1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

My cpu usage is high

Discussion in 'Virus & Other Malware Removal' started by zoono, Feb 5, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. zoono

    zoono Thread Starter

    Joined:
    Feb 5, 2013
    Messages:
    4
    My system's cpu usage is 50-60 when i run any program as Nero(become burning) or kmplayer etse..
    but any my proccess not above 5-10. system idle process at 90% or so
    here is my HiJacklog:
    (sorry for my bad english)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:45:50 PM, on 2/5/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\RTHDCPL.EXE
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\WINDOWS\system32\rundll32.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\WINDOWS\system32\WinFLService.exe
    D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    D:\Program Files\Java\jre7\bin\jqs.exe
    D:\WINDOWS\system32\WinFLTray.exe
    D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    D:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe
    D:\Program Files\NewSoftware's\Folder Lock\FLComServ.exe
    D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    D:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
    D:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
    D:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
    O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
    O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - D:\Documents and Settings\RAMIN\Application Data\FlashGetBHO\FlashGetBHO.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [CanonSolutionMenuEx] D:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Ad-Aware Antivirus] "D:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [FlashGet 3] "D:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize
    O4 - HKCU\..\Run: [WinFLTray] D:\WINDOWS\system32\WinFLTray.exe
    O4 - HKCU\..\Run: [FLBackup] D:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe
    O4 - HKCU\..\Run: [RegistryMechanic] D:\Program Files\Registry Mechanic\RegMech.exe /H
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
    O4 - HKCU\..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f
    O4 - HKCU\..\RunOnce: [adawarebp_DATA_FOLDER] cmd.exe /c rmdir "D:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection" /s /q
    O4 - HKCU\..\RunOnce: [adawarebp_INSTALL_FOLDER] cmd.exe /c rmdir "D:\Documents and Settings\RAMIN\Local Settings\Application Data\adawarebp" /s /q
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-21-220523388-1454471165-1801674531-1003\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-220523388-1454471165-1801674531-1003\..\Run: [FLBackup] D:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe (User '?')
    O4 - HKUS\S-1-5-21-220523388-1454471165-1801674531-1003\..\Run: [RegistryMechanic] D:\Program Files\Registry Mechanic\RegMech.exe /H (User '?')
    O4 - HKUS\S-1-5-21-220523388-1454471165-1801674531-1003\..\Run: [Messenger (Yahoo!)] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')
    O4 - HKUS\S-1-5-21-220523388-1454471165-1801674531-1003\..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Download all links by FlashGet3 - D:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
    O8 - Extra context menu item: Download by FlashGet3 - D:\Program Files\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Translate this web page with Babylon - res://D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
    O8 - Extra context menu item: Translate with Babylon - res://D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
    O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
    O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
    O13 - Gopher Prefix:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0486C963-9945-4E8E-94A4-13AF090507B3}: NameServer = 4.2.2.4 209.190.74.89
    O17 - HKLM\System\CS3\Services\Tcpip\..\{0486C963-9945-4E8E-94A4-13AF090507B3}: NameServer = 4.2.2.4 209.190.74.89
    O23 - Service: Ad-Aware Service - Lavasoft Limited - D:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
    O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
    O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - D:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FLService - NewSoftwares.net, Inc. - D:\WINDOWS\system32\WinFLService.exe
    O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - D:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - D:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - D:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

    --
    End of file - 11924 bytes


    please help me
    thank
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,293
    Please download DDS by sUBs to your desktop from the following location:

    http://download.bleepingcomputer.com/sUBs/dds.scr

    Double-click the dds.scr file to run the program.

    It will automatically run in silent mode and then you will see the following note:

    "Two logs shall be created n your Desktop".

    The logs will be named dds.txt and attach.txt.

    Wait until the logs appear and then copy and paste their contents in your post.


    Please download GMER from: http://www.gmer.net

    Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

    Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.

    Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

    If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are unchecked on the right-hand side:

    IAT/EAT
    Any drive letter other than the primary system drive (which is generally C).

