223 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
07-Sep-2010, 03:04 PM #9
also try this, although I don't think it will show anything bad

Download MBR Check to your desktop
  • Right click MBRcheck.exe and select Run as Administrator (Vista) or Double click MBRcheck.exe to run it (XP)
  • It will show a Black screen with some data on it
  • it will create a log called MBRcheck_time and date.txt on desktop
  • Post that resultant log here please
  • Do NOT fix anything or run any suggested fix before we see the report
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
redhawk50's Avatar
Computer Specs
Junior Member with 21 posts.
  
Join Date: Aug 2009
Location: Alabama
Experience: Intermediate
07-Sep-2010, 04:25 PM #10
winhlp.com
Reset master of secondary IDE channel
Reset master of primary IDE channel
Reset master of secondary IDE channel
Reset master and slave of primary IDE channel


and here's the MBRCheck log

MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d
Kernel Drivers (total 127):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF9A28000 \WINDOWS\system32\KDCOM.DLL
0xF9938000 \WINDOWS\system32\BOOTVID.dll
0xF94D9000 ACPI.sys
0xF9A2A000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF94C8000 pci.sys
0xF9528000 isapnp.sys
0xF9AF0000 pciide.sys
0xF97A8000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF9A2C000 intelide.sys
0xF9538000 MountMgr.sys
0xF94A9000 ftdisk.sys
0xF97B0000 PartMgr.sys
0xF9548000 VolSnap.sys
0xF9491000 atapi.sys
0xF9558000 disk.sys
0xF9568000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF9471000 fltmgr.sys
0xF945F000 sr.sys
0xF9448000 KSecDD.sys
0xF93BB000 Ntfs.sys
0xF938E000 NDIS.sys
0xF9374000 Mup.sys
0xF96B8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF90F1000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF90DD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF9858000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF90B9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF9860000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF9083000 \SystemRoot\system32\DRIVERS\HSFBS2S2.sys
0xF9060000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8F61000 \SystemRoot\system32\DRIVERS\HSFDPSP2.sys
0xF8EB9000 \SystemRoot\system32\DRIVERS\HSFCXTS2.sys
0xF9868000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8EA5000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xF9870000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF96C8000 \SystemRoot\system32\DRIVERS\serial.sys
0xF99C8000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF8E91000 \SystemRoot\system32\DRIVERS\parport.sys
0xF96D8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF9878000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF9880000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF99CC000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xF9C5E000 \SystemRoot\system32\drivers\msmpu401.sys
0xF8E6D000 \SystemRoot\system32\drivers\portcls.sys
0xF96E8000 \SystemRoot\system32\drivers\drmk.sys
0xF96F8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF9708000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF9718000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF8DA4000 \SystemRoot\system32\drivers\cmuda.sys
0xF9C60000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF9728000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF99D8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF8D8D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF9738000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF9748000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF9888000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF8D7C000 \SystemRoot\system32\DRIVERS\psched.sys
0xF9758000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF9890000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF9898000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF9768000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF9A4E000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF8D1E000 \SystemRoot\system32\DRIVERS\update.sys
0xF99E8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF9598000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF0B7C000 \SystemRoot\system32\drivers\ialmkchw.sys
0xF0B60000 \SystemRoot\system32\drivers\ialmsbw.sys
0xF95B8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF9A5A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF98C8000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF9A5E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF9B93000 \SystemRoot\System32\Drivers\Null.SYS
0xF9A60000 \SystemRoot\System32\Drivers\Beep.SYS
0xF98D8000 \SystemRoot\System32\drivers\vga.sys
0xF9A62000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF9A64000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF98E0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF98E8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF911C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF0A29000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF09D0000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF0996000 \SystemRoot\System32\Drivers\avgtdix.sys
0xF0970000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF95E8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF9900000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF99B8000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF9908000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF99BC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF95F8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF9910000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF0920000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF99D0000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF08FE000 \SystemRoot\System32\drivers\afd.sys
0xF9608000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF08DC000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF9918000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF08B1000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF0841000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF9618000 \SystemRoot\System32\Drivers\Fips.SYS
0xF9920000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xF076D000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF9678000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF0755000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF9A8C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF9120000 \SystemRoot\System32\drivers\Dxapi.sys
0xF97E0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF9B2B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF01F000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF06F000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF0629000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF0318000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF02B3000 \SystemRoot\system32\drivers\wdmaud.sys
0xF06D5000 \SystemRoot\system32\drivers\sysaudio.sys
0xF9A54000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF0300000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF0026000 \SystemRoot\system32\DRIVERS\srv.sys
0xEFF12000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEFC29000 \SystemRoot\System32\Drivers\HTTP.sys
0xEFA6B000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 29):
0 System Idle Process
4 System
564 C:\WINDOWS\system32\smss.exe
628 csrss.exe
652 C:\WINDOWS\system32\winlogon.exe
696 C:\WINDOWS\system32\services.exe
708 C:\WINDOWS\system32\lsass.exe
860 C:\WINDOWS\system32\svchost.exe
964 svchost.exe
1064 C:\WINDOWS\system32\svchost.exe
1128 svchost.exe
1236 C:\Program Files\AVG\AVG9\avgchsvx.exe
1244 C:\Program Files\AVG\AVG9\avgrsx.exe
1272 svchost.exe
1376 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1444 C:\WINDOWS\system32\spoolsv.exe
196 svchost.exe
440 C:\Program Files\AVG\AVG9\avgwdsvc.exe
488 C:\Program Files\Java\jre6\bin\jqs.exe
580 C:\WINDOWS\explorer.exe
880 C:\WINDOWS\system32\svchost.exe
1560 C:\Program Files\AVG\AVG9\avgnsx.exe
1056 C:\WINDOWS\system32\hkcmd.exe
1548 C:\WINDOWS\SOUNDMAN.EXE
1996 C:\WINDOWS\mixer.exe
2100 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2320 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2356 C:\WINDOWS\system32\ctfmon.exe
1160 C:\Documents and Settings\Joe\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: ST340015A, Rev: 3.01
Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!
dvk01's Avatar
Moderator & Malware Removal Specialist with 37,223 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
07-Sep-2010, 06:06 PM #11
the winhelp fix reset your ide channels to fast use instead of slow so that should have done something

how is it
redhawk50's Avatar
Computer Specs
Junior Member with 21 posts.
  
Join Date: Aug 2009
Location: Alabama
Experience: Intermediate
07-Sep-2010, 10:23 PM #12
Yes, that did help some, it's not quite as slow as before.
Before, when I clicked restart it took 5 1/2 minutes (5:28)
to reboot. Now it takes just under 4 minutes (3:56)

I don't know if this will provide a clue or not, but in Event Viewer
the following warning keeps showing up.

The time service has not been able to synchronize the system time for
49152 seconds (Over 13 hours) because none of the time providers
has been able to provide a usable time stamp.
The system clock is unsynchronized.
That warning is shown on 9/7, 9/6, 9/5, 9/4, then 8/27, 8/23,
8/22, 8/21, 20, 19, 18, 17, 16, 15, 14

Also in Event Viewer the follow ERROR came up 9/6 at 9:03 and
today at 1:57, 6:53, and 7:12

The Human Interface Device Access service terminated with the following error:
The specified module could not be found.

I lack the knowledge to know if that could provide any insight, but
I thought it couldn't hurt to throw it out there.
dvk01's Avatar
Moderator & Malware Removal Specialist with 37,223 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
08-Sep-2010, 04:49 AM #13
is your system clock set right

make sure you go to windows updates & take any updates offered

I don't think this is malware so moving to XP for further assistance

*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click START then RUN
* Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
redhawk50's Avatar
Computer Specs
Junior Member with 21 posts.
  
Join Date: Aug 2009
Location: Alabama
Experience: Intermediate
08-Sep-2010, 12:14 PM #14
Combofix uninstalled

The clock in the tray shows the correct time

(Pc running very slow this morning.)
redhawk50's Avatar
Computer Specs
Junior Member with 21 posts.
  
Join Date: Aug 2009
Location: Alabama
Experience: Intermediate
08-Sep-2010, 12:29 PM #15
Ms updates are on autorun but checked it just to be sure - no new updates

????
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 2 1 2

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Windows XP | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
help! google redirect. hijack log included randavue3 Virus & Other Malware Removal 1 13-Jun-2009 11:59 PM
New HJT user and needs some help and understaning on log. lcivic048678 Virus & Other Malware Removal 0 05-May-2009 11:19 AM
viruses - help! kernel32.dll, user32.dll, shell32.dll, FakeAlert & Trojan Crypt.BNO allicat544 Virus & Other Malware Removal 0 22-Jan-2009 12:47 PM
Please Help Me!!!!! willyn1ru Windows XP 4 09-Jul-2008 01:24 PM
HJT log included: help please KerriAnn Virus & Other Malware Removal 5 23-Oct-2005 11:11 AM


Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 01:18 AM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.