1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved GooGle Search Redirect

Discussion in 'Malware and Virus Removal Archive' started by Adashu, 2009/12/02.

Page 1 of 2
  1. 2009/12/02
    Adashu

    Adashu Inactive Thread Starter

    Joined:
    2009/12/02
    Messages:
    22
    Likes Received:
    0
    [Resolved] GooGle Search Redirect

    Hello
    i just join here and i have problem with my google redirect
    i always using firefox and here is my DDS and attach files
    sorry if my english not good


    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Administrator at 9:39:36.65 on 12/01/2009 Tue
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.1023.413 [GMT 7:00]

    AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files\FolderSize\FolderSizeSvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\CE100 Dialer\Driver\HaierDcService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Sandboxie\SbieCtrl.exe
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\CE100 Dialer\ICard.exe
    C:\Program Files\CE100 Dialer\IdleMng.exe
    C:\Program Files\CE100 Dialer\PcxSvr.exe
    C:\WINDOWS\system32\conime.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
    F:\Programs\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    F:\Programs\dds.EXE

    ============== Pseudo HJT Report ===============

    BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download

    manager\IDMIECC.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

    files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet

    security 2010\ievkbd.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6

    \bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet

    security 2010\klwtbbho.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6

    \lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe "
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe "
    mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
    mRun: [HaierDcService] c:\program files\ce100 dialer\driver\HaierDcService.exe
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe "
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
    IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky

    lab\kaspersky internet security 2010\klwtbbho.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky

    lab\kaspersky internet security 2010\klwtbbho.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-

    i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-

    i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-

    i586.cab
    TCP: {426DCFD6-E3FB-4A80-BDAE-176E41F9BC02} = 10.17.3.244 10.17.3.252
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: klogon - c:\windows\system32\klogon.dll
    AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\febeprof.adashu\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?

    ctid=CT2185003&SearchSource=3&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.animetake.com/recently-updated-episodes/
    FF - component: c:\documents and settings\administrator\application data\idm\idmmzcc3\components\idmmzcc.dll
    FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
    FF - plugin: c:\program files\opera 10 preview\program\plugins\npdsplay.dll
    FF - plugin: c:\program files\opera 10 preview\program\plugins\nppl3260.dll
    FF - plugin: c:\program files\opera 10 preview\program\plugins\nprpjplug.dll
    FF - plugin: c:\program files\opera 10 preview\program\plugins\NPSWF32.dll
    FF - plugin: c:\program files\opera 10 preview\program\plugins\npwmsdrm.dll

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

    ============= SERVICES / DRIVERS ===============

    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
    R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-11-29 315408]
    R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe

    [2009-10-20 340456]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
    R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-9-30 116736]
    R3 wirelessusbser;Wireless USB Device for Legacy Serial Communication;c:\windows\system32

    \drivers\3GDatausbser.sys [2009-11-29 102656]

    =============== Created Last 30 ================

    2009-11-30 14:22:59 0 d---a-w- C:\xampp
    2009-11-30 14:22:24 88481772 ----a-w- C:\xampp-win32-1.7.2_2.zip
    2009-11-30 09:44:23 0 d-----w- c:\program files\DeskPins
    2009-11-30 09:34:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Nero
    2009-11-30 09:29:26 0 d-----w- c:\program files\Nero
    2009-11-30 09:19:29 28672 ----a-w- c:\windows\system32\FolderWatcher.dll
    2009-11-30 09:19:29 17804 ----a-w- c:\windows\system32\shlctxmnu.tlb
    2009-11-30 09:19:29 11012 ----a-w- c:\windows\system32\threadapi.tlb
    2009-11-30 09:19:29 102400 ----a-w- c:\windows\system32\FlashRenHelper.dll
    2009-11-30 09:19:28 662288 ----a-w- c:\windows\system32\mscomct2.ocx
    2009-11-30 09:19:28 609824 ----a-w- c:\windows\system32\COMCTL32.ocx
    2009-11-30 09:19:28 164144 ----a-w- c:\windows\system32\COMCT232.ocx
    2009-11-30 09:19:28 152848 ----a-w- c:\windows\system32\Comdlg32.ocx
    2009-11-30 09:19:28 1081616 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2009-11-30 09:19:28 0 d-----w- c:\docume~1\alluse~1\applic~1\RL Vision
    2009-11-30 09:19:24 0 d-----w- c:\program files\Flash Renamer
    2009-11-30 07:25:48 0 d-----w- c:\program files\CoreCodec
    2009-11-30 06:16:18 0 d-----w- c:\program files\uTorrent
    2009-11-30 06:16:15 0 d-----w- c:\docume~1\admini~1\applic~1\uTorrent
    2009-11-30 05:13:38 0 d-----w- c:\program files\UltraISO
    2009-11-30 05:13:38 0 d-----w- c:\program files\common files\EZB Systems
    2009-11-30 04:42:54 0 d-----w- c:\program files\common files\Autodesk Shared
    2009-11-30 04:42:07 0 d-----w- c:\program files\Autodesk
    2009-11-29 06:33:17 135168 ----a-w- c:\windows\system32\DVDIFOFilter.dll
    2009-11-29 06:33:16 831488 ----a-w- c:\windows\system32\MpaDecFilter.ax
    2009-11-29 06:33:16 434176 ----a-w- c:\windows\system32\Mpeg2DecFilter.ax
    2009-11-29 06:33:15 376832 ----a-w- c:\windows\system32\AVAide_MpegSplitter.ax
    2009-11-29 06:32:55 0 d-----w- c:\windows\system32\filters
    2009-11-29 06:32:51 0 d-----w- c:\program files\Tipard Studio
    2009-11-29 06:21:07 0 d-----w- c:\program files\FreeTime
    2009-11-29 04:02:50 0 d-sh--w- c:\documents and settings\administrator\PrivacIE
    2009-11-29 04:00:52 0 d-----r- C:\Sandbox
    2009-11-29 03:48:02 1506 ----a-w- c:\windows\Sandboxie.ini
    2009-11-29 03:47:32 0 d-----w- c:\program files\Sandboxie
    2009-11-29 03:23:07 0 d-----w- c:\program files\Yahoo!
    2009-11-29 03:11:32 0 d-----w- c:\docume~1\admini~1\applic~1\MiniLyrics
    2009-11-29 03:11:05 0 d-----w- c:\program files\Minilyrics
    2009-11-29 03:09:59 0 d-----w- C:\Lyrics
    2009-11-29 02:55:27 0 d-----w- c:\program files\GungHo
    2009-11-29 02:07:07 95259 ----a-w- c:\windows\system32\drivers\klick.dat
    2009-11-29 02:07:07 108059 ----a-w- c:\windows\system32\drivers\klin.dat
    2009-11-29 02:05:55 0 d-----w- c:\program files\Kaspersky Lab
    2009-11-29 02:05:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
    2009-11-29 02:04:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
    2009-11-29 01:57:59 0 d-----w- c:\docume~1\admini~1\applic~1\IDM
    2009-11-29 01:57:58 0 d-----w- c:\docume~1\admini~1\applic~1\DMCache
    2009-11-29 01:57:55 0 d-----w- c:\program files\Internet Download Manager
    2009-11-29 01:54:06 0 d-----w- c:\program files\FolderSize
    2009-11-29 01:51:04 0 d-----w- c:\program files\CE100 Dialer
    2009-11-29 01:45:01 0 d-----w- c:\program files\common files\ODBC
    2009-11-29 01:44:58 0 d-----w- c:\program files\common files\SpeechEngines
    2009-11-29 01:44:31 0 d-----r- c:\documents and settings\all users\Documents
    2009-11-29 01:42:27 0 d-----w- c:\program files\K-Lite Codec Pack
    2009-11-29 01:39:38 0 d-----w- c:\program files\common files\ATI Technologies
    2009-11-29 01:35:47 0 d-----w- c:\program files\ATI Technologies
    2009-11-28 19:10:59 0 d-----w- c:\docume~1\admini~1\applic~1\Windows Desktop Search
    2009-11-28 18:58:51 0 d-sh--w- c:\documents and settings\all users\DRM
    2009-11-28 18:58:31 0 d--h--w- c:\program files\WindowsUpdate
    2009-11-28 18:58:15 0 d-----w- c:\program files\Windows Media Connect 2
    2009-11-28 18:57:44 0 d-----w- c:\program files\common files\MSSoap
    2009-11-28 18:55:32 0 d-----w- c:\program files\Online Services
    2009-11-28 18:55:03 0 d-----w- c:\program files\Windows Desktop Search
    2009-11-28 18:54:56 0 d-----w- c:\program files\MSXML 4.0
    2009-11-28 18:53:40 0 d-----w- c:\program files\Messenger
    2009-11-28 18:53:37 0 d-----w- c:\program files\MSN Gaming Zone
    2009-11-28 18:53:09 0 d-----w- c:\program files\Windows NT

