My cpu usage is high

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

zoono

Thread Starter
Joined
Feb 5, 2013
Messages
4
My system's cpu usage is 50-60 when i run any program as Nero(become burning) or kmplayer etse..
but any my proccess not above 5-10. system idle process at 90% or so
here is my HiJacklog:
(sorry for my bad english)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:50 PM, on 2/5/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\WinFLService.exe
D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
D:\Program Files\Java\jre7\bin\jqs.exe
D:\WINDOWS\system32\WinFLTray.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
D:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe
D:\Program Files\NewSoftware's\Folder Lock\FLComServ.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
D:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
D:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
D:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - D:\Documents and Settings\RAMIN\Application Data\FlashGetBHO\FlashGetBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] D:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "D:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FlashGet 3] "D:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize
O4 - HKCU\..\Run: [WinFLTray] D:\WINDOWS\system32\WinFLTray.exe
O4 - HKCU\..\Run: [FLBackup] D:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe
O4 - HKCU\..\Run: [RegistryMechanic] D:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
O4 - HKCU\..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f
O4 - HKCU\..\RunOnce: [adawarebp_DATA_FOLDER] cmd.exe /c rmdir "D:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection" /s /q
O4 - HKCU\..\RunOnce: [adawarebp_INSTALL_FOLDER] cmd.exe /c rmdir "D:\Documents and Settings\RAMIN\Local Settings\Application Data\adawarebp" /s /q
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-220523388-1454471165-1801674531-1003\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-220523388-1454471165-1801674531-1003\..\Run: [FLBackup] D:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe (User '?')
O4 - HKUS\S-1-5-21-220523388-1454471165-1801674531-1003\..\Run: [RegistryMechanic] D:\Program Files\Registry Mechanic\RegMech.exe /H (User '?')
O4 - HKUS\S-1-5-21-220523388-1454471165-1801674531-1003\..\Run: [Messenger (Yahoo!)] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')
O4 - HKUS\S-1-5-21-220523388-1454471165-1801674531-1003\..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links by FlashGet3 - D:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
O8 - Extra context menu item: Download by FlashGet3 - D:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{0486C963-9945-4E8E-94A4-13AF090507B3}: NameServer = 4.2.2.4 209.190.74.89
O17 - HKLM\System\CS3\Services\Tcpip\..\{0486C963-9945-4E8E-94A4-13AF090507B3}: NameServer = 4.2.2.4 209.190.74.89
O23 - Service: Ad-Aware Service - Lavasoft Limited - D:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - D:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLService - NewSoftwares.net, Inc. - D:\WINDOWS\system32\WinFLService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - D:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - D:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - D:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

--
End of file - 11924 bytes


please help me
thank
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,905
Please download DDS by sUBs to your desktop from the following location:

http://download.bleepingcomputer.com/sUBs/dds.scr

Double-click the dds.scr file to run the program.

It will automatically run in silent mode and then you will see the following note:

"Two logs shall be created n your Desktop".

The logs will be named dds.txt and attach.txt.

Wait until the logs appear and then copy and paste their contents in your post.


Please download GMER from: http://www.gmer.net

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are unchecked on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the Scan button and when the scan is finished, click Save and save the log in Notepad with the name ark.txt to your desktop.

Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.

Open the ark.txt file and copy and paste the contents of the log here please.
 