    Click the Scan button and when the scan is finished, click Save and save the log in Notepad with the name ark.txt to your desktop.

    Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.

    Open the ark.txt file and copy and paste the contents of the log here please.
     
  3. zoono

    zoono Thread Starter

    Joined:
    Feb 5, 2013
    Messages:
    4
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702
    Run by RAMIN at 18:23:41 on 2013-02-09
    Microsoft Windows XP Professional 5.1.2600.3.1256.981.1033.18.2047.1340 [GMT 3.5:30]
    .
    .
    ============== Running Processes ================
    .
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\WINDOWS\system32\WinFLService.exe
    D:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    D:\Program Files\Java\jre7\bin\jqs.exe
    D:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    D:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\RTHDCPL.EXE
    D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\WINDOWS\system32\WinFLTray.exe
    D:\Program Files\NewSoftware's\Folder Lock\FLComServCtrl.exe
    D:\Program Files\NewSoftware's\Folder Lock\FLComServ.exe
    D:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
    D:\WINDOWS\system32\wbem\wmiprvse.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\WINDOWS\System32\svchost.exe -k netsvcs
    D:\WINDOWS\system32\svchost.exe -k NetworkService
    D:\WINDOWS\system32\svchost.exe -k LocalService
    D:\WINDOWS\system32\svchost.exe -k LocalService
    D:\WINDOWS\system32\svchost.exe -k bthsvcs
    D:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uProxyOverride = local
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - d:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
    BHO: Babylon IE plugin: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - d:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll
    BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - d:\documents and settings\ramin\application data\flashgetbho\FlashGetBHO.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\program files\java\jre7\bin\jp2ssv.dll
    BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - d:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
    BHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - d:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - d:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - d:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    uRun: [CTFMON.EXE] d:\windows\system32\ctfmon.exe
    uRun: [FlashGet 3] "d:\program files\flashget network\flashget 3\FlashGet3.exe" -minimize
    uRun: [WinFLTray] d:\windows\system32\WinFLTray.exe
    uRun: [FLBackup] d:\program files\newsoftware's\folder lock\FLComServCtrl.exe
    uRun: [RegistryMechanic] d:\program files\registry mechanic\RegMech.exe /H
    uRun: [Messenger (Yahoo!)] "d:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [nwiz] d:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
    mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
    mRun: [CanonMyPrinter] d:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [CanonSolutionMenuEx] d:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
    mRun: [AVP] "d:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [Ad-Aware Antivirus] "d:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
    dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
    mPolicies-System: EnableLUA = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Add to Anti-Banner - d:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
    IE: Download all links by FlashGet3 - d:\program files\flashget network\flashget 3\bho\fdgetallurl.htm
    IE: Download by FlashGet3 - d:\program files\flashget network\flashget 3\bho\fdgeturl.htm
    IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Translate this web page with Babylon - d:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
    IE: Translate with Babylon - d:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - d:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - d:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - d:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    TCP: NameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{A1D3E7C1-14E0-4FE3-839C-25AB10DDCFA6} : DHCPNameServer = 192.168.1.1 192.168.1.1
    Notify: klogon - d:\windows\system32\klogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\wpdshserviceobj.dll
    IFEO: cmview.exe - "d:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
    IFEO: excel.exe - "d:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
    IFEO: msoxmled.exe - "d:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
    IFEO: mstore.exe - "d:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
    IFEO: outlook.exe - "d:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
    .
    Note: multiple IFEO entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - d:\documents and settings\ramin\application data\mozilla\firefox\profiles\q3qwdzbd.default\
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: d:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: d:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: d:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
    FF - plugin: d:\program files\java\jre7\bin\new_plugin\npjp2.dll
    FF - plugin: d:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
    FF - ExtSQL: 2012-12-19 15:08; [email protected]; d:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]