    ==================== Find3M ====================

    2009-11-29 01:57:53 3081088 ----a-w- c:\windows\x32dott.exe
    2009-11-29 01:57:52 102400 ----a-w- c:\windows\x32dett.exe
    2009-11-28 19:05:52 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-11-28 18:55:55 21640 ----a-w- c:\windows\system32\emptyregdb.dat
    2009-11-09 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
    2009-10-20 12:34:56 219664 ----a-w- c:\windows\system32\klogon.dll
    2009-10-14 13:18:34 36880 ----a-w- c:\windows\system32\drivers\klbg.sys
    2009-10-02 11:39:44 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
    2009-09-09 10:43:08 210352 ----a-w- c:\windows\system32\idmmbc.dll

    ============= FINISH: 9:40:28.75 ===============





    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-12-01.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/29/2009 2:08:32 AM
    System Uptime: 12/1/2009 7:50:17 AM (2 hours ago)
    Processor: AMD Athlon(tm) 64 Processor 3000+ | Socket M2 | 1809/201mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 20 GiB total, 8.367 GiB free.
    D: is Removable
    E: is FIXED (NTFS) - 75 GiB total, 18.412 GiB free.
    F: is FIXED (NTFS) - 55 GiB total, 6.953 GiB free.
    G: is CDROM ()
    H: is CDROM ()
    I: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 11/29/2009 2:10:59 AM - System Checkpoint
    RP2: 11/29/2009 8:36:38 AM - Installed DirectX 9.0
    RP3: 11/29/2009 8:37:42 AM - Installed ATI Catalyst Control Center
    RP4: 11/29/2009 8:39:36 AM - Installed ATI Parental Control & Encoder
    RP5: 11/29/2009 8:54:05 AM - Installed Folder Size for Windows
    RP6: 11/29/2009 9:05:17 AM - Installed Kaspersky Internet Security 2010.
    RP7: 11/29/2009 9:55:26 AM - Installed Emil Chronicle Online
    RP8: 11/29/2009 10:23:48 AM - Installed Adobe Reader 9.
    RP9: 11/30/2009 11:41:16 AM - Installed Autodesk 3ds Max 9 32-bit

    ==== Installed Programs ======================

    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    ATI HYDRAVISION
    ATI Parental Control & Encoder
    Autodesk 3ds Max 9 32-bit
    CoreAVC Professional Edition (remove only)
    DataCard v2.0.0
    DeskPins (remove only)
    Emil Chronicle Online
    Flash Renamer 6.1
    Folder Size for Windows
    FormatFactory 2.10
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    Internet Download Manager
    Java(TM) 6 Update 13
    K-Lite Codec Pack 5.4.4 (Full)
    Kaspersky Internet Security 2010
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Visual C++ 2005 Redistributable
    Minilyrics(remove only)
    Mozilla Firefox (3.5.5)
    MSXML 4.0 SP3 Parser
    Nero Lite 9.2.6.0 Build.2.2
    Sandboxie 3.40
    Tipard MKV Video Converter
    UltraISO Premium V9.35
    WebFldrs XP
    Winamp
    Winamp Essentials Pack
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
    WinRAR archiver
    Yahoo! Messenger
    μTorrent

    ==== Event Viewer Messages From Past Week ========

    11/30/2009 8:25:04 PM, error: i8042prt [22] - Could not set the mouse sample rate.
    11/30/2009 7:22:43 PM, error: i8042prt [34] - An error occurred while trying to determine the number of mouse buttons.
    11/30/2009 5:52:39 PM, error: i8042prt [40] - An error occurred while trying to acquire the device ID of the mouse
    11/30/2009 2:31:47 PM, error: i8042prt [23] - Could not set the mouse resolution.
    11/29/2009 9:06:41 AM, error: PSched [14107] - QoS [Adapter NDISWANIP]: The Packet Scheduler could not initialize the virtual miniport with NDIS.
    11/29/2009 8:56:40 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +172793 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|10.13.3.44:123->207.46.232.182:123) is working properly.
    11/29/2009 2:08:56 AM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.

    ==== End Of File ===========================
     
    Adashu,
    #1
  2. 2009/12/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, disable "word wrap" in Notepad, because logs are hard to read.

    Please download [color= "#FF0000"]GooredFix[/color] from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
     
    broni,
    #2


  3. to hide this advert.

