Extremely slow system presumably to virsuses

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

BigmanMarch

Thread Starter
Joined
Dec 21, 2010
Messages
1
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 03:17:34, on 22/12/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Ry\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_15_Plus_Download_version\TrayServer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 10390 bytes

[FONT=&quot] [/FONT]
[FONT=&quot]DDS (Ver_10-12-12.02) - NTFSx86 [/FONT]
[FONT=&quot]Run by Ry at 3:18:07.78 on 22/12/2010[/FONT]
[FONT=&quot]Internet Explorer: 9.0.7930.16406[/FONT]
[FONT=&quot]Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3033.1889 [GMT 0:00][/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}[/FONT]
[FONT=&quot]SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}[/FONT]
[FONT=&quot]SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}[/FONT]
[FONT=&quot]FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]============== Running Processes ===============[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]C:\Windows\system32\wininit.exe[/FONT]
[FONT=&quot]C:\Windows\system32\lsm.exe[/FONT]
[FONT=&quot]C:\Windows\system32\svchost.exe -k DcomLaunch[/FONT]
[FONT=&quot]C:\Windows\system32\svchost.exe -k RPCSS[/FONT]
[FONT=&quot]C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted[/FONT]
[FONT=&quot]C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted[/FONT]
[FONT=&quot]C:\Windows\system32\svchost.exe -k netsvcs[/FONT]
[FONT=&quot]C:\Windows\system32\svchost.exe -k LocalService[/FONT]
[FONT=&quot]C:\Windows\system32\svchost.exe -k NetworkService[/FONT]
[FONT=&quot]C:\Windows\System32\spoolsv.exe[/FONT]
[FONT=&quot]C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork[/FONT]
[FONT=&quot]C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[/FONT]
[FONT=&quot]C:\Windows\System32\svchost.exe -k Akamai[/FONT]
[FONT=&quot]C:\Windows\system32\svchost.exe -k apphost[/FONT]
[FONT=&quot]C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[/FONT]
[FONT=&quot]C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[/FONT]
[FONT=&quot]C:\Program Files\Bonjour\mDNSResponder.exe[/FONT]
[FONT=&quot]C:\Windows\system32\CISVC.EXE[/FONT]
[FONT=&quot]C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation[/FONT]
[FONT=&quot]C:\Windows\System32\svchost.exe -k ipripsvc[/FONT]
[FONT=&quot]C:\Windows\system32\mqsvc.exe[/FONT]
[FONT=&quot]C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[/FONT]
[FONT=&quot]C:\Windows\System32\tcpsvcs.exe[/FONT]
[FONT=&quot]C:\Windows\System32\snmp.exe[/FONT]
[FONT=&quot]C:\Windows\system32\svchost.exe -k imgsvc[/FONT]
[FONT=&quot]C:\Windows\system32\svchost.exe -k iissvcs[/FONT]
[FONT=&quot]C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[/FONT]
[FONT=&quot]C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[/FONT]
[FONT=&quot]C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted[/FONT]
[FONT=&quot]C:\Windows\system32\Dwm.exe[/FONT]
[FONT=&quot]C:\Windows\Explorer.EXE[/FONT]
[FONT=&quot]C:\Windows\system32\taskhost.exe[/FONT]
[FONT=&quot]C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[/FONT]
[FONT=&quot]C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[/FONT]
[FONT=&quot]C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe[/FONT]
[FONT=&quot]C:\Windows\System32\igfxtray.exe[/FONT]
[FONT=&quot]C:\Windows\System32\igfxpers.exe[/FONT]
[FONT=&quot]C:\Windows\system32\igfxsrvc.exe[/FONT]
[FONT=&quot]C:\Program Files\DivX\DivX Update\DivXUpdate.exe[/FONT]
[FONT=&quot]C:\Windows\system32\taskeng.exe[/FONT]
[FONT=&quot]C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[/FONT]
[FONT=&quot]C:\Program Files\iTunes\iTunesHelper.exe[/FONT]
[FONT=&quot]C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[/FONT]
[FONT=&quot]C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[/FONT]
[FONT=&quot]C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[/FONT]
[FONT=&quot]C:\Windows\system32\igfxext.exe[/FONT]
[FONT=&quot]C:\Program Files\Windows Media Player\wmpnetwk.exe[/FONT]
[FONT=&quot]C:\Program Files\iPod\bin\iPodService.exe[/FONT]
[FONT=&quot]C:\Windows\System32\svchost.exe -k LocalServicePeerNet[/FONT]
[FONT=&quot]C:\Windows\system32\DllHost.exe[/FONT]
[FONT=&quot]C:\Windows\System32\svchost.exe -k secsvcs[/FONT]
[FONT=&quot]C:\Program Files\Mozilla Firefox\firefox.exe[/FONT]
[FONT=&quot]C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe[/FONT]
[FONT=&quot]C:\Program Files\Mozilla Firefox\plugin-container.exe[/FONT]
[FONT=&quot]C:\Windows\system32\wbem\wmiprvse.exe[/FONT]
[FONT=&quot]C:\Users\Ry\Downloads\dds.scr[/FONT]
[FONT=&quot]C:\Windows\system32\conhost.exe[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]============== Pseudo HJT Report ===============[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]uStart Page = hxxp://www.google.co.uk/[/FONT]
[FONT=&quot]BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll[/FONT]
[FONT=&quot]BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll[/FONT]
[FONT=&quot]BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll[/FONT]
[FONT=&quot]BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll[/FONT]
[FONT=&quot]BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll[/FONT]
[FONT=&quot]BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll[/FONT]
[FONT=&quot]BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll[/FONT]
[FONT=&quot]BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll[/FONT]
[FONT=&quot]BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll[/FONT]
[FONT=&quot]TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File[/FONT]
[FONT=&quot]TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll[/FONT]
[FONT=&quot]mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s[/FONT]
[FONT=&quot]mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"[/FONT]
[FONT=&quot]mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"[/FONT]
[FONT=&quot]mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"[/FONT]
[FONT=&quot]mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"[/FONT]
[FONT=&quot]mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"[/FONT]
[FONT=&quot]mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"[/FONT]
[FONT=&quot]mRun: [IgfxTray] c:\windows\system32\igfxtray.exe[/FONT]
[FONT=&quot]mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe[/FONT]
[FONT=&quot]mRun: [Persistence] c:\windows\system32\igfxpers.exe[/FONT]
[FONT=&quot]mRun: [TrayServer] c:\program files\magix\movie_edit_pro_15_plus_download_version\TrayServer.exe[/FONT]
[FONT=&quot]mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime[/FONT]
[FONT=&quot]mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW[/FONT]
[FONT=&quot]mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start[/FONT]
[FONT=&quot]mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"[/FONT]
[FONT=&quot]mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxdfxaudioplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXDFXAudioPlugin.dll",DllRegisterServer[/FONT]
[FONT=&quot]mRunOnce: [B Register c:\program files\divx\divx plus player\dseplugins\direct3dvideooutput.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dseplugins\Direct3DVideoOutput.dll",DllRegisterServer[/FONT]
[FONT=&quot]mRunOnce: [B Register c:\program files\divx\divx plus player\dseplugins\directsoundaudiooutput.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dseplugins\DirectSoundAudioOutput.dll",DllRegisterServer[/FONT]
[FONT=&quot]mRunOnce: [B Register c:\program files\divx\divx plus player\dseplugins\divxdeinterlacefilter.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dseplugins\DivXDeinterlaceFilter.dll",DllRegisterServer[/FONT]
[FONT=&quot]mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxbanneradplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXBannerAdPlugin.dll",DllRegisterServer[/FONT]
[FONT=&quot]mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxdownloadmanagerplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXDownloadManagerPlugin.dll",DllRegisterServer[/FONT]
[FONT=&quot]mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxmediamanagerplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXMediaManagerPlugin.dll",DllRegisterServer[/FONT]
[FONT=&quot]mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxplayerplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXPlayerPlugin.dll",DllRegisterServer[/FONT]
[FONT=&quot]mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)[/FONT]
[FONT=&quot]mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)[/FONT]
[FONT=&quot]mPolicies-system: EnableLUA = 0 (0x0)[/FONT]
[FONT=&quot]mPolicies-system: EnableUIADesktopToggle = 0 (0x0)[/FONT]
[FONT=&quot]mPolicies-system: PromptOnSecureDesktop = 0 (0x0)[/FONT]
[FONT=&quot]IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000[/FONT]
[FONT=&quot]IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll[/FONT]
[FONT=&quot]IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll[/FONT]
[FONT=&quot]IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll[/FONT]
[FONT=&quot]IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL[/FONT]
[FONT=&quot]IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll[/FONT]
[FONT=&quot]Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL[/FONT]
[FONT=&quot]Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll[/FONT]
[FONT=&quot]Notify: igfxcui - igfxdev.dll[/FONT]
[FONT=&quot]Notify: klogon - c:\windows\system32\klogon.dll[/FONT]
[FONT=&quot]AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]================= FIREFOX ===================[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]FF - ProfilePath - c:\users\ry\appdata\roaming\mozilla\firefox\profiles\vanbql7p.default\[/FONT]
[FONT=&quot]FF - prefs.js: network.proxy.type - 0[/FONT]
[FONT=&quot]FF - component: c:\program files\mozilla firefox\extensions\[email protected]\components\abhelperxpcom.dll[/FONT]
[FONT=&quot]FF - component: c:\program files\mozilla firefox\extensions\[email protected]\components\kavlinkfilter.dll[/FONT]
[FONT=&quot]FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll[/FONT]
[FONT=&quot]FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll[/FONT]
[FONT=&quot]FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll[/FONT]
[FONT=&quot]FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll[/FONT]
[FONT=&quot]FF - plugin: c:\program files\veetle\player\npvlc.dll[/FONT]
[FONT=&quot]FF - plugin: c:\program files\veetle\plugins\npVeetle.dll[/FONT]
[FONT=&quot]FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll[/FONT]
[FONT=&quot]FF - Ext: Anti-Banner: [email protected] - c:\program files\mozilla firefox\extensions\[email protected][/FONT]
[FONT=&quot]FF - Ext: Kaspersky URL Advisor: [email protected] - c:\program files\mozilla firefox\extensions\[email protected][/FONT]
[FONT=&quot]FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[/FONT]
[FONT=&quot]FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video[/FONT]
[FONT=&quot]FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]============= SERVICES / DRIVERS ===============[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352][/FONT]
[FONT=&quot]R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104][/FONT]
[FONT=&quot]R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2010-7-4 10752][/FONT]
[FONT=&quot]R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128][/FONT]
[FONT=&quot]R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992][/FONT]
[FONT=&quot]R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-7-1 352976][/FONT]
[FONT=&quot]R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2009-7-13 20992][/FONT]
[FONT=&quot]R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984][/FONT]
[FONT=&quot]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336][/FONT]
[FONT=&quot]R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392][/FONT]
[FONT=&quot]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384][/FONT]
[FONT=&quot]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-17 136176][/FONT]
[FONT=&quot]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888][/FONT]
[FONT=&quot]S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2009-8-13 22528][/FONT]
[FONT=&quot]S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272][/FONT]
[FONT=&quot]S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352][/FONT]
[FONT=&quot]S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992][/FONT]
[FONT=&quot]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-6 1343400][/FONT]
[FONT=&quot]S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2010-7-3 1527900][/FONT]
[FONT=&quot]S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040][/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]=============== Created Last 30 ================[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]2010-12-22 02:55:42 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{893fb3ff-8f5d-4b55-9860-85e188eedf74}\mpengine.dll[/FONT]
[FONT=&quot]2010-12-17 12:42:50 -------- d-----w- c:\users\ry\appdata\local\Microsoft Games[/FONT]
[FONT=&quot]2010-12-16 17:41:46 -------- d-----w- c:\program files\iPod[/FONT]
[FONT=&quot]2010-12-15 14:40:22 516096 ----a-w- c:\program files\windows mail\wab.exe[/FONT]
[FONT=&quot]2010-12-15 14:40:20 2048 ----a-w- c:\windows\system32\tzres.dll[/FONT]
[FONT=&quot]2010-12-15 14:39:43 749056 ----a-w- c:\windows\system32\schedsvc.dll[/FONT]
[FONT=&quot]2010-12-15 14:39:43 496128 ----a-w- c:\windows\system32\taskschd.dll[/FONT]
[FONT=&quot]2010-12-15 14:39:43 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll[/FONT]
[FONT=&quot]2010-12-15 14:39:43 305152 ----a-w- c:\windows\system32\taskcomp.dll[/FONT]
[FONT=&quot]2010-12-15 14:39:43 192000 ----a-w- c:\windows\system32\taskeng.exe[/FONT]
[FONT=&quot]2010-12-15 14:39:43 179712 ----a-w- c:\windows\system32\schtasks.exe[/FONT]
[FONT=&quot]2010-12-15 14:39:37 34304 ----a-w- c:\windows\system32\atmlib.dll[/FONT]
[FONT=&quot]2010-12-15 14:39:37 294400 ----a-w- c:\windows\system32\atmfd.dll[/FONT]
[FONT=&quot]2010-12-15 14:39:34 314368 ----a-w- c:\windows\system32\webio.dll[/FONT]
[FONT=&quot]2010-12-15 14:39:32 101760 ----a-w- c:\windows\system32\consent.exe[/FONT]
[FONT=&quot]2010-12-15 14:39:31 571904 ----a-w- c:\windows\system32\oleaut32.dll[/FONT]
[FONT=&quot]2010-12-15 14:39:31 2327552 ----a-w- c:\windows\system32\win32k.sys[/FONT]
[FONT=&quot]2010-12-14 03:35:20 -------- d-----w- c:\users\ry\appdata\local\ElevatedDiagnostics[/FONT]
[FONT=&quot]2010-12-12 16:41:35 -------- d-----w- c:\users\ry\appdata\roaming\Local[/FONT]
[FONT=&quot]2010-12-12 15:05:23 2381824 ----a-w- c:\windows\system32\mshtml.tlb[/FONT]
[FONT=&quot]2010-12-12 15:05:23 1448448 ----a-w- c:\windows\system32\inetcpl.cpl[/FONT]
[FONT=&quot]2010-11-29 17:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx[/FONT]
[FONT=&quot]2010-11-29 17:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]==================== Find3M ====================[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll[/FONT]
[FONT=&quot]2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl[/FONT]
[FONT=&quot]2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]============= FINISH: 3:18:33.22 ===============[/FONT]


[FONT=&quot]GMER 1.0.15.15530 - http://www.gmer.net[/FONT]
[FONT=&quot]Rootkit scan 2010-12-22 03:33:42[/FONT]
[FONT=&quot]Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G2 rev.00000009[/FONT]
[FONT=&quot]Running: k44kqx3m.exe; Driver: C:\Users\Ry\AppData\Local\Temp\kxldrpog.sys[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]---- System - GMER 1.0.15 ----[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8C39DD50][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8C39FF8E][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8C3A0208][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8C3A047E][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8C39E664][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8C39F498][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8C39F9E2][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8C39E940][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8C39F8C8][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8C39D93E][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8C39F79C][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8C39DAE6][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8C39FB02][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8C39E2EA][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8C39E3E8][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x8C3A06C8][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8C39F832][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8C3A11F0][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x8C39EDC2][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8C3A23FE][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8C39EBD0][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8C3A12E2][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8C3A1A4A][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8C39FA78][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8C39E6E6][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8C39F958][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8C39DF8E][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8C3A17E4][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8C39FB98][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8C39DE7E][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8C3A0782][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8C3A1D84][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8C3A1676][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplaceKey [0x8C39C5F8][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8C39FEFC][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8C39FDC2][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8C3A0F8A][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRestoreKey [0x8C39C970][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8C3A22A0][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKey [0x8C39C590][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8C39F1DE][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8C39E506][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8C3A0824][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8C3A1480][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8C3A1ED4][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8C3A1FC6][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8C3A2100][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8C3A1114][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8C39E134][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8C39E08A][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8C3A1C28][/FONT]
[FONT=&quot]SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8C39E220][/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]---- Kernel code sections - GMER 1.0.15 ----[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot].text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E50599 1 Byte [06][/FONT]
[FONT=&quot].text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E74F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}[/FONT]
[FONT=&quot].text ntkrnlpa.exe!RtlSidHashLookup + 220 82E7C730 4 Bytes [50, DD, 39, 8C][/FONT]
[FONT=&quot].text ntkrnlpa.exe!RtlSidHashLookup + 248 82E7C758 8 Bytes [8E, FF, 39, 8C, 08, 02, 3A, ...][/FONT]
[FONT=&quot].text ntkrnlpa.exe!RtlSidHashLookup + 28C 82E7C79C 4 Bytes [7E, 04, 3A, 8C][/FONT]
[FONT=&quot].text ntkrnlpa.exe!RtlSidHashLookup + 2B8 82E7C7C8 4 Bytes [64, E6, 39, 8C][/FONT]
[FONT=&quot].text ntkrnlpa.exe!RtlSidHashLookup + 2DC 82E7C7EC 4 Bytes [98, F4, 39, 8C][/FONT]
[FONT=&quot].text ... [/FONT]
[FONT=&quot]? C:\Users\Ry\AppData\Local\Temp\mbr.sys The system cannot find the file specified. ![/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]---- User code sections - GMER 1.0.15 ----[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot].text C:\Program Files\Mozilla Firefox\plugin-container.exe[1604] USER32.dll!TrackPopupMenu 757B4B3B 5 Bytes JMP 64842342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)[/FONT]
[FONT=&quot].text C:\Program Files\Mozilla Firefox\firefox.exe[2828] ntdll.dll!LdrLoadDll 7704F625 5 Bytes JMP 00B913F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]---- Devices - GMER 1.0.15 ----[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)[/FONT]
[FONT=&quot]AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)[/FONT]
[FONT=&quot]AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)[/FONT]
[FONT=&quot]AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)[/FONT]
[FONT=&quot]AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)[/FONT]
[FONT=&quot]AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]---- Registry - GMER 1.0.15 ----[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\[email protected] \Device\{7D9ED340-8E1D-4DDA-95F9-82B952BA3744}?\Device\{E9B7EA48-735E-490E-A5C5-C397346ECDB8}?\Device\{B75C2DA0-F088-411C-8301-860FD86741E3}?[/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\[email protected] "{7D9ED340-8E1D-4DDA-95F9-82B952BA3744}"?"{E9B7EA48-735E-490E-A5C5-C397346ECDB8}"?"{B75C2DA0-F088-411C-8301-860FD86741E3}"?[/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\[email protected] \Device\TCPIP6TUNNEL_{7D9ED340-8E1D-4DDA-95F9-82B952BA3744}?\Device\TCPIP6TUNNEL_{E9B7EA48-735E-490E-A5C5-C397346ECDB8}?\Device\TCPIP6TUNNEL_{B75C2DA0-F088-411C-8301-860FD86741E3}?[/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\CurrentControlSet\Control\Session [email protected] ?????i??????\\?\USB#VID_05AC&PID_120A#000A270012C23D51#{a5dcbf10-6530-11d2-901f-00c04fb951ed}[email protected],%msft%;Microsoft?i????(???N??????i????????????????????????????i??????|????(??????????N?????eip????????????????????????,??????t???t??volsnap.inf?????.NT???????????0?????????????*isatap?????????????? ?????????????s?1??????????????????????ic??USB?iv??MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3A7DC275-030F-4DC2-985E-952576984902}] DATAGRAM 7?0FD??????? ???????????????????p?1????????????????????? ?????????????????????1????????????????????? ???????????????????p?1????????????????????? [email protected],%intel_mfg%;Intel??????????VolumeSnapshot??????{5225e9f0-bf9d-5b1e-8f6c-6050fb7a4b5e}??????????? ?????????????????????-????????????????????????????????????????? ???????C?????F08???????????6??s7???????????m???m??????? ???????????????????n?1????????????????????gendisk?,[email protected],%intel_mfg%;Intel?????????????????????????????????????????????[/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158307cf28 [/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x89 0x5A 0xEA 0xE6 ...[/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0xD3 0x40 0x3C 0xAE ...[/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x24 0x6A 0xA5 0x78 ...[/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x02 0xBE 0x36 0x8C ...[/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000250 [/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x87 0xDC 0x0C 0x14 ...[/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x6D 0x29 0x2E 0x3E ...[/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x78 0x26 0xA6 0x49 ...[/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0xE3 0x7E 0x5F 0xD0 ...[/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{7D9ED340-8E1D-4DDA-95F9-82B952BA3744}@InterfaceName isatap.{450EC2E7-AC65-4375-B534-F7D72101680E}[/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{7D9ED340-8E1D-4DDA-95F9-82B952BA3744}@ReusableType 0[/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158307cf28 (not active ControlSet) [/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x89 0x5A 0xEA 0xE6 ...[/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0xD3 0x40 0x3C 0xAE ...[/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x24 0x6A 0xA5 0x78 ...[/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x02 0xBE 0x36 0x8C ...[/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000250 (not active ControlSet) [/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x87 0xDC 0x0C 0x14 ...[/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x6D 0x29 0x2E 0x3E ...[/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x78 0x26 0xA6 0x49 ...[/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0xE3 0x7E 0x5F 0xD0 ...[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]---- EOF - GMER 1.0.15 ----[/FONT]
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top