    FF - ExtSQL: 2012-12-24 18:25; [email protected]; d:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]
    FF - ExtSQL: 2012-12-24 18:25; [email protected]; d:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]
    FF - ExtSQL: 2013-02-02 16:28; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; d:\documents and settings\ramin\application data\mozilla\firefox\profiles\q3qwdzbd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF - ExtSQL: 2013-02-04 15:21; [email protected]; d:\documents and settings\ramin\application data\mozilla\firefox\profiles\q3qwdzbd.default\extensions\[email protected]
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-connections-per-server - 6
    FF - user.js: network.http.max-persistent-connections-per-server - 3
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 gfibto;gfibto;d:\windows\system32\drivers\gfibto.sys [2013-2-4 13560]
    R0 KL1;kl1;d:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
    R0 xfilt;VIA SATA IDE Hot-plug Driver;d:\windows\system32\drivers\xfilt.sys [2006-2-23 11264]
    R1 kl2;kl2;d:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
    R1 KLIF;Kaspersky Lab Driver;d:\windows\system32\drivers\klif.sys [2012-12-19 565552]
    R1 WinFLAdrv;WinFLAdrv;d:\windows\system32\WinFLAdrv.sys [2012-10-30 29584]
    R2 Ad-Aware Service;Ad-Aware Service;d:\program files\ad-aware antivirus\AdAwareService.exe [2012-12-14 1236968]
    R2 AVP;Kaspersky Anti-Virus Service;d:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 206448]
    R2 FLService;FLService;d:\windows\system32\WinFLService.exe [2012-10-30 91736]
    R2 NEWDRIVER;NEWDRIVER;d:\windows\system32\WinVDEdrv6.sys [2012-10-30 188176]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;d:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-12-23 583640]
    R2 StarWindServiceAE;StarWind AE Service;d:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-24 370688]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2011-12-8 1514304]
    R2 WinVDEDrv;WinVDEDrv;d:\windows\system32\WinVDEdrv.sys [2012-10-30 228112]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;d:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-12-2 10064]
    S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;d:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
    S2 MBAMScheduler;MBAMScheduler;d:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-2 398184]
    S2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-2 682344]
    S2 SBAMSvc;Ad-Aware;d:\program files\ad-aware antivirus\SBAMSvc.exe [2012-9-20 3677000]
    S3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2013-2-2 21104]
    .
    =============== Created Last 30 ================
    .
    2013-02-05 12:04:54 -------- d-----w- d:\program files\Trend Micro
    2013-02-04 13:10:46 -------- d-----w- d:\documents and settings\all users\application data\Ad-Aware Antivirus
    2013-02-04 12:40:14 -------- d-----w- d:\program files\Ad-Aware Antivirus
    2013-02-04 12:38:41 44424 ----a-w- d:\windows\system32\sbbd.exe
    2013-02-04 12:38:41 13560 ----a-w- d:\windows\system32\drivers\gfibto.sys
    2013-02-04 12:21:08 -------- d-----w- d:\documents and settings\ramin\application data\LavasoftStatistics
    2013-02-04 11:48:30 -------- d-----w- d:\documents and settings\ramin\application data\Ad-Aware Antivirus
    2013-02-03 13:34:57 -------- d-----w- d:\program files\Yahoo!
    2013-02-02 16:02:35 -------- d-----w- d:\documents and settings\ramin\application data\Malwarebytes
    2013-02-02 16:02:15 -------- d-----w- d:\documents and settings\all users\application data\Malwarebytes
    2013-02-02 16:02:14 21104 ----a-w- d:\windows\system32\drivers\mbam.sys
    2013-02-02 16:02:14 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
    2013-02-02 11:53:34 31552 ----a-w- d:\windows\system32\TURegOpt.exe
    2013-02-02 11:53:00 -------- d-----w- d:\documents and settings\ramin\application data\TuneUp Software
    2013-02-02 11:52:35 -------- d-----w- d:\program files\TuneUp Utilities 2012
    2013-02-02 11:29:17 -------- d-----w- d:\documents and settings\all users\application data\TuneUp Software
    2013-02-01 16:13:52 -------- d-----w- d:\program files\Runtime Software
    2013-02-01 15:50:35 -------- d-----w- d:\program files\CardRecovery
    2013-02-01 15:21:04 -------- d-----w- d:\windows\Logs
    2013-02-01 14:07:08 -------- d-----w- d:\program files\Support Tools
    2013-01-31 13:25:16 221184 ----a-w- d:\windows\system32\wmpns.dll
    2013-01-28 16:18:14 12160 -c--a-w- d:\windows\system32\dllcache\mouhid.sys
    2013-01-28 16:18:14 12160 ----a-w- d:\windows\system32\drivers\mouhid.sys
    2013-01-28 16:18:06 10368 -c--a-w- d:\windows\system32\dllcache\hidusb.sys
    2013-01-28 16:18:06 10368 ----a-w- d:\windows\system32\drivers\hidusb.sys
    2013-01-27 14:37:35 -------- d-----w- d:\program files\Alcohol Soft
    2013-01-27 14:23:06 477240 ----a-w- d:\windows\system32\drivers\sptd.sys
    2013-01-22 17:26:18 -------- d-----w- d:\program files\Data Doctor Recovery FAT
    2013-01-22 16:46:45 -------- d-----w- d:\program files\SmartUndelete
    2013-01-22 16:44:03 -------- d-----w- d:\windows\Transcend JetFlash Recovery Tool
    2013-01-10 16:23:07 34308 ----a-w- d:\documents and settings\all users\application data\mazuki.dll
    .
    ==================== Find3M ====================
    .
    2012-11-14 11:32:04 697272 ----a-w- d:\windows\system32\FlashPlayerApp.exe
    2012-11-14 11:32:03 73656 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 18:24:37.85 ===============