  4. 2009/12/02
    Adashu

    Adashu Inactive Thread Starter

    Joined:
    2009/12/02
    Messages:
    22
    Likes Received:
    0
    Here ..
    and just want to say the redirect problem does not always happen


    GooredFix by jpshortstuff (27.11.09.1)
    Log created at 12:02 on 01/12/2009 (Administrator)
    Firefox version 3.5.5 (en-US)

    ========== GooredScan ==========


    ========== GooredLog ==========

    C:\Program Files\Mozilla Firefox\extensions\
    linkfilter@kaspersky.ru [02:07 29/11/2009]
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [01:33 29/11/2009]

    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    "{20a82645-c095-46ed-80e3-08825760534b} "= "c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [19:03 28/11/2009]
    "jqs@sun.com "= "C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [19:05 28/11/2009]

    -=E.O.F=-
     
    Adashu,
    #3
  5. 2009/12/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Click Scan your Computer... button.
    * Click Scanning Preferences/Control Center... button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    ******************************************************************************************
    Due to a bug in Malwarebytes, you may see in MBAM's log following entries:
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi (Rootkit)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi (Rootkit)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi (Rootkit)
    DO NOT remove those entries!
    If you do, your computer will become UN-bootable.
    The issue has been fixed in the latest MBAM update, so, it's EXTREMELY important, you update MBAM before you run it.
    ****************************************************************************************

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #4
  6. 2009/12/03
    Adashu

    Adashu Inactive Thread Starter

    Joined:
    2009/12/02
    Messages:
    22
    Likes Received:
    0
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 12/01/2009 at 04:06 PM

    Application Version : 4.31.1000

    Core Rules Database Version : 4330
    Trace Rules Database Version: 2185
    a
    Scan type : Complete Scan
    Total Scan Time : 01:43:23

    Memory items scanned : 216
    Memory threats detected : 0
    Registry items scanned : 5500
    Registry threats detected : 0
    File items scanned : 74431
    File threats detected : 4

    Trojan.Agent/Gen-HackPatch
    C:\PROGRAM FILES\TIPARD STUDIO\TIPARD MKV VIDEO CONVERTER\TIPARD.MKV.VIDEO.CONVERTER.V3.2.20-PATCH.EXE
    F:\PROGRAMS_-_SPECIAL_-_ATI2 DI-DEL ANTIVIRUZ\TOOLS & UTILITIES\FLASH RENAMER V6.1 VIETHAK.COM\FLASH RENAMER V6.1\FLASH RENAMER V6.1 PATCH.EXE

    Trojan.Agent/Gen-Keygen
    F:\PROGRAMS\AUDIO & VIDEO & IMAGE SOFTWARE\BURN TO VCD DVD PLAYABLE WITH CONVERTXTODVD\VSO CONVERT X TO DVD 3.6.4.158\KEYGEN\KEYGEN.EXE
    F:\PROGRAMS_-_SPECIAL_-_ATI2 DI-DEL ANTIVIRUZ\AUDIO & VIDEO & IMAGE SOFTWARE\VSOCXTDVD3.8.0.193F CONVER TO DVD\VSO.SOFTWARE.CONVERTXTODVD.V3.MULTILINGUAL.WINALL.KEYGEN.ONLY-BRD\KEYGEN.EXE
     
    Adashu,
    #5
  7. 2009/12/03
    Adashu

    Adashu Inactive Thread Starter

    Joined:
    2009/12/02
    Messages:
    22
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.41
    Database version: 3284
    Windows 5.1.2600 Service Pack 3

    12/1/2009 6:03:00 PM
    mbam-log-2009-12-01 (18-02-53).txt

    Scan type: Full Scan (C:\|E:\|F:\|)
    Objects scanned: 174876
    Time elapsed: 1 hour(s), 31 minute(s), 11 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 14

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    E:\System Volume Information\_restore{1F831EEA-4CA1-493B-9C42-AC3124A8C05B}\RP4\A0001644.exe (Trojan.Agent) -> No action taken.
    E:\System Volume Information\_restore{1F831EEA-4CA1-493B-9C42-AC3124A8C05B}\RP4\A0001647.exe (Trojan.Agent) -> No action taken.
    E:\System Volume Information\_restore{1F831EEA-4CA1-493B-9C42-AC3124A8C05B}\RP4\A0001660.exe (Trojan.Agent) -> No action taken.
    E:\System Volume Information\_restore{C83B6708-1D9E-4EF3-9356-4A36618B7729}\RP1\A0001100.exe (Trojan.Agent) -> No action taken.
    E:\System Volume Information\_restore{F1D2CBD3-D5FD-4FEF-B4CC-697C84CA500E}\RP7\A0001838.exe (Trojan.Agent) -> No action taken.
    E:\System Volume Information\_restore{F1D2CBD3-D5FD-4FEF-B4CC-697C84CA500E}\RP7\A0001841.exe (Trojan.Agent) -> No action taken.
    E:\System Volume Information\_restore{F1D2CBD3-D5FD-4FEF-B4CC-697C84CA500E}\RP7\A0001854.exe (Trojan.Agent) -> No action taken.
    E:\W3.1,22\warcraft3 keygen.exe (Trojan.Agent) -> No action taken.
    F:\Programs_-_Special_-_Ati2 Di-del AntiViruz\Audio & Video & Image Software\MiniLyrics 6.6333.exe\keygen.exe (Trojan.Agent) -> No action taken.
    F:\Programs_-_Special_-_Ati2 Di-del AntiViruz\Tools & Utilities\Explorer.View.4.4.0.949\GetData.Explorer.View.for.Windows.Explorer.v4.4.0.949.Incl.Keymaker-ROGUE\ROGUE\keygen\keygen.exe (Malware.Packer) -> No action taken.
    F:\Programs_-_Special_-_Ati2 Di-del AntiViruz\Tools & Utilities\FILESEE.6.50\FILESEE.6.50\KGN\keygen.exe (Malware.Packer) -> No action taken.
    F:\System Volume Information\_restore{C83B6708-1D9E-4EF3-9356-4A36618B7729}\RP1\A0001116.exe (Malware.Packer) -> No action taken.
    F:\System Volume Information\_restore{C83B6708-1D9E-4EF3-9356-4A36618B7729}\RP1\A0001119.exe (Malware.Packer) -> No action taken.
    F:\System Volume Information\_restore{C83B6708-1D9E-4EF3-9356-4A36618B7729}\RP1\A0001134.exe (Trojan.Agent) -> No action taken.
     
    Adashu,
    #6
  8. 2009/12/03
    Adashu

    Adashu Inactive Thread Starter

    Joined:
    2009/12/02
    Messages:
    22
    Likes Received:
    0
    GMER 1.0.15.15252 - http://www.gmer.net
    Rootkit scan 2009-12-03 19:52:45
    Windows 5.1.2600 Service Pack 3
    Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxpyiaow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xEE2A558C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xEE2A5E0C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xEE2A6922]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xEE2A6E94]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xEE2A60EE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xEE2A4436]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xEE2A6D6C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xEE2A5192]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xEE2A6C28]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xEE2A534E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xEE2A6FC6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xEE2A8C08]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xEE2A5AAA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xEE2A6CCA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xEE2A85FA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xEE2A49FA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xEE2A4D88]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xEE2A6576]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xEE2A95CA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xEE2A4ECA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xEE2A4F74]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xEE2A6382]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xEE2A868C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xEE2A4412]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xEE2A4424]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xEE2A8CBC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xEE2A50C0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xEE2A6F36]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xEE2A5E8E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xEE2A45DC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xEE2A6E04]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xEE2A5792]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xEE2A8C32]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xEE2A7068]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xEE2A56B6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xEE2A501E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xEE2A4C46]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xEE2A8FD4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xEE2A4896]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xEE2A8922]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xEE2A4B0E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xEE2A42B0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xEE2A73F2]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xEE2A72B8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xEE2A839A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xEE2ABE2C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xEE2A94AC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xEE2A4248]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xEE2A665C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xEE2A5CC8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xEE2A7C4A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xEE2A8786]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xEE2A9114]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xEE2A471E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xEE2A91F8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xEE2A9320]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xEE2A8526]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xEE2A590A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xEE2A5860]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xEE2A8E8A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xEE2A59EA]

    Code 856D0B0C ZwRequestPort
    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous
    Code 856D0B0B NtRequestPort

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9FA0 5 Bytes JMP EE29A4DC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
    .text ntkrnlpa.exe!IoIsOperationSynchronous 804EE87E 5 Bytes JMP EE29A8B6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
    .text ntkrnlpa.exe!ZwCallbackReturn + 242C 80501C64 16 Bytes [4E, 53, 2A, EE, C6, 6F, 2A, ...]
    .text ntkrnlpa.exe!ZwCallbackReturn + 24E8 80501D20 12 Bytes [8C, 86, 2A, EE, 12, 44, 2A, ...] {MOV WORD [ESI+0x4412ee2a], ES; SUB CH, DH; AND AL, 0x44; SUB CH, DH}
    .text ntkrnlpa.exe!ZwCallbackReturn + 2664 80501E9C 16 Bytes [0E, 4B, 2A, EE, B0, 42, 2A, ...]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2758 80501F90 12 Bytes [F8, 91, 2A, EE, 20, 93, 2A, ...] {CLC ; XCHG ECX, EAX; SUB CH, DH; AND [EBX-0x7ad911d6], DL; SUB CH, DH}
    .text ntkrnlpa.exe!ZwCallbackReturn + 27B8 80501FF0 4 Bytes JMP 3CEE2A59
    PAGE ntkrnlpa.exe!NtRequestPort 80597E0E 5 Bytes JMP 856D0B10
    .text win32k.sys!EngSetLastError + 7794 BF824076 5 Bytes JMP 856D0610
    .text win32k.sys!EngStretchBltROP + 605B BF896F97 5 Bytes JMP 856D09D0
    .text win32k.sys!FONTOBJ_pxoGetXform + 5449 BF8B522A 5 Bytes JMP 856D06B0
    .text win32k.sys!EngCreateClip + 19C1 BF91299C 5 Bytes JMP 856D0A70
    .text win32k.sys!EngCreateClip + 2597 BF913572 5 Bytes JMP 856D07F0

    ---- User code sections - GMER 1.0.15 ----

    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [70, 11, 33, 6D]
    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [70, 11, 33, 6D]

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [EDD80820] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [EDD80820] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
     
    Adashu,
    #7
  9. 2009/12/03
    Adashu

    Adashu Inactive Thread Starter

    Joined:
    2009/12/02
    Messages:
    22
    Likes Received:
    0
    GMER 1.0.15.15252 - http://www.gmer.net
    Rootkit scan 2009-12-03 19:52:45
    Windows 5.1.2600 Service Pack 3
    Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxpyiaow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xEE2A558C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xEE2A5E0C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xEE2A6922]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xEE2A6E94]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xEE2A60EE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xEE2A4436]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xEE2A6D6C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xEE2A5192]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xEE2A6C28]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xEE2A534E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xEE2A6FC6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xEE2A8C08]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xEE2A5AAA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xEE2A6CCA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xEE2A85FA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xEE2A49FA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xEE2A4D88]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xEE2A6576]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xEE2A95CA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xEE2A4ECA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xEE2A4F74]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xEE2A6382]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xEE2A868C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xEE2A4412]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xEE2A4424]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xEE2A8CBC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xEE2A50C0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xEE2A6F36]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xEE2A5E8E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xEE2A45DC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xEE2A6E04]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xEE2A5792]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xEE2A8C32]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xEE2A7068]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xEE2A56B6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xEE2A501E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xEE2A4C46]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xEE2A8FD4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xEE2A4896]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xEE2A8922]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xEE2A4B0E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xEE2A42B0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xEE2A73F2]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xEE2A72B8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xEE2A839A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xEE2ABE2C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xEE2A94AC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xEE2A4248]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xEE2A665C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xEE2A5CC8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xEE2A7C4A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xEE2A8786]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xEE2A9114]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xEE2A471E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xEE2A91F8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xEE2A9320]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xEE2A8526]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xEE2A590A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xEE2A5860]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xEE2A8E8A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xEE2A59EA]

    Code 856D0B0C ZwRequestPort
    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous
    Code 856D0B0B NtRequestPort

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9FA0 5 Bytes JMP EE29A4DC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
    .text ntkrnlpa.exe!IoIsOperationSynchronous 804EE87E 5 Bytes JMP EE29A8B6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
    .text ntkrnlpa.exe!ZwCallbackReturn + 242C 80501C64 16 Bytes [4E, 53, 2A, EE, C6, 6F, 2A, ...]
    .text ntkrnlpa.exe!ZwCallbackReturn + 24E8 80501D20 12 Bytes [8C, 86, 2A, EE, 12, 44, 2A, ...] {MOV WORD [ESI+0x4412ee2a], ES; SUB CH, DH; AND AL, 0x44; SUB CH, DH}
    .text ntkrnlpa.exe!ZwCallbackReturn + 2664 80501E9C 16 Bytes [0E, 4B, 2A, EE, B0, 42, 2A, ...]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2758 80501F90 12 Bytes [F8, 91, 2A, EE, 20, 93, 2A, ...] {CLC ; XCHG ECX, EAX; SUB CH, DH; AND [EBX-0x7ad911d6], DL; SUB CH, DH}
    .text ntkrnlpa.exe!ZwCallbackReturn + 27B8 80501FF0 4 Bytes JMP 3CEE2A59
    PAGE ntkrnlpa.exe!NtRequestPort 80597E0E 5 Bytes JMP 856D0B10
    .text win32k.sys!EngSetLastError + 7794 BF824076 5 Bytes JMP 856D0610
    .text win32k.sys!EngStretchBltROP + 605B BF896F97 5 Bytes JMP 856D09D0
    .text win32k.sys!FONTOBJ_pxoGetXform + 5449 BF8B522A 5 Bytes JMP 856D06B0
    .text win32k.sys!EngCreateClip + 19C1 BF91299C 5 Bytes JMP 856D0A70
    .text win32k.sys!EngCreateClip + 2597 BF913572 5 Bytes JMP 856D07F0

    ---- User code sections - GMER 1.0.15 ----

    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [70, 11, 33, 6D]
    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [70, 11, 33, 6D]

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [EDD80820] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [EDD80820] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
     
    Last edited: 2009/12/03
    Adashu,
    #8
  10. 2009/12/03
    Adashu

    Adashu Inactive Thread Starter

    Joined:
    2009/12/02
    Messages:
    22
    Likes Received:
    0
    cant post all of it. i split into 3 or 4 part i think
    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 003C0240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 003C02B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 003C0320
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 003C0390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 00DD0860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 00DD08D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 00DD0940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00DD09B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00DD0A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00DD0A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 003C0630
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 003C06A0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 003C0710
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 003C0780
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 003C07F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00DD0B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00DD0B70
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00DD0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 003C0860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00DD0C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00DD0CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00DD0D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00DD0DA0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00DD0E10
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] 003C09B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 003C0A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 003C0A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 003C0B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 003C0B70
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00DD0E80
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 00DD0EF0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 00DD0F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F0550
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7D1F05C0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7D1F0630
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 003C0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 003C0C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 7D1F06A0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 003C0CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 7D1F0710
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0780
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 7D1F07F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7D1F08D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7D1F09B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F0A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 003C0EF0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 003C0F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 7D1F0B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0B70
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7D1F0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7D1F0C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7D1E0400
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 00DE0240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00DE02B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00DE0320
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00DE0390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00DE0400
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 00DE0470
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 00DE04E0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 00DE0550
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7D1E0940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 7D1E09B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 7D1E0A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7D1E0B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 00DE05C0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 7D1E0CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 7D1E0D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7D1E0EF0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00DE0710
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00DE0780
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00DE07F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 00DE0860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00DE08D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00DE0940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00DE09B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7D1E0F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00DE0A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00DE0A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] 00DE0B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 003D0010
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00DE0B70
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00DE0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00DE0C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 00DE0CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00DE0D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00DE0DA0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 00DE0E10
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 00DE0E80
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00DE0EF0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 003D0080
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 003D00F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00DE0F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00DF0010
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00DF0080
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00DF00F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00DF0160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00DF01D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00DF0240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 00DF02B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 003D0390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00DF0320
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00DF0390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 00DF0400
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 003D0400
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00DF0470
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 003D0470
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 00E00A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 00E00B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 00E00B70
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 00E00BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 00E10010
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 00E10080
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] 00E100F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7D1E01D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 00E10160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 00E101D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 00E10240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 00E102B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 00E10320
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00E10390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0400
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0010
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7D1E0240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7D1E01D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1004] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6138AA53] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6138A985] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6138A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6138A9C5] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6138989A] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6138AA53] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6138A985] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6138A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6138A9C5] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6138989A] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6138AA05] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6138AA53] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6138A9C5] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6138A985] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6138A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61389F96] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61389F96] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [613897D5] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61389704] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61389742] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6138989A] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6138A985] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6138A9C5] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [6138A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6138AA53] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6138AA05] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61389935] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61389742] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61389F96] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [613897D5] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61389F96] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [613898A0] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61389704] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6138A985] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[1416] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [6138A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
     
    Adashu,
    #9
  11. 2009/12/03
    Adashu

    Adashu Inactive Thread Starter

    Joined:
    2009/12/02
    Messages:
    22
    Likes Received:
    0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 003C0240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 003C02B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 003C0320
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 003C0390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 00BF0860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 00BF08D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 00BF0940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00BF09B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00BF0A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BF0A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 003C0630
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 003C06A0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 003C0710
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 003C0780
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 003C07F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00BF0B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00BF0B70
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00BF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 003C0860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BF0C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00BF0CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00BF0D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00BF0DA0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00BF0E10
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] 003C09B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 003C0A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 003C0A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 003C0B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 003C0B70
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BF0E80
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 00BF0EF0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 00BF0F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F0550
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7D1F05C0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7D1F0630
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 003C0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 003C0C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 7D1F06A0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 003C0CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 7D1F0710
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0780
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 7D1F07F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7D1F08D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7D1F09B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F0A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 003C0EF0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 003C0F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 7D1F0B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0B70
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7D1F0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7D1F0C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7D1E0400
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 00C00240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C002B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00C00320
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00C00390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00C00400
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 00C00470
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 00C004E0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 00C00550
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7D1E0940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 7D1E09B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 7D1E0A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7D1E0B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 00C005C0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 7D1E0CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 7D1E0D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7D1E0EF0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C00710
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00C00780
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00C007F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 00C00860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00C008D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00C00940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00C009B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7D1E0F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00C00A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00C00A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] 00C00B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 003D0010
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C00B70
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00C00BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00C00C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 00C00CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00C00D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00C00DA0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 00C00E10
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 00C00E80
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00C00EF0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 003D0080
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 003D00F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00C00F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00C10010
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00C10080
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00C100F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00C10160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00C101D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00C10240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 00C102B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 003D0390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00C10320
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00C10390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 00C10400
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 003D0400
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C10470
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 003D0470
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 00C20780
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 00C207F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 00C20860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 00C208D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 00C20CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 00C20D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] 00C20DA0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7D1E01D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 00C20E10
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 00C20E80
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 00C20EF0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 00C20F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 00C30010
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C30080
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0400
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0010
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7D1E0240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7D1E01D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapDestroy] 7D1E0240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7D1E0010
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 7D1F0320
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 7D1F0390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F01D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualFree] 7D1E0320
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualAlloc] 7D1E02B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 7D1F0400
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] 7D1E01D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 7D1F0470
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 7D1F0390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2024] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F01D0

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo
    Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@FriendlyName Indeo? video 5.10 Compression Filter
    Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
    Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@FilterData 0x02 0x00 0x00 0x00 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@EncoderType 1

    ---- Files - GMER 1.0.15 ----

    File C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\bases\av\emu\ForDiff\emu-0607g.xml.dif 510 bytes

    ---- EOF - GMER 1.0.15 ----
     
    Adashu,
    #10
  12. 2009/12/03
    Adashu

    Adashu Inactive Thread Starter

    Joined:
    2009/12/02
    Messages:
    22
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:20:02 PM, on 12/3/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\CE100 Dialer\Driver\HaierDcService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Sandboxie\SbieCtrl.exe
    C:\Program Files\FolderSize\FolderSizeSvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\CE100 Dialer\ICard.exe
    C:\Program Files\CE100 Dialer\IdleMng.exe
    C:\Program Files\CE100 Dialer\PcxSvr.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe "
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [HaierDcService] C:\Program Files\CE100 Dialer\Driver\HaierDcService.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe "
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O13 - Gopher Prefix:
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{426DCFD6-E3FB-4A80-BDAE-176E41F9BC02}: NameServer = 10.17.3.244 10.17.3.252
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

    --
    End of file - 6750 bytes

    ok I've done all of it
     
    Adashu,
    #11
  13. 2009/12/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Malwarebytes log says "No action taken" after each line.
    You either didn't fix the issues, or you posted the log from before the fixes.
    Please, correct the problem.
     
    broni,
    #12
  14. 2009/12/03
    Adashu

    Adashu Inactive Thread Starter

    Joined:
    2009/12/02
    Messages:
    22
    Likes Received:
    0
    ah i got 2 logs before and afer action taken
    this is the after
    Malwarebytes' Anti-Malware 1.41
    Database version: 3284
    Windows 5.1.2600 Service Pack 3

    12/1/2009 6:16:52 PM
    mbam-log-2009-12-01 (18-16-52).txt

    Scan type: Full Scan (C:\|E:\|F:\|)
    Objects scanned: 174876
    Time elapsed: 1 hour(s), 31 minute(s), 11 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 14

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    E:\System Volume Information\_restore{1F831EEA-4CA1-493B-9C42-AC3124A8C05B}\RP4\A0001644.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    E:\System Volume Information\_restore{1F831EEA-4CA1-493B-9C42-AC3124A8C05B}\RP4\A0001647.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    E:\System Volume Information\_restore{1F831EEA-4CA1-493B-9C42-AC3124A8C05B}\RP4\A0001660.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    E:\System Volume Information\_restore{C83B6708-1D9E-4EF3-9356-4A36618B7729}\RP1\A0001100.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    E:\System Volume Information\_restore{F1D2CBD3-D5FD-4FEF-B4CC-697C84CA500E}\RP7\A0001838.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    E:\System Volume Information\_restore{F1D2CBD3-D5FD-4FEF-B4CC-697C84CA500E}\RP7\A0001841.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    E:\System Volume Information\_restore{F1D2CBD3-D5FD-4FEF-B4CC-697C84CA500E}\RP7\A0001854.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    E:\W3.1,22\warcraft3 keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    F:\Programs_-_Special_-_Ati2 Di-del AntiViruz\Audio & Video & Image Software\MiniLyrics 6.6333.exe\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    F:\Programs_-_Special_-_Ati2 Di-del AntiViruz\Tools & Utilities\Explorer.View.4.4.0.949\GetData.Explorer.View.for.Windows.Explorer.v4.4.0.949.Incl.Keymaker-ROGUE\ROGUE\keygen\keygen.exe (Malware.Packer) -> Quarantined and deleted successfully.
    F:\Programs_-_Special_-_Ati2 Di-del AntiViruz\Tools & Utilities\FILESEE.6.50\FILESEE.6.50\KGN\keygen.exe (Malware.Packer) -> Quarantined and deleted successfully.
    F:\System Volume Information\_restore{C83B6708-1D9E-4EF3-9356-4A36618B7729}\RP1\A0001116.exe (Malware.Packer) -> Quarantined and deleted successfully.
    F:\System Volume Information\_restore{C83B6708-1D9E-4EF3-9356-4A36618B7729}\RP1\A0001119.exe (Malware.Packer) -> Quarantined and deleted successfully.
    F:\System Volume Information\_restore{C83B6708-1D9E-4EF3-9356-4A36618B7729}\RP1\A0001134.exe (Trojan.Agent) -> Quarantined and deleted successfully.
     
    Adashu,
    #13
  15. 2009/12/03
    Adashu

    Adashu Inactive Thread Starter

    Joined:
    2009/12/02
    Messages:
    22
    Likes Received:
    0
    btw my windows keep pop me up about update
    and i'm not sure i have install it or not
    the popup says "updating your computer is almost complete ... Do you want to restart your computer now? "
    is that okay since the task you give me said not to change anything on my computer?
     
    Adashu,
    #14
  16. 2009/12/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes, please finish update installation.
    How is redirection issue?
     
    broni,
    #15
  17. 2009/12/03
    Adashu

    Adashu Inactive Thread Starter

    Joined:
    2009/12/02
    Messages:
    22
    Likes Received:
    0
    Adashu,
    #16
  18. 2009/12/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Please, never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE. If Combofix asks you to install Recovery Console, please allow it.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #17
  19. 2009/12/03
    Adashu

    Adashu Inactive Thread Starter

    Joined:
    2009/12/02
    Messages:
    22
    Likes Received:
    0
    ComboFix 09-12-03.04 - Administrator 4/2009 Fri 10:14.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.1023.660 [GMT 7:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\ATI Technologies\ATI.ACE\atIAcmxx.dll

    .
    ((((((((((((((((((((((((( Files Created from 2009-11-04 to 2009-12-04 )))))))))))))))))))))))))))))))
    .

    2009-12-03 23:30 . 2009-12-03 23:38 -------- d-----w- c:\windows\ie8updates
    2009-12-03 23:29 . 2009-12-03 23:42 -------- d--h--w- c:\windows\$hf_mig$
    2009-12-03 15:22 . 2009-08-04 13:54 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-12-03 15:22 . 2009-08-04 13:56 2189312 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2009-12-03 15:22 . 2009-08-04 13:17 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2009-12-03 15:14 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2009-12-03 15:14 . 2009-08-29 08:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2009-12-03 15:14 . 2009-08-29 08:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2009-12-03 15:14 . 2009-08-29 08:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2009-12-03 15:14 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2009-12-03 15:14 . 2009-08-29 08:08 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2009-12-03 15:07 . 2009-06-09 15:21 2067968 -c----w- c:\windows\system32\dllcache\mstscax.dll
    2009-12-03 11:37 . 2009-12-03 11:37 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
    2009-12-03 11:37 . 2009-12-03 11:37 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
    2009-12-01 10:14 . 2001-08-17 06:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
    2009-12-01 10:14 . 2001-08-17 06:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2009-12-01 10:14 . 2008-04-13 17:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
    2009-12-01 10:14 . 2008-04-13 17:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2009-12-01 09:21 . 2009-12-01 09:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2009-12-01 09:21 . 2009-09-10 07:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-01 09:21 . 2009-12-01 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-12-01 09:21 . 2009-12-01 09:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-12-01 09:21 . 2009-09-10 07:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-01 07:14 . 2009-12-01 07:14 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-12-01 07:11 . 2009-12-01 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-12-01 07:11 . 2009-12-01 07:11 -------- d-----w- c:\program files\SUPERAntiSpyware
    2009-12-01 07:11 . 2009-12-01 07:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    2009-12-01 07:10 . 2009-12-01 07:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-11-30 14:22 . 2009-08-05 17:00 -------- d---a-w- C:\xampp
    2009-11-30 14:22 . 2009-11-30 14:05 88481772 ----a-w- C:\xampp-win32-1.7.2_2.zip
    2009-11-30 11:09 . 2009-12-01 10:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
    2009-11-30 09:44 . 2009-11-30 09:44 -------- d-----w- c:\program files\DeskPins
    2009-11-30 09:34 . 2009-11-30 10:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nero
    2009-11-30 09:34 . 2009-11-30 09:34 -------- d-----w- c:\program files\Common Files\Nero
    2009-11-30 09:34 . 2009-11-30 09:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
    2009-11-30 09:33 . 2008-11-13 16:46 2373416 ----a-w- c:\documents and settings\All Users\Application Data\Nero\Nero\DrWeb\DrWeb32.dll
    2009-11-30 09:33 . 2008-11-13 16:33 2373416 ----a-w- c:\documents and settings\All Users\Application Data\Nero\Nero 9\DrWeb\DrWeb32.dll
    2009-11-30 09:29 . 2009-11-30 09:33 -------- d-----w- c:\program files\Nero
    2009-11-30 09:19 . 2008-07-09 13:42 102400 ----a-w- c:\windows\system32\FlashRenHelper.dll
    2009-11-30 09:19 . 2006-05-28 07:59 28672 ----a-w- c:\windows\system32\FolderWatcher.dll
    2009-11-30 09:19 . 2009-11-30 09:19 -------- d-----w- c:\documents and settings\All Users\Application Data\RL Vision
    2009-11-30 09:19 . 2009-11-30 09:23 -------- d-----w- c:\program files\Flash Renamer
    2009-11-30 07:25 . 2009-11-30 07:25 -------- d-----w- c:\program files\CoreCodec
    2009-11-30 06:16 . 2009-11-30 06:16 -------- d-----w- c:\program files\uTorrent
    2009-11-30 06:16 . 2009-11-30 10:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
    2009-11-30 05:13 . 2009-11-30 05:13 -------- d-----w- c:\program files\UltraISO
    2009-11-30 05:13 . 2009-11-30 05:13 -------- d-----w- c:\program files\Common Files\EZB Systems
    2009-11-30 04:47 . 2009-11-30 04:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Autodesk
    2009-11-30 04:42 . 2009-11-30 04:46 -------- d-----w- c:\program files\Common Files\Autodesk Shared
    2009-11-30 04:42 . 2009-11-30 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
    2009-11-30 04:42 . 2009-11-30 04:42 -------- d-----w- c:\program files\Autodesk
    2009-11-29 06:33 . 2009-03-27 03:09 135168 ----a-w- c:\windows\system32\DVDIFOFilter.dll
    2009-11-29 06:32 . 2009-11-29 06:32 -------- d-----w- c:\windows\system32\filters
    2009-11-29 06:32 . 2009-11-29 06:32 -------- d-----w- c:\program files\Tipard Studio
    2009-11-29 06:21 . 2009-11-29 06:21 -------- d-----w- c:\program files\FreeTime
    2009-11-29 04:02 . 2009-11-29 04:02 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2009-11-29 04:00 . 2009-11-29 04:00 -------- d-----r- C:\Sandbox
    2009-11-29 03:47 . 2009-11-29 03:47 -------- d-----w- c:\program files\Sandboxie
    2009-11-29 03:27 . 2009-11-29 03:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Yahoo
    2009-11-29 03:26 . 2009-11-29 03:26 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2009-11-29 03:25 . 2009-11-29 03:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
    2009-11-29 03:25 . 2009-08-18 10:38 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
    2009-11-29 03:23 . 2009-11-29 03:24 -------- d-----w- c:\program files\Common Files\Adobe
    2009-11-29 03:23 . 2009-11-29 03:25 -------- d-----w- c:\program files\Yahoo!
    2009-11-29 03:11 . 2009-12-04 02:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\MiniLyrics
    2009-11-29 03:11 . 2009-11-29 03:11 -------- d-----w- c:\program files\Minilyrics
    2009-11-29 03:09 . 2009-12-01 10:57 -------- d-----w- C:\Lyrics
    2009-11-29 02:55 . 2008-08-04 09:44 1060808 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.adashu\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\cache\megauper.exe
    2009-11-29 02:55 . 2009-11-29 02:55 -------- d-----w- c:\program files\GungHo
    2009-11-29 02:52 . 2009-11-29 02:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
    2009-11-29 02:28 . 2009-11-29 02:28 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
    2009-11-29 02:28 . 2009-11-29 02:28 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
    2009-11-29 02:28 . 2009-11-29 02:28 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
    2009-11-29 02:28 . 2009-11-29 02:28 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
    2009-11-29 02:28 . 2009-11-29 02:28 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
    2009-11-29 02:09 . 2009-11-29 02:09 3149464 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\idmupdt.exe
    2009-11-29 02:07 . 2009-11-29 02:07 95259 ----a-w- c:\windows\system32\drivers\klick.dat
    2009-11-29 02:07 . 2009-11-29 02:07 108059 ----a-w- c:\windows\system32\drivers\klin.dat
    2009-11-29 02:05 . 2009-12-04 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2009-11-29 02:05 . 2009-11-29 02:05 -------- d-----w- c:\program files\Kaspersky Lab
    2009-11-29 02:04 . 2009-11-29 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-04 03:22 . 2009-11-29 01:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache
    2009-11-29 05:17 . 2009-11-29 01:57 -------- d-----w- c:\program files\Internet Download Manager
    2009-11-29 03:35 . 2009-11-29 01:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\IDM
    2009-11-29 03:01 . 2009-11-29 01:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
    2009-11-29 02:55 . 2009-11-29 01:35 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-11-29 01:58 . 2009-11-29 01:58 198064 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
    2009-11-29 01:57 . 2009-11-29 01:57 3081088 ----a-w- c:\windows\x32dott.exe
    2009-11-29 01:54 . 2009-11-29 01:54 -------- d-----w- c:\program files\FolderSize
    2009-11-29 01:51 . 2009-11-29 01:51 -------- d-----w- c:\program files\CE100 Dialer
    2009-11-29 01:46 . 2009-11-29 01:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
    2009-11-29 01:45 . 2009-11-29 01:45 34616 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-29 01:44 . 2009-11-29 01:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI
    2009-11-29 01:44 . 2009-11-29 01:44 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
    2009-11-29 01:42 . 2009-11-29 01:42 0 ----a-w- c:\windows\nsreg.dat
    2009-11-29 01:42 . 2009-11-29 01:42 -------- d-----w- c:\program files\K-Lite Codec Pack
    2009-11-29 01:39 . 2009-11-29 01:39 -------- d-----w- c:\program files\Common Files\ATI Technologies
    2009-11-29 01:37 . 2009-11-29 01:35 -------- d-----w- c:\program files\ATI Technologies
    2009-11-29 01:37 . 2009-11-29 01:35 -------- d-----w- c:\program files\Common Files\InstallShield
    2009-11-29 01:37 . 2009-11-29 01:34 -------- d-----w- c:\program files\Winamp
    2009-11-29 01:30 . 2009-11-28 18:55 -------- d-----w- c:\program files\Windows Desktop Search
    2009-11-28 19:26 . 2009-11-28 18:59 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2009-11-28 19:10 . 2009-11-28 19:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
    2009-11-28 19:06 . 2009-11-28 19:06 -------- d-----w- c:\program files\microsoft frontpage
    2009-11-28 19:05 . 2009-11-28 19:06 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-11-28 19:05 . 2009-11-28 19:05 -------- d-----w- c:\program files\Java
    2009-11-28 19:03 . 2009-11-28 19:03 94248 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2009-11-28 19:02 . 2009-11-28 19:02 -------- d-----w- c:\program files\MSBuild
    2009-11-28 19:02 . 2009-11-28 19:02 -------- d-----w- c:\program files\Reference Assemblies
    2009-11-28 18:58 . 2009-11-28 18:58 -------- d-----w- c:\program files\Windows Media Connect 2
    2009-11-28 18:55 . 2009-11-28 18:55 21640 ----a-w- c:\windows\system32\emptyregdb.dat
    2009-11-28 18:54 . 2009-11-28 18:54 -------- d-----w- c:\program files\MSXML 4.0
    2009-11-14 13:06 . 2009-11-14 13:06 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
    2009-11-09 18:00 . 2009-11-29 01:42 85504 ----a-w- c:\windows\system32\ff_vfw.dll
    2009-10-20 12:34 . 2009-10-20 12:34 219664 ----a-w- c:\windows\system32\klogon.dll
    2009-10-14 13:18 . 2009-10-14 13:18 36880 ----a-w- c:\windows\system32\drivers\klbg.sys
    2009-10-02 11:39 . 2009-10-02 11:39 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
    2009-09-14 06:42 . 2009-09-14 06:42 32272 ----a-w- c:\windows\system32\drivers\klim5.sys
    2009-09-11 14:13 . 2009-01-23 19:05 136704 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-09 11:01 . 2009-09-09 11:01 27675 ----a-w- c:\windows\system32\drivers\klopp.dat
    2009-09-09 10:43 . 2009-11-26 15:41 210352 ----a-w- c:\windows\system32\idmmbc.dll
    .

    ------- Sigcheck -------

    [-] 2009-04-18 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

    [-] 2009-04-18 . C951DB3D9B6EF3CF4B82454D30A8BF59 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IDMan "= "c:\program files\Internet Download Manager\IDMan.exe" [2009-11-11 3171760]
    "Messenger (Yahoo!) "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-08-18 5137648]
    "SandboxieControl "= "c:\program files\Sandboxie\SbieCtrl.exe" [2009-09-30 387584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay" [X]
    "IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
    "PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "WinampAgent "= "c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
    "HaierDcService "= "c:\program files\CE100 Dialer\Driver\HaierDcService.exe" [2009-08-11 96768]
    "AVP "= "c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
    "Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
    "SoundMan "= "SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-10-24 90112]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 07:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=

    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 8:18 PM 36880]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 1:42 PM 32272]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 6:39 PM 19472]
    R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [9/30/2009 4:15 PM 116736]
    R3 wirelessusbser;Wireless USB Device for Legacy Serial Communication;c:\windows\system32\drivers\3GDatausbser.sys [11/29/2009 8:51 AM 102656]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    TCP: {426DCFD6-E3FB-4A80-BDAE-176E41F9BC02} = 10.17.3.244 10.17.3.252
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.adashu\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2185003&SearchSource=3&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.animetake.com/recently-updated-episodes/
    FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-04 10:22
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1708537768-602609370-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2f,0c,cc,7a,62,b0,12,43,9e,d8,c6,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2f,0c,cc,7a,62,b0,12,43,9e,d8,c6,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    "scansk "=hex(0):cc,47,44,4d,37,d9,67,46,29,65,d8,c6,23,bc,1f,2c,c4,d6,0a,c0,e2,
    35,45,c5,42,30,86,57,21,c9,3d,2f,08,a8,35,fd,ba,8d,82,81,00,00,00,00,00,00,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d6b848da-8c41-4301-8103-c2455e07ae1e}]
    @Denied: (Full) (Everyone)
    "Model "=dword:00000151
    "Therad "=dword:00000006
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(672)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(3980)
    c:\windows\system32\WININET.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\SUPERAntiSpyware\SASSEH.DLL
    c:\program files\Internet Download Manager\IDMIECC.dll
    c:\program files\Internet Download Manager\idmmkb.dll
    c:\program files\FolderSize\FolderSizeColumn.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    c:\program files\FolderSize\FolderSizeSvc.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Sandboxie\SbieSvc.exe
    c:\program files\ATI Technologies\ATI.ACE\cli.exe
    c:\program files\ATI Technologies\ATI.ACE\cli.exe
    c:\program files\ATI Technologies\ATI.ACE\cli.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2009-12-04 10:27 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-12-04 03:27

    Pre-Run: