BleepingComputer.com: slow computer

hi everyone,
my computer is becoming extremely slow and I'm wondering if I can do something to stop this sad process; for this reason I scanned it with hijackthis, but i'm not very smart in interpreting it. May I ask your help in finding the items which slow down my computer?
thanks in advance,
fidot

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.18.13, on 04/04/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Programmi\ZoneAlarm_Security\tbZon1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programmi\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Programmi\ZoneAlarm_Security\tbZon1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Programmi\ZoneAlarm_Security\tbZon1.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programmi\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Programmi\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mozilla Thunderbird.lnk = C:\Programmi\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: Mozilla Firefox.lnk = C:\Programmi\Mozilla Firefox\firefox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268936301671
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268977600640
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Programmi\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7747 bytes

This post has been edited by hamluis: 08 April 2011 - 07:25 AM
Reason for edit: Moved from Am I infected to Malware Removal Logs.

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
    
  • DDS.pif
  
  
• Double click on the DDS icon, allow it to run.
  
• A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  
• Notepad will open with the results.
  
• Follow the instructions that pop up for posting the results.
  
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

• The application window will appear
• Click the Disable button to disable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.


Then

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
  
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
  
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  
• Now click the Scan button. If you see a rootkit warning window, click OK.
  
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  
• Click the Copy button and paste the results into your next reply.
  
• Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

Hi M0le,
Thanks for your kind reply.
I followed your instructions: herewith enclosed you can find the results of DDS and GMER scans.
Thanks again for your help,
fidot

Please run TDSSKiller and MBRCheck

• Download TDSSKiller and save it to your Desktop.
  
  
  
• Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  
  
  
• Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.
  
  "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt
  
  
  
• Now click Start Scan.
  
  
• If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  
  
• Click Close
  
  
• Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

And

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,

m0le

Hi m0le,
sorry for the delay and thanks again for your help.
Below you can find the reports of TDSSKiller and MBRCheck.
Thanks,
fidot

TDSSKiller:

2011/04/18 09:17:39.0453 1240 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/18 09:17:41.0453 1240 ================================================================================
2011/04/18 09:17:41.0468 1240 SystemInfo:
2011/04/18 09:17:41.0468 1240
2011/04/18 09:17:41.0468 1240 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/18 09:17:41.0468 1240 Product type: Workstation
2011/04/18 09:17:41.0468 1240 ComputerName: TOMASO
2011/04/18 09:17:41.0468 1240 UserName: Tom
2011/04/18 09:17:41.0468 1240 Windows directory: C:\WINDOWS
2011/04/18 09:17:41.0468 1240 System windows directory: C:\WINDOWS
2011/04/18 09:17:41.0468 1240 Processor architecture: Intel x86
2011/04/18 09:17:41.0468 1240 Number of processors: 1
2011/04/18 09:17:41.0468 1240 Page size: 0x1000
2011/04/18 09:17:41.0468 1240 Boot type: Normal boot
2011/04/18 09:17:41.0468 1240 ================================================================================
2011/04/18 09:17:45.0593 1240 Initialize success
2011/04/18 09:18:01.0687 3296 ================================================================================
2011/04/18 09:18:01.0687 3296 Scan started
2011/04/18 09:18:01.0687 3296 Mode: Manual;
2011/04/18 09:18:01.0687 3296 ================================================================================
2011/04/18 09:18:06.0468 3296 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/18 09:18:06.0531 3296 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/04/18 09:18:06.0609 3296 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/18 09:18:06.0765 3296 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/04/18 09:18:07.0078 3296 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/18 09:18:07.0265 3296 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/18 09:18:07.0343 3296 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/18 09:18:07.0468 3296 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/18 09:18:07.0562 3296 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/18 09:18:08.0000 3296 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programmi\Avira\AntiVir Desktop\avgio.sys
2011/04/18 09:18:08.0078 3296 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/04/18 09:18:08.0140 3296 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/04/18 09:18:08.0234 3296 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/18 09:18:08.0328 3296 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/18 09:18:08.0406 3296 CCDECODE (fdc06e2ada8c468ebb161624e03976cf) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/18 09:18:08.0531 3296 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/18 09:18:08.0625 3296 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/18 09:18:08.0703 3296 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/18 09:18:08.0859 3296 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/04/18 09:18:08.0937 3296 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/04/18 09:18:09.0078 3296 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/18 09:18:09.0156 3296 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/18 09:18:09.0265 3296 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/18 09:18:09.0359 3296 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/18 09:18:09.0453 3296 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/18 09:18:09.0625 3296 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/18 09:18:09.0765 3296 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/18 09:18:09.0859 3296 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/04/18 09:18:09.0968 3296 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/18 09:18:10.0031 3296 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/04/18 09:18:10.0109 3296 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/18 09:18:10.0140 3296 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/18 09:18:10.0203 3296 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/18 09:18:10.0265 3296 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/18 09:18:10.0390 3296 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys
2011/04/18 09:18:10.0531 3296 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/18 09:18:10.0609 3296 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/18 09:18:10.0781 3296 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/04/18 09:18:10.0875 3296 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/04/18 09:18:10.0937 3296 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/04/18 09:18:11.0046 3296 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/18 09:18:11.0140 3296 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/18 09:18:11.0359 3296 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/04/18 09:18:11.0500 3296 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/18 09:18:11.0937 3296 IntcAzAudAddService (4b322f8c7b7af523d1c145c22eef4713) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/04/18 09:18:12.0171 3296 IntelIde (027fe9b28fb0f861c181d25923b31e78) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/18 09:18:12.0250 3296 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/18 09:18:12.0328 3296 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/18 09:18:12.0406 3296 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/18 09:18:12.0500 3296 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/18 09:18:12.0593 3296 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/18 09:18:12.0640 3296 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/18 09:18:12.0765 3296 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/18 09:18:12.0828 3296 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/18 09:18:13.0109 3296 ISWKL (5c7c9ea45700f5187f71eb7b0dab18c5) C:\Programmi\CheckPoint\ZAForceField\ISWKL.sys
2011/04/18 09:18:13.0218 3296 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/18 09:18:13.0296 3296 kbdhid (4c61c226bdda2ef1672b2c5f4e56625e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/18 09:18:13.0406 3296 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/18 09:18:13.0468 3296 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/18 09:18:13.0609 3296 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2011/04/18 09:18:13.0687 3296 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/18 09:18:13.0750 3296 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/18 09:18:13.0812 3296 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/18 09:18:13.0875 3296 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/18 09:18:13.0953 3296 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/18 09:18:14.0046 3296 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/18 09:18:14.0171 3296 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/18 09:18:14.0234 3296 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/18 09:18:14.0296 3296 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/18 09:18:14.0375 3296 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/18 09:18:14.0453 3296 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/18 09:18:14.0578 3296 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/18 09:18:14.0640 3296 MSTEE (d5059366b361f0e1124753447af08aa2) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/18 09:18:14.0718 3296 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/18 09:18:14.0812 3296 NABTSFEC (ac31b352ce5e92704056d409834beb74) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/18 09:18:14.0953 3296 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/18 09:18:15.0015 3296 NdisIP (abd7629cf2796250f315c1dd0b6cf7a0) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/18 09:18:15.0109 3296 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/18 09:18:15.0203 3296 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/18 09:18:15.0281 3296 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/18 09:18:15.0375 3296 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/18 09:18:15.0406 3296 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/18 09:18:15.0468 3296 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/18 09:18:15.0593 3296 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/18 09:18:15.0671 3296 nmwcd (357ddb51e03cae598c096d95497373d0) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/04/18 09:18:15.0750 3296 nmwcdc (7cd443f9d36c80e152fadb274089577a) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/04/18 09:18:15.0812 3296 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/18 09:18:15.0890 3296 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/18 09:18:15.0953 3296 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/18 09:18:16.0015 3296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/18 09:18:16.0078 3296 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/18 09:18:16.0156 3296 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/18 09:18:16.0234 3296 PAC7311 (6f33d8d6a47437cd6a0029ee827526f0) C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS
2011/04/18 09:18:16.0343 3296 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\drivers\Parport.sys
2011/04/18 09:18:16.0406 3296 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/18 09:18:16.0453 3296 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/18 09:18:16.0531 3296 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/04/18 09:18:16.0578 3296 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/18 09:18:16.0656 3296 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/18 09:18:16.0718 3296 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/18 09:18:17.0046 3296 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/18 09:18:17.0156 3296 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/18 09:18:17.0234 3296 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/18 09:18:17.0437 3296 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/18 09:18:17.0546 3296 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/18 09:18:17.0640 3296 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/18 09:18:17.0687 3296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/18 09:18:17.0781 3296 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/18 09:18:17.0859 3296 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/18 09:18:17.0937 3296 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/18 09:18:18.0046 3296 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/18 09:18:18.0234 3296 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2011/04/18 09:18:18.0328 3296 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/04/18 09:18:18.0437 3296 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/18 09:18:18.0546 3296 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\drivers\Serial.sys
2011/04/18 09:18:18.0625 3296 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/18 09:18:18.0750 3296 SLIP (1ffc44d6787ec1ea9a2b1440a90fa5c1) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/18 09:18:18.0875 3296 smserial (af2c8104d58662fd0d3ad966bda3157e) C:\WINDOWS\system32\DRIVERS\smserial.sys
2011/04/18 09:18:19.0015 3296 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/18 09:18:19.0328 3296 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\System32\Drivers\sptd.sys
2011/04/18 09:18:19.0500 3296 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/18 09:18:19.0609 3296 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/18 09:18:19.0671 3296 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/04/18 09:18:19.0765 3296 streamip (a9f9fd0212e572b84edb9eb661f6bc04) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/18 09:18:19.0859 3296 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/18 09:18:19.0953 3296 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/18 09:18:20.0171 3296 SynTP (eba71a1b7db9f6e3f70c15a64817c53f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/04/18 09:18:20.0328 3296 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/18 09:18:20.0468 3296 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/18 09:18:20.0546 3296 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/18 09:18:20.0640 3296 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/18 09:18:20.0718 3296 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/18 09:18:20.0906 3296 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\WINDOWS\system32\drivers\truecrypt.sys
2011/04/18 09:18:21.0015 3296 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/18 09:18:21.0140 3296 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/18 09:18:21.0296 3296 upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/04/18 09:18:21.0437 3296 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/18 09:18:21.0531 3296 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/18 09:18:21.0625 3296 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/18 09:18:21.0703 3296 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/18 09:18:21.0796 3296 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/18 09:18:21.0890 3296 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/18 09:18:21.0984 3296 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
2011/04/18 09:18:22.0109 3296 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/18 09:18:22.0203 3296 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/18 09:18:22.0328 3296 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/18 09:18:22.0484 3296 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/18 09:18:22.0593 3296 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2011/04/18 09:18:22.0937 3296 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/04/18 09:18:23.0156 3296 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/18 09:18:23.0328 3296 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/04/18 09:18:23.0468 3296 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/18 09:18:23.0609 3296 WSTCODEC (233cdd1c06942115802eb7ce6669e099) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/18 09:18:23.0937 3296 ================================================================================
2011/04/18 09:18:23.0937 3296 Scan finished
2011/04/18 09:18:23.0937 3296 ================================================================================
2011/04/18 09:19:14.0031 3256 Deinitialize success



MBRCheck:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 126):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806F0000 \WINDOWS\system32\hal.dll
0xF7A98000 \WINDOWS\system32\KDCOM.DLL
0xF79A8000 \WINDOWS\system32\BOOTVID.dll
0xF7549000 ACPI.sys
0xF7A9A000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7538000 pci.sys
0xF7598000 ohci1394.sys
0xF75A8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF75B8000 isapnp.sys
0xF79AC000 compbatt.sys
0xF79B0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B60000 pciide.sys
0xF7818000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A9C000 intelide.sys
0xF75C8000 MountMgr.sys
0xF7519000 ftdisk.sys
0xF79B4000 ACPIEC.sys
0xF7B61000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7820000 PartMgr.sys
0xF75D8000 VolSnap.sys
0xF7501000 atapi.sys
0xF75E8000 disk.sys
0xF75F8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF74E1000 fltmgr.sys
0xF74CF000 sr.sys
0xF74B8000 KSecDD.sys
0xF742B000 Ntfs.sys
0xF73FE000 NDIS.sys
0xF73E4000 Mup.sys
0xF77B8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF68E8000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF68D4000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF68AC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF78A0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6888000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78A8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF77C8000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF6875000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
0xF77D8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78B0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6846000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7AAC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF78B8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF77E8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF77F8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7808000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6823000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7A54000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7CA5000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF6A79000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A58000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF680C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6A69000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6A59000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78C0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF67FB000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6A49000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78C8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78D0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6A39000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF67DE000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0xF67C6000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0xF7AB0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6768000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A68000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6A29000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA6F1000 \SystemRoot\system32\DRIVERS\smserial.sys
0xF78D8000 \SystemRoot\System32\Drivers\Modem.SYS
0xAA30D000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA2E9000 \SystemRoot\system32\drivers\portcls.sys
0xF6A09000 \SystemRoot\system32\drivers\drmk.sys
0xF69F9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AB6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B92000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AB8000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78F8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7900000 \SystemRoot\System32\drivers\vga.sys
0xF7ABA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7ABC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7908000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7910000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF73A0000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA28E000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA235000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA20D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA18C000 \SystemRoot\System32\vsdatant.sys
0xAA16A000 \SystemRoot\System32\drivers\afd.sys
0xF7638000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA135000 \SystemRoot\System32\drivers\truecrypt.sys
0xF7918000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xAA10A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA072000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7648000 \SystemRoot\System32\Drivers\Fips.SYS
0xAA04C000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7658000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7668000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xAA026000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7928000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF6742000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7678000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7AC4000 \??\C:\Programmi\Avira\AntiVir Desktop\avgio.sys
0xF673A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF6732000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF76D8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA9F46000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AE6000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA0F2000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7960000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BF0000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF075000 \SystemRoot\System32\ialmdd5.DLL
0xA9DF1000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA9E26000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF7850000 \??\C:\Programmi\CheckPoint\ZAForceField\ISWKL.sys
0xA9A44000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9D21000 \SystemRoot\system32\drivers\sysaudio.sys
0xA99A1000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA9809000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9340000 \SystemRoot\System32\Drivers\HTTP.sys
0xA8FBB000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 39):
0 System Idle Process
4 System
512 C:\WINDOWS\system32\smss.exe
564 csrss.exe
588 C:\WINDOWS\system32\winlogon.exe
632 C:\WINDOWS\system32\services.exe
644 C:\WINDOWS\system32\lsass.exe
808 C:\WINDOWS\system32\svchost.exe
868 svchost.exe
936 C:\WINDOWS\system32\svchost.exe
996 svchost.exe
1048 svchost.exe
1192 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
1320 C:\WINDOWS\explorer.exe
1628 C:\Programmi\CheckPoint\ZAForceField\ISWSVC.exe
1680 C:\WINDOWS\system32\spoolsv.exe
1728 C:\Programmi\Avira\AntiVir Desktop\sched.exe
1916 svchost.exe
648 C:\Programmi\Avira\AntiVir Desktop\avguard.exe
692 C:\Programmi\Java\jre6\bin\jqs.exe
956 C:\WINDOWS\system32\HPZipm12.exe
1080 C:\WINDOWS\system32\PAStiSvc.exe
1148 C:\WINDOWS\system32\svchost.exe
1592 C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
1004 C:\WINDOWS\system32\wbem\wmiapsrv.exe
2136 alg.exe
2404 C:\WINDOWS\sm56hlpr.exe
2716 C:\WINDOWS\system32\hkcmd.exe
2748 C:\WINDOWS\system32\igfxpers.exe
2760 C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
2824 C:\WINDOWS\SOUNDMAN.EXE
3224 C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
3272 C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
3328 C:\Programmi\File comuni\Java\Java Update\jusched.exe
3360 C:\WINDOWS\system32\ctfmon.exe
3820 C:\Programmi\CheckPoint\ZAForceField\ForceField.exe
3480 C:\Programmi\Mozilla Firefox\firefox.exe
2200 C:\Programmi\Mozilla Firefox\plugin-container.exe
4048 C:\Documents and Settings\Tom\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM060II, Rev: YB100-04

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 503FD2CC6F3632B90CEC9C763A09B1AF1755FCD5


Done!

That all looks fine.

Please run MBAM and SAS next

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Make sure you are connected to the Internet.
  
• Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  
• When the installation begins, follow the prompts and do not make any changes to default settings.
  
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
    
  • Launch Malwarebytes' Anti-Malware
  
  
• Then click Finish.
  
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  
• On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
    
  • Then click on the Scan button.
  
  
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  
• Click OK to close the message box and continue with the removal process.
  
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When removal is completed, a log report will open in Notepad.
  
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And

Download and scan with SUPERAntiSpyware Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  
• An icon will be created on your desktop. Double-click that icon to launch the program.
  
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  
• In the Main Menu, click the Preferences... button.
  
• Click the Scanning Control tab.
  
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
    
  • Scan for tracking cookies.
    
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
  
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  
• On the left, make sure you check C:\Fixed Drive.
  
• On the right, under "Complete Scan", choose Perform Complete Scan.
  
• Click "Next" to start the scan. Please be patient while it scans your computer.
  
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  
• Make sure everything has a checkmark next to it and click "Next".
  
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  
• If asked if you want to reboot, click "Yes".
  
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
    
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    
  • Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

Hi m0le,
Below you can find the reports of MBAM and SAS.
Thanks,
fidot

MBAM:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Versione database: 6395

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

19/04/2011 11.49.51
mbam-log-2011-04-19 (11-49-51).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 221031
Tempo trascorso: 2 ore, 46 minuti, 6 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)


SAS:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/19/2011 at 04:35 PM

Application Version : 4.50.1002

Core Rules Database Version : 6868
Trace Rules Database Version: 4680

Scan type : Complete Scan
Total Scan Time : 04:19:11

Memory items scanned : 493
Memory threats detected : 0
Registry items scanned : 5919
Registry threats detected : 0
File items scanned : 72593
File threats detected : 23

Adware.Tracking Cookie
C:\Documents and Settings\Tom\Cookies\tom@stats.scuolagrafica[2].txt
C:\Documents and Settings\Tom\Cookies\tom@serving-sys[2].txt
C:\Documents and Settings\Tom\Cookies\tom@imrworldwide[2].txt
C:\Documents and Settings\Tom\Cookies\tom@atdmt[1].txt
C:\Documents and Settings\Tom\Cookies\tom@advertising[1].txt
C:\Documents and Settings\Tom\Cookies\tom@server.iad.liveperson[3].txt
C:\Documents and Settings\Tom\Cookies\tom@s3.shinystat[1].txt
C:\Documents and Settings\Tom\Cookies\tom@bs.serving-sys[1].txt
C:\Documents and Settings\Tom\Cookies\tom@msnportal.112.2o7[1].txt
C:\Documents and Settings\Tom\Cookies\tom@stats.scuolagrafica[1].txt
C:\Documents and Settings\Tom\Cookies\tom@www.windowsmedia[2].txt
C:\Documents and Settings\Tom\Cookies\tom@nextag[2].txt
C:\Documents and Settings\Tom\Cookies\tom@server.iad.liveperson[1].txt
C:\Documents and Settings\Tom\Cookies\tom@shinystat[1].txt
bc.youporn.com [ C:\Documents and Settings\Tom\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\S3J87AZ9 ]
core.insightexpressai.com [ C:\Documents and Settings\Tom\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\S3J87AZ9 ]
ia.media-imdb.com [ C:\Documents and Settings\Tom\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\S3J87AZ9 ]
img-cdn.mediaplex.com [ C:\Documents and Settings\Tom\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\S3J87AZ9 ]
media.scanscout.com [ C:\Documents and Settings\Tom\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\S3J87AZ9 ]
s0.2mdn.net [ C:\Documents and Settings\Tom\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\S3J87AZ9 ]
secure-it.imrworldwide.com [ C:\Documents and Settings\Tom\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\S3J87AZ9 ]
serving-sys.com [ C:\Documents and Settings\Tom\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\S3J87AZ9 ]
wtv.dolmedia.tv [ C:\Documents and Settings\Tom\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\S3J87AZ9 ]

Again, looks good. Please visit ESET and scan the machine online next

I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the icon on your desktop.
  
  
• Check
  
• Click the button.
  
• Accept any security warnings from your browser.
  
• Under scan settings, check and check Remove found threats
  
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology
  
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
• Push the button.
  
• Push

If no log is generated that means nothing was found. Please let me know if this happens.

Hi m0le,
ESET took 16 hours to scan my computer and didn't find any threat.
fidot

Your machine is clean and so we can rule out malware as the cause.

I suggest you read through this article which may be able to pinpoint the problem and, if that doesn't help, to try the XP forum

In the meantime let's clear up

You're clean. Good stuff!

Let's do some clearing up

Download and Run OTC

We will now remove the tools we used during this fix using OTC.

• Download OTC by OldTimer and save it to your desktop.
  
• Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  
• Then Click the big button.
  
• You will get a prompt saying "Being Cleanup Process". Please select Yes.
  
• Restart your computer when prompted.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it fidot, happy surfing!

Cheers.

m0le

Thanks for your time and help, m0le.
Bye,
fidot

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.