    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume3
    Install Date: 10/29/2012 6:02:20 PM
    System Uptime: 2/9/2013 6:02:38 PM (0 hours ago)
    .
    Motherboard: | | 4CoreDual-VSTA
    Processor: Intel(R) Pentium(R) D CPU 3.20GHz | CPUSocket | 3214/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 29 GiB total, 28.496 GiB free.
    D: is FIXED (NTFS) - 47 GiB total, 30.335 GiB free.
    E: is FIXED (NTFS) - 932 GiB total, 11.329 GiB free.
    F: is FIXED (NTFS) - 932 GiB total, 28.607 GiB free.
    G: is CDROM ()
    H: is CDROM ()
    I: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP52: 11/21/2012 4:43:15 PM - Installed Camera RAW Plug-In for EPSON Creativity Suite
    RP53: 11/21/2012 4:43:19 PM - Installed Camera RAW Plug-In for EPSON Creativity Suite
    RP54: 11/23/2012 5:48:40 PM - System Checkpoint
    RP55: 11/26/2012 5:12:46 PM - System Checkpoint
    RP56: 11/27/2012 5:28:02 PM - System Checkpoint
    RP57: 11/28/2012 2:25:31 PM - First Restore Point
    RP58: 11/29/2012 5:00:27 PM - System Checkpoint
    RP59: 11/30/2012 5:34:05 PM - System Checkpoint
    RP60: 12/1/2012 7:56:28 PM - System Checkpoint
    RP61: 12/2/2012 9:54:15 PM - System Checkpoint
    RP62: 12/3/2012 10:02:42 PM - System Checkpoint
    RP63: 12/4/2012 10:51:34 PM - System Checkpoint
    RP64: 12/5/2012 11:52:39 PM - System Checkpoint
    RP65: 12/7/2012 12:51:34 AM - System Checkpoint
    RP66: 12/8/2012 1:43:52 AM - System Checkpoint
    RP67: 12/9/2012 2:43:51 AM - System Checkpoint
    RP68: 12/10/2012 5:49:54 PM - System Checkpoint
    RP69: 12/11/2012 6:02:39 PM - System Checkpoint
    RP70: 12/12/2012 7:51:01 PM - System Checkpoint
    RP71: 12/13/2012 8:41:34 PM - System Checkpoint
    RP72: 12/14/2012 9:28:59 PM - System Checkpoint
    RP73: 12/15/2012 9:31:23 PM - System Checkpoint
    RP74: 12/17/2012 3:41:33 PM - System Checkpoint
    RP75: 12/18/2012 4:42:15 PM - System Checkpoint
    RP76: 12/19/2012 3:08:02 PM - Installed Kaspersky Internet Security 2012.
    RP77: 12/20/2012 10:08:45 PM - System Checkpoint
    RP78: 12/21/2012 10:10:05 PM - System Checkpoint
    RP79: 12/22/2012 11:06:37 PM - System Checkpoint
    RP80: 12/24/2012 12:06:36 AM - System Checkpoint
    RP81: 12/25/2012 1:56:40 PM - System Checkpoint
    RP82: 12/26/2012 2:02:44 PM - System Checkpoint
    RP83: 12/27/2012 4:52:27 PM - System Checkpoint
    RP84: 12/29/2012 3:17:21 PM - System Checkpoint
    RP85: 12/30/2012 4:29:41 PM - System Checkpoint
    RP86: 12/31/2012 4:35:13 PM - System Checkpoint
    RP87: 1/1/2013 5:27:55 PM - System Checkpoint
    RP88: 1/2/2013 5:36:21 PM - System Checkpoint
    RP89: 1/4/2013 7:16:08 PM - System Checkpoint
    RP90: 1/5/2013 7:54:06 PM - System Checkpoint
    RP91: 1/7/2013 3:46:24 PM - System Checkpoint
    RP92: 1/8/2013 5:17:27 PM - System Checkpoint
    RP93: 1/10/2013 4:04:58 PM - System Checkpoint
    RP94: 1/12/2013 10:13:22 PM - System Checkpoint
    RP95: 1/13/2013 10:54:23 PM - System Checkpoint
    RP96: 1/15/2013 1:43:06 PM - System Checkpoint
    RP97: 1/17/2013 9:24:43 PM - System Checkpoint
    RP98: 1/19/2013 3:07:11 PM - System Checkpoint
    RP99: 1/20/2013 4:08:43 PM - System Checkpoint
    RP100: 1/21/2013 4:13:46 PM - System Checkpoint
    RP101: 1/22/2013 10:44:55 PM - System Checkpoint
    RP102: 1/23/2013 11:42:23 PM - System Checkpoint
    RP103: 1/25/2013 12:42:23 AM - System Checkpoint
    RP104: 1/26/2013 1:42:22 AM - System Checkpoint
    RP105: 1/27/2013 1:24:08 PM - System Checkpoint
    RP106: 1/27/2013 5:53:06 PM - SPTD setup V1.81