zoono

Thread Starter
Joined
Feb 5, 2013
Messages
4
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by RAMIN at 18:23:41 on 2013-02-09
Microsoft Windows XP Professional 5.1.2600.3.1256.981.1033.18.2047.1340 [GMT 3.5:30]
.
.
============== Running Processes ================
.
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\WinFLService.exe
D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
D:\Program Files\Java\jre7\bin\jqs.exe
D:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\WinFLTray.exe
D:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe
D:\Program Files\NewSoftware's\Folder Lock\FLComServ.exe
D:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k NetworkService
D:\WINDOWS\system32\svchost.exe -k LocalService
D:\WINDOWS\system32\svchost.exe -k LocalService
D:\WINDOWS\system32\svchost.exe -k bthsvcs
D:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyOverride = local
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - d:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: Babylon IE plugin: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - d:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - d:\documents and settings\ramin\application data\flashgetbho\FlashGetBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\program files\java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - d:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
BHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - d:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - d:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - d:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
uRun: [CTFMON.EXE] d:\windows\system32\ctfmon.exe
uRun: [FlashGet 3] "d:\program files\flashget network\flashget 3\FlashGet3.exe" -minimize
uRun: [WinFLTray] d:\windows\system32\WinFLTray.exe
uRun: [FLBackup] d:\program files\newsoftware's\folder lock\FLComServCtrl.exe
uRun: [RegistryMechanic] d:\program files\registry mechanic\RegMech.exe /H
uRun: [Messenger (Yahoo!)] "d:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [nwiz] d:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [CanonMyPrinter] d:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] d:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [AVP] "d:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Ad-Aware Antivirus] "d:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: EnableLUA = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Anti-Banner - d:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: Download all links by FlashGet3 - d:\program files\flashget network\flashget 3\bho\fdgetallurl.htm
IE: Download by FlashGet3 - d:\program files\flashget network\flashget 3\bho\fdgeturl.htm
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon - d:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - d:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - d:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - d:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - d:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{A1D3E7C1-14E0-4FE3-839C-25AB10DDCFA6} : DHCPNameServer = 192.168.1.1 192.168.1.1
Notify: klogon - d:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\wpdshserviceobj.dll
IFEO: cmview.exe - "d:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
IFEO: excel.exe - "d:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
IFEO: msoxmled.exe - "d:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
IFEO: mstore.exe - "d:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
IFEO: outlook.exe - "d:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\ramin\application data\mozilla\firefox\profiles\q3qwdzbd.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: d:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: d:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: d:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - ExtSQL: 2012-12-19 15:08; [email protected]; d:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]
FF - ExtSQL: 2012-12-24 18:25; [email protected]; d:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]
FF - ExtSQL: 2012-12-24 18:25; [email protected]; d:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]
FF - ExtSQL: 2013-02-02 16:28; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; d:\documents and settings\ramin\application data\mozilla\firefox\profiles\q3qwdzbd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-02-04 15:21; [email protected]; d:\documents and settings\ramin\application data\mozilla\firefox\profiles\q3qwdzbd.default\extensions\[email protected]
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;d:\windows\system32\drivers\gfibto.sys [2013-2-4 13560]
R0 KL1;kl1;d:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R0 xfilt;VIA SATA IDE Hot-plug Driver;d:\windows\system32\drivers\xfilt.sys [2006-2-23 11264]
R1 kl2;kl2;d:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIF;Kaspersky Lab Driver;d:\windows\system32\drivers\klif.sys [2012-12-19 565552]
R1 WinFLAdrv;WinFLAdrv;d:\windows\system32\WinFLAdrv.sys [2012-10-30 29584]
R2 Ad-Aware Service;Ad-Aware Service;d:\program files\ad-aware antivirus\AdAwareService.exe [2012-12-14 1236968]
R2 AVP;Kaspersky Anti-Virus Service;d:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 206448]
R2 FLService;FLService;d:\windows\system32\WinFLService.exe [2012-10-30 91736]
R2 NEWDRIVER;NEWDRIVER;d:\windows\system32\WinVDEdrv6.sys [2012-10-30 188176]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;d:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-12-23 583640]
R2 StarWindServiceAE;StarWind AE Service;d:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-24 370688]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2011-12-8 1514304]
R2 WinVDEDrv;WinVDEDrv;d:\windows\system32\WinVDEdrv.sys [2012-10-30 228112]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;d:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-12-2 10064]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;d:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
S2 MBAMScheduler;MBAMScheduler;d:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-2 398184]
S2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-2 682344]
S2 SBAMSvc;Ad-Aware;d:\program files\ad-aware antivirus\SBAMSvc.exe [2012-9-20 3677000]
S3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2013-2-2 21104]
.
=============== Created Last 30 ================
.
2013-02-05 12:04:54 -------- d-----w- d:\program files\Trend Micro
2013-02-04 13:10:46 -------- d-----w- d:\documents and settings\all users\application data\Ad-Aware Antivirus
2013-02-04 12:40:14 -------- d-----w- d:\program files\Ad-Aware Antivirus
2013-02-04 12:38:41 44424 ----a-w- d:\windows\system32\sbbd.exe
2013-02-04 12:38:41 13560 ----a-w- d:\windows\system32\drivers\gfibto.sys
2013-02-04 12:21:08 -------- d-----w- d:\documents and settings\ramin\application data\LavasoftStatistics
2013-02-04 11:48:30 -------- d-----w- d:\documents and settings\ramin\application data\Ad-Aware Antivirus
2013-02-03 13:34:57 -------- d-----w- d:\program files\Yahoo!
2013-02-02 16:02:35 -------- d-----w- d:\documents and settings\ramin\application data\Malwarebytes
2013-02-02 16:02:15 -------- d-----w- d:\documents and settings\all users\application data\Malwarebytes
2013-02-02 16:02:14 21104 ----a-w- d:\windows\system32\drivers\mbam.sys
2013-02-02 16:02:14 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2013-02-02 11:53:34 31552 ----a-w- d:\windows\system32\TURegOpt.exe
2013-02-02 11:53:00 -------- d-----w- d:\documents and settings\ramin\application data\TuneUp Software
2013-02-02 11:52:35 -------- d-----w- d:\program files\TuneUp Utilities 2012
2013-02-02 11:29:17 -------- d-----w- d:\documents and settings\all users\application data\TuneUp Software
2013-02-01 16:13:52 -------- d-----w- d:\program files\Runtime Software
2013-02-01 15:50:35 -------- d-----w- d:\program files\CardRecovery
2013-02-01 15:21:04 -------- d-----w- d:\windows\Logs
2013-02-01 14:07:08 -------- d-----w- d:\program files\Support Tools
2013-01-31 13:25:16 221184 ----a-w- d:\windows\system32\wmpns.dll
2013-01-28 16:18:14 12160 -c--a-w- d:\windows\system32\dllcache\mouhid.sys
2013-01-28 16:18:14 12160 ----a-w- d:\windows\system32\drivers\mouhid.sys
2013-01-28 16:18:06 10368 -c--a-w- d:\windows\system32\dllcache\hidusb.sys
2013-01-28 16:18:06 10368 ----a-w- d:\windows\system32\drivers\hidusb.sys
2013-01-27 14:37:35 -------- d-----w- d:\program files\Alcohol Soft
2013-01-27 14:23:06 477240 ----a-w- d:\windows\system32\drivers\sptd.sys
2013-01-22 17:26:18 -------- d-----w- d:\program files\Data Doctor Recovery FAT
2013-01-22 16:46:45 -------- d-----w- d:\program files\SmartUndelete
2013-01-22 16:44:03 -------- d-----w- d:\windows\Transcend JetFlash Recovery Tool
2013-01-10 16:23:07 34308 ----a-w- d:\documents and settings\all users\application data\mazuki.dll
.
==================== Find3M ====================
.
2012-11-14 11:32:04 697272 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2012-11-14 11:32:03 73656 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 18:24:37.85 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 10/29/2012 6:02:20 PM
System Uptime: 2/9/2013 6:02:38 PM (0 hours ago)
.
Motherboard: | | 4CoreDual-VSTA
Processor: Intel(R) Pentium(R) D CPU 3.20GHz | CPUSocket | 3214/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 29 GiB total, 28.496 GiB free.
D: is FIXED (NTFS) - 47 GiB total, 30.335 GiB free.
E: is FIXED (NTFS) - 932 GiB total, 11.329 GiB free.
F: is FIXED (NTFS) - 932 GiB total, 28.607 GiB free.
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP52: 11/21/2012 4:43:15 PM - Installed Camera RAW Plug-In for EPSON Creativity Suite
RP53: 11/21/2012 4:43:19 PM - Installed Camera RAW Plug-In for EPSON Creativity Suite
RP54: 11/23/2012 5:48:40 PM - System Checkpoint
RP55: 11/26/2012 5:12:46 PM - System Checkpoint
RP56: 11/27/2012 5:28:02 PM - System Checkpoint
RP57: 11/28/2012 2:25:31 PM - First Restore Point
RP58: 11/29/2012 5:00:27 PM - System Checkpoint
RP59: 11/30/2012 5:34:05 PM - System Checkpoint
RP60: 12/1/2012 7:56:28 PM - System Checkpoint
RP61: 12/2/2012 9:54:15 PM - System Checkpoint
RP62: 12/3/2012 10:02:42 PM - System Checkpoint
RP63: 12/4/2012 10:51:34 PM - System Checkpoint
RP64: 12/5/2012 11:52:39 PM - System Checkpoint
RP65: 12/7/2012 12:51:34 AM - System Checkpoint
RP66: 12/8/2012 1:43:52 AM - System Checkpoint
RP67: 12/9/2012 2:43:51 AM - System Checkpoint
RP68: 12/10/2012 5:49:54 PM - System Checkpoint
RP69: 12/11/2012 6:02:39 PM - System Checkpoint
RP70: 12/12/2012 7:51:01 PM - System Checkpoint
RP71: 12/13/2012 8:41:34 PM - System Checkpoint
RP72: 12/14/2012 9:28:59 PM - System Checkpoint
RP73: 12/15/2012 9:31:23 PM - System Checkpoint
RP74: 12/17/2012 3:41:33 PM - System Checkpoint
RP75: 12/18/2012 4:42:15 PM - System Checkpoint
RP76: 12/19/2012 3:08:02 PM - Installed Kaspersky Internet Security 2012.
RP77: 12/20/2012 10:08:45 PM - System Checkpoint
RP78: 12/21/2012 10:10:05 PM - System Checkpoint
RP79: 12/22/2012 11:06:37 PM - System Checkpoint
RP80: 12/24/2012 12:06:36 AM - System Checkpoint
RP81: 12/25/2012 1:56:40 PM - System Checkpoint
RP82: 12/26/2012 2:02:44 PM - System Checkpoint
RP83: 12/27/2012 4:52:27 PM - System Checkpoint
RP84: 12/29/2012 3:17:21 PM - System Checkpoint
RP85: 12/30/2012 4:29:41 PM - System Checkpoint
RP86: 12/31/2012 4:35:13 PM - System Checkpoint
RP87: 1/1/2013 5:27:55 PM - System Checkpoint
RP88: 1/2/2013 5:36:21 PM - System Checkpoint
RP89: 1/4/2013 7:16:08 PM - System Checkpoint
RP90: 1/5/2013 7:54:06 PM - System Checkpoint
RP91: 1/7/2013 3:46:24 PM - System Checkpoint
RP92: 1/8/2013 5:17:27 PM - System Checkpoint
RP93: 1/10/2013 4:04:58 PM - System Checkpoint
RP94: 1/12/2013 10:13:22 PM - System Checkpoint
RP95: 1/13/2013 10:54:23 PM - System Checkpoint
RP96: 1/15/2013 1:43:06 PM - System Checkpoint
RP97: 1/17/2013 9:24:43 PM - System Checkpoint
RP98: 1/19/2013 3:07:11 PM - System Checkpoint
RP99: 1/20/2013 4:08:43 PM - System Checkpoint
RP100: 1/21/2013 4:13:46 PM - System Checkpoint
RP101: 1/22/2013 10:44:55 PM - System Checkpoint
RP102: 1/23/2013 11:42:23 PM - System Checkpoint
RP103: 1/25/2013 12:42:23 AM - System Checkpoint
RP104: 1/26/2013 1:42:22 AM - System Checkpoint
RP105: 1/27/2013 1:24:08 PM - System Checkpoint
RP106: 1/27/2013 5:53:06 PM - SPTD setup V1.81
RP107: 1/28/2013 7:38:46 PM - System Checkpoint
RP108: 1/30/2013 5:05:54 PM - System Checkpoint
RP109: 1/31/2013 5:17:43 PM - System Checkpoint
RP110: 2/1/2013 5:36:37 PM - Installed Windows Support Tools
RP111: 2/2/2013 3:22:29 PM - Installed TuneUp Utilities 2012
RP112: 2/3/2013 6:55:41 PM - System Checkpoint
RP113: 2/4/2013 9:59:05 PM - System Checkpoint
RP114: 2/6/2013 2:43:46 AM - System Checkpoint
RP115: 2/8/2013 10:58:43 PM - System Checkpoint
.
==== Image File Execution Options =============
.
IFEO: cmview.exe - "D:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO: excel.exe - "D:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO: msoxmled.exe - "D:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO: mstore.exe - "D:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO: outlook.exe - "D:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO: regmech.exe - "D:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO: unins000.exe - "D:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO: uninst.exe - "D:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO: winword.exe - "D:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO: Your Image File Name Here without a path - ntsd -d
.
==== Installed Programs ======================
.
ACDSee Pro 5
Ad-Aware Antivirus
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.1.5)
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AP Guitar Tuner 1.02
Babylon
BufferChm
Camera RAW Plug-In for EPSON Creativity Suite
Canon Easy-PhotoPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon iP4900 series On-screen Manual
Canon iP4900 series Printer Driver
Canon My Printer
Canon Solution Menu EX
CardRecovery 5.20
Classic Menu 3.x for Office 2007
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Panorama1Config
CueTour
D-Link DFE520TX
D-Link PCI Fast Ethernet Adapter
Data Doctor Recovery FAT 3.0.1.5
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DocProc
DocumentViewer
DocumentViewerQFolder
EPSON Attach To Email
EPSON Easy Photo Print
EPSON File Manager
EPSON Print CD
EPSON Printer Software
EPSON Scan Assistant
EPSON Stylus Photo R285_290 Manual
EPSON Web-To-Page
eSupportQFolder
FlashGet3.7
FullDPAppQFolder
GetDataBack for FAT
GetDataBack for NTFS
HijackThis 2.0.2
Hotfix for Windows XP (KB942288-v3)
HP Document Viewer 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Scanjet 4800 series
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
hpg4850
hpg4850QFolder
HPProductAssistant
InstantShareDevices
Java Auto Updater
Java(TM) 7
Kaspersky Internet Security 2012
LedEditor
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
Nero
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
PanoStandAlone
PDF Settings
PhotoGallery
Platform
RandMap
Realtek High Definition Audio Driver
Registry Mechanic 9.0
Scan
ScannerCopy
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB980195)
SING & SEE v1.28
SkinsHP1
SmartUndelete
SolutionCenter
Sonic_PrimoSDK
The KMPlayer (remove only)
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
UltraISO Premium V9.52
Update for Microsoft Windows (KB971513)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
VIA Platform Device Manager
VLC media player 2.0.0
WebFldrs XP
WebReg
Windows Support Tools
WinRAR 4.11 (32-bit)
WinSoftMEsti
XML Paper Specification Shared Components Pack 1.0
XP Codec Pack
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
2/9/2013 6:08:32 PM, error: System Error [1003] - Error code 100000d1, parameter1 7c414204, parameter2 00000002, parameter3 00000001, parameter4 8884ab9b.
2/9/2013 12:07:52 PM, error: System Error [1003] - Error code 100000d1, parameter1 13e8da28, parameter2 00000002, parameter3 00000000, parameter4 8823f8e6.
2/8/2013 7:02:06 PM, error: System Error [1003] - Error code 100000d1, parameter1 1606f9f5, parameter2 00000002, parameter3 00000001, parameter4 89edae8b.
2/6/2013 8:43:04 PM, error: Print [6161] - The document Cd2.el8 owned by RAMIN failed to print on printer Canon iP4900 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 24182784. Number of bytes printed: 24136368. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\RAMIN-1E96326AF. Win32 error code returned by the print processor: 13 (0xd).
2/6/2013 7:56:44 PM, error: Print [6161] - The document Cd1.el8 owned by RAMIN failed to print on printer Canon iP4900 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 24136424. Number of bytes printed: 24136368. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\RAMIN-1E96326AF. Win32 error code returned by the print processor: 13 (0xd).
2/4/2013 9:14:20 PM, error: Print [6161] - The document Driver3.el8 owned by RAMIN failed to print on printer Canon iP4900 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 24136432. Number of bytes printed: 24136368. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\RAMIN-1E96326AF. Win32 error code returned by the print processor: 13 (0xd).
2/3/2013 7:20:14 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001CF00CEA55 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/3/2013 4:40:49 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.
2/3/2013 4:40:40 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
2/3/2013 4:40:40 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/3/2013 3:27:17 PM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: All pipe instances are busy.
2/3/2013 3:27:17 PM, error: Service Control Manager [7000] - The Telephony service failed to start due to the following error: All pipe instances are busy.
2/3/2013 3:25:52 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
2/3/2013 3:25:22 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
2/2/2013 8:29:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde ViaIde viamraid
2/2/2013 8:27:47 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume4'. It has stopped monitoring the volume.
2/2/2013 8:25:25 PM, error: PlugPlayManager [11] - The device Root\LEGACY_AMSINT32\0000 disappeared from the system without first being prepared for removal.
2/2/2013 5:54:26 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Kaspersky Anti-Virus Service service, but this action failed with the following error: An instance of the service is already running.
2/2/2013 5:54:17 PM, error: Service Control Manager [7031] - The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
.
==== End Of File ===========================



GMER 2.0.18454 - http://www.gmer.net
Rootkit scan 2013-02-09 18:47:39
Windows 5.1.2600 Service Pack 3 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-1c Maxtor_4R080L0 rev.RAMC1TU0 76.34GB
Running: 4iry1if0.exe; Driver: D:\DOCUME~1\RAMIN\LOCALS~1\Temp\awpcqfod.sys


---- System - GMER 2.0 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB4C7EFBA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xB4C7F8B4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xB4C98AEE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xB4C7FE26]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xB4C7FD14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xB4C98E06]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcess [0xB4C80056]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcessEx [0xB4C8021E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xB4C7ED76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xB4C7FF3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB4C9A110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xB4C7F5E6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xB4C98ECE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xB4C8053C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xB4C93084]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xB4C9488E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xB4C7F8F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xB4C8153C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xB4C94088]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xB4C94A38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xB4C8062E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xB4C93BC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xB4C93E1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xB4C9A130]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xB4C9730A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xB4C7FEB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xB4C7FDA0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xB4C7F1F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xB4C8097E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xB4C7FFD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xB4C7F0E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwPlugPlayControl [0xB4C9A120]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xB4C92EB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xB4C94698]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryObject [0xB4C97500]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xB4C80EC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xB4C94488]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xB4C807CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xB4C93198]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xB4C9380C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xB4C99048]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xB4C98F96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xB4C990B4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xB4C93A14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xB4C813DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xB4C9333E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKeyEx [0xB4C934D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveMergedKeys [0xB4C93670]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xB4C98C76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xB4C7F756]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xB4C803E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xB4C81010]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xB4C94248]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xB4C81104]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xB4C8123E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xB4C8045E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xB4C7F392]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xB4C7F2EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xB4C80D78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xB4C7F47C]

INT 0x62 ? 8AB92CB8
INT 0x73 ? 8AB92CB8
INT 0x73 ? 8AB92CB8
INT 0x73 ? 8AA49F00
INT 0x73 ? 8AA49F00
INT 0x73 ? 8AB92CB8
INT 0x82 ? 8AB92CB8
INT 0x84 ? 8AA49F00
INT 0x94 ? 8AA49F00

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 2.0 ----

.text ntoskrnl.exe!ZwYieldExecution + 12E 804E4988 12 Bytes [06, 8E, C9, B4, 56, 00, C8, ...]
.text ntoskrnl.exe!ZwYieldExecution + 13E 804E4998 16 Bytes [76, ED, C7, B4, 3E, FF, C7, ...]
.text ntoskrnl.exe!ZwYieldExecution + 1FA 804E4A54 12 Bytes [2E, 06, C8, B4, C0, 3B, C9, ...]
.text ntoskrnl.exe!ZwYieldExecution + 276 804E4AD0 4 Bytes [E8, F0, C7, B4]
.text ntoskrnl.exe!ZwYieldExecution + 376 804E4BD0 16 Bytes [98, 31, C9, B4, 0C, 38, C9, ...]
.text ...
.text ntoskrnl.exe!IoIsOperationSynchronous 804EAFCE 5 Bytes JMP B4C71DCC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804F45B3 5 Bytes JMP B4C719F0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.sptd1 D:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xF75B2B2E]
.text D:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB76993A0, 0x585395, 0xE8000020]
.text USBPORT.SYS!DllUnload B75B68AC 5 Bytes JMP 8AA49410
? D:\Program Files\UltraISO\drivers\ISODrive.sys The system cannot find the file specified. !
? D:\DOCUME~1\RAMIN\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 2.0 ----

? D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[560] D:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
.text D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[560] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6AC91765 D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[560] D:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[560] USER32.dll!AlignRects 7E412A78 4 Bytes [E0, 13, 54, 67]
.text D:\Program Files\Mozilla Firefox\firefox.exe[1148] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 01553C70 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text D:\Program Files\Mozilla Firefox\firefox.exe[1148] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 018A6096 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text D:\Program Files\Mozilla Firefox\firefox.exe[1148] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 018A6073 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text D:\Program Files\Mozilla Firefox\firefox.exe[1148] kernel32.dll!ValidateLocale + B138 7C844930 7 Bytes JMP 0157553C D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text D:\Program Files\Mozilla Firefox\firefox.exe[1148] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 018A5FF4 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
? D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3928] D:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
.text D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3928] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6AC91765 D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3928] D:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3928] USER32.dll!AlignRects 7E412A78 4 Bytes [E0, 13, 54, 67]

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] D:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x93 0x5D 0x6D 0x46 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x23 0x8B 0x3E 0x8C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0xF3 0xD8 0x99 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x5F 0x2B 0xB0 0x63 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] D:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0x93 0x5D 0x6D 0x46 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x23 0x8B 0x3E 0x8C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0xF3 0xD8 0x99 0x00 ...

---- EOF - GMER 2.0 ----

Thank you for your regard.
 

zoono

Thread Starter
Joined
Feb 5, 2013
Messages
4
I receive blue screen also with:

Driver_IRQL_NOT_LESS_OR_EQUAL

0x000000D1 (0x13E8DA28, 0x00000002, 0x00000000, 0x8823F8E6)

with deferent value for last 4 groups, time to time.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,905
Have you recently installed any new hardware or updated drivers?
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,905
Please go here and download the TDSSKiller.exe to your desktop.
  • Double-click to TDSSKiller.exe on your desktop to run it.
  • Click on Start Scan
  • As we don't want to fix anything yet, if any malicious objects are detected, do NOT select Cure but select Skip instead.
It will produce a log once it finishes in the root drive which should look like this example:

C:\TDSSKiller.<version_date_time>log.txt

Please copy and paste the contents of that log in your next reply.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top