    RP107: 1/28/2013 7:38:46 PM - System Checkpoint
    RP108: 1/30/2013 5:05:54 PM - System Checkpoint
    RP109: 1/31/2013 5:17:43 PM - System Checkpoint
    RP110: 2/1/2013 5:36:37 PM - Installed Windows Support Tools
    RP111: 2/2/2013 3:22:29 PM - Installed TuneUp Utilities 2012
    RP112: 2/3/2013 6:55:41 PM - System Checkpoint
    RP113: 2/4/2013 9:59:05 PM - System Checkpoint
    RP114: 2/6/2013 2:43:46 AM - System Checkpoint
    RP115: 2/8/2013 10:58:43 PM - System Checkpoint
    .
    ==== Image File Execution Options =============
    .
    IFEO: cmview.exe - "D:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IFEO: excel.exe - "D:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IFEO: msoxmled.exe - "D:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IFEO: mstore.exe - "D:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IFEO: outlook.exe - "D:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IFEO: regmech.exe - "D:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IFEO: unins000.exe - "D:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IFEO: uninst.exe - "D:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IFEO: winword.exe - "D:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
    IFEO: Your Image File Name Here without a path - ntsd -d
    .
    ==== Installed Programs ======================
    .
    ACDSee Pro 5
    Ad-Aware Antivirus
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader X (10.1.5)
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    AP Guitar Tuner 1.02
    Babylon
    BufferChm
    Camera RAW Plug-In for EPSON Creativity Suite
    Canon Easy-PhotoPrint EX
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon iP4900 series On-screen Manual
    Canon iP4900 series Printer Driver
    Canon My Printer
    Canon Solution Menu EX
    CardRecovery 5.20
    Classic Menu 3.x for Office 2007
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    CP_Package_Basic1
    CP_Panorama1Config
    CueTour
    D-Link DFE520TX
    D-Link PCI Fast Ethernet Adapter
    Data Doctor Recovery FAT 3.0.1.5
    Destinations
    DeviceFunctionQFolder
    DeviceManagementQFolder
    DocProc
    DocumentViewer
    DocumentViewerQFolder
    EPSON Attach To Email
    EPSON Easy Photo Print
    EPSON File Manager
    EPSON Print CD
    EPSON Printer Software
    EPSON Scan Assistant
    EPSON Stylus Photo R285_290 Manual
    EPSON Web-To-Page
    eSupportQFolder
    FlashGet3.7
    FullDPAppQFolder
    GetDataBack for FAT
    GetDataBack for NTFS
    HijackThis 2.0.2
    Hotfix for Windows XP (KB942288-v3)
    HP Document Viewer 5.3
    HP Image Zone 5.3
    HP Imaging Device Functions 5.3
    HP Scanjet 4800 series
    HP Software Update
    HP Solution Center & Imaging Support Tools 5.3
    hpg4850
    hpg4850QFolder
    HPProductAssistant
    InstantShareDevices
    Java Auto Updater
    Java(TM) 7
    Kaspersky Internet Security 2012
    LedEditor
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft .NET Framework 3.0 Service Pack 1
    Microsoft .NET Framework 3.5
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 18.0.2 (x86 en-US)
    Mozilla Maintenance Service
    Nero
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    PanoStandAlone
    PDF Settings
    PhotoGallery
    Platform
    RandMap
    Realtek High Definition Audio Driver
    Registry Mechanic 9.0
    Scan
    ScannerCopy
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB980195)
    SING & SEE v1.28
    SkinsHP1
    SmartUndelete
    SolutionCenter
    Sonic_PrimoSDK
    The KMPlayer (remove only)
    TuneUp Utilities 2012
    TuneUp Utilities Language Pack (en-US)
    UltraISO Premium V9.52
    Update for Microsoft Windows (KB971513)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB898461)
    VIA Platform Device Manager
    VLC media player 2.0.0
    WebFldrs XP
    WebReg
    Windows Support Tools
    WinRAR 4.11 (32-bit)
    WinSoftMEsti
    XML Paper Specification Shared Components Pack 1.0
    XP Codec Pack
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/9/2013 6:08:32 PM, error: System Error [1003] - Error code 100000d1, parameter1 7c414204, parameter2 00000002, parameter3 00000001, parameter4 8884ab9b.
    2/9/2013 12:07:52 PM, error: System Error [1003] - Error code 100000d1, parameter1 13e8da28, parameter2 00000002, parameter3 00000000, parameter4 8823f8e6.
    2/8/2013 7:02:06 PM, error: System Error [1003] - Error code 100000d1, parameter1 1606f9f5, parameter2 00000002, parameter3 00000001, parameter4 89edae8b.
    2/6/2013 8:43:04 PM, error: Print [6161] - The document Cd2.el8 owned by RAMIN failed to print on printer Canon iP4900 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 24182784. Number of bytes printed: 24136368. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\RAMIN-1E96326AF. Win32 error code returned by the print processor: 13 (0xd).
    2/6/2013 7:56:44 PM, error: Print [6161] - The document Cd1.el8 owned by RAMIN failed to print on printer Canon iP4900 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 24136424. Number of bytes printed: 24136368. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\RAMIN-1E96326AF. Win32 error code returned by the print processor: 13 (0xd).
    2/4/2013 9:14:20 PM, error: Print [6161] - The document Driver3.el8 owned by RAMIN failed to print on printer Canon iP4900 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 24136432. Number of bytes printed: 24136368. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\RAMIN-1E96326AF. Win32 error code returned by the print processor: 13 (0xd).
    2/3/2013 7:20:14 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001CF00CEA55 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    2/3/2013 4:40:49 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.
    2/3/2013 4:40:40 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    2/3/2013 4:40:40 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/3/2013 3:27:17 PM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: All pipe instances are busy.
    2/3/2013 3:27:17 PM, error: Service Control Manager [7000] - The Telephony service failed to start due to the following error: All pipe instances are busy.
    2/3/2013 3:25:52 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
    2/3/2013 3:25:22 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
    2/2/2013 8:29:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde ViaIde viamraid
    2/2/2013 8:27:47 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume4'. It has stopped monitoring the volume.
    2/2/2013 8:25:25 PM, error: PlugPlayManager [11] - The device Root\LEGACY_AMSINT32\0000 disappeared from the system without first being prepared for removal.
    2/2/2013 5:54:26 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Kaspersky Anti-Virus Service service, but this action failed with the following error: An instance of the service is already running.
    2/2/2013 5:54:17 PM, error: Service Control Manager [7031] - The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================



    GMER 2.0.18454 - http://www.gmer.net
    Rootkit scan 2013-02-09 18:47:39
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-1c Maxtor_4R080L0 rev.RAMC1TU0 76.34GB
    Running: 4iry1if0.exe; Driver: D:\DOCUME~1\RAMIN\LOCALS~1\Temp\awpcqfod.sys


    ---- System - GMER 2.0 ----

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB4C7EFBA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xB4C7F8B4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xB4C98AEE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xB4C7FE26]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xB4C7FD14]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xB4C98E06]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcess [0xB4C80056]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcessEx [0xB4C8021E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xB4C7ED76]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xB4C7FF3E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB4C9A110]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xB4C7F5E6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xB4C98ECE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xB4C8053C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xB4C93084]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xB4C9488E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xB4C7F8F6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xB4C8153C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xB4C94088]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xB4C94A38]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xB4C8062E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xB4C93BC0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xB4C93E1C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xB4C9A130]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xB4C9730A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xB4C7FEB8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xB4C7FDA0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xB4C7F1F4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xB4C8097E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xB4C7FFD0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xB4C7F0E8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwPlugPlayControl [0xB4C9A120]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xB4C92EB8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xB4C94698]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryObject [0xB4C97500]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xB4C80EC0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xB4C94488]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xB4C807CE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xB4C93198]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xB4C9380C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xB4C99048]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xB4C98F96]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xB4C990B4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xB4C93A14]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xB4C813DE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xB4C9333E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKeyEx [0xB4C934D4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveMergedKeys [0xB4C93670]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xB4C98C76]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xB4C7F756]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xB4C803E8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xB4C81010]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xB4C94248]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xB4C81104]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xB4C8123E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xB4C8045E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xB4C7F392]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xB4C7F2EA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xB4C80D78]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xB4C7F47C]

    INT 0x62 ? 8AB92CB8
    INT 0x73 ? 8AB92CB8
    INT 0x73 ? 8AB92CB8
    INT 0x73 ? 8AA49F00
    INT 0x73 ? 8AA49F00
    INT 0x73 ? 8AB92CB8
    INT 0x82 ? 8AB92CB8
    INT 0x84 ? 8AA49F00
    INT 0x94 ? 8AA49F00

    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

    ---- Kernel code sections - GMER 2.0 ----

    .text ntoskrnl.exe!ZwYieldExecution + 12E 804E4988 12 Bytes [06, 8E, C9, B4, 56, 00, C8, ...]
    .text ntoskrnl.exe!ZwYieldExecution + 13E 804E4998 16 Bytes [76, ED, C7, B4, 3E, FF, C7, ...]
    .text ntoskrnl.exe!ZwYieldExecution + 1FA 804E4A54 12 Bytes [2E, 06, C8, B4, C0, 3B, C9, ...]
    .text ntoskrnl.exe!ZwYieldExecution + 276 804E4AD0 4 Bytes [E8, F0, C7, B4]
    .text ntoskrnl.exe!ZwYieldExecution + 376 804E4BD0 16 Bytes [98, 31, C9, B4, 0C, 38, C9, ...]
    .text ...
    .text ntoskrnl.exe!IoIsOperationSynchronous 804EAFCE 5 Bytes JMP B4C71DCC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
    .text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804F45B3 5 Bytes JMP B4C719F0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
    .sptd1 D:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xF75B2B2E]
    .text D:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB76993A0, 0x585395, 0xE8000020]
    .text USBPORT.SYS!DllUnload B75B68AC 5 Bytes JMP 8AA49410
    ? D:\Program Files\UltraISO\drivers\ISODrive.sys The system cannot find the file specified. !
    ? D:\DOCUME~1\RAMIN\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 2.0 ----

    ? D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[560] D:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
    .text D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[560] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6AC91765 D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
    ? D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[560] D:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    .text D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[560] USER32.dll!AlignRects 7E412A78 4 Bytes [E0, 13, 54, 67]
    .text D:\Program Files\Mozilla Firefox\firefox.exe[1148] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 01553C70 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text D:\Program Files\Mozilla Firefox\firefox.exe[1148] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 018A6096 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text D:\Program Files\Mozilla Firefox\firefox.exe[1148] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 018A6073 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text D:\Program Files\Mozilla Firefox\firefox.exe[1148] kernel32.dll!ValidateLocale + B138 7C844930 7 Bytes JMP 0157553C D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text D:\Program Files\Mozilla Firefox\firefox.exe[1148] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 018A5FF4 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    ? D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3928] D:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
    .text D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3928] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6AC91765 D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
    ? D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3928] D:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    .text D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3928] USER32.dll!AlignRects 7E412A78 4 Bytes [E0, 13, 54, 67]

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] D:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x93 0x5D 0x6D 0x46 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x23 0x8B 0x3E 0x8C ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0xF3 0xD8 0x99 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x5F 0x2B 0xB0 0x63 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] D:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0x93 0x5D 0x6D 0x46 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x23 0x8B 0x3E 0x8C ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0xF3 0xD8 0x99 0x00 ...

    ---- EOF - GMER 2.0 ----

    Thank you for your regard.
     
  4. zoono

    zoono Thread Starter

    Joined:
    Feb 5, 2013
    Messages:
    4
    I receive blue screen also with:

    Driver_IRQL_NOT_LESS_OR_EQUAL

    0x000000D1 (0x13E8DA28, 0x00000002, 0x00000000, 0x8823F8E6)

    with deferent value for last 4 groups, time to time.
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,293
    Have you recently installed any new hardware or updated drivers?
     
  6. zoono

    zoono Thread Starter

    Joined:
    Feb 5, 2013
    Messages:
    4
    No!. any driver or etc.
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,293
    Please go here and download the TDSSKiller.exe to your desktop.
    • Double-click to TDSSKiller.exe on your desktop to run it.
    • Click on Start Scan
    • As we don't want to fix anything yet, if any malicious objects are detected, do NOT select Cure but select Skip instead.
    It will produce a log once it finishes in the root drive which should look like this example:

    C:\TDSSKiller.<version_date_time>log.txt

    Please copy and paste the contents of that log in your next reply.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1088278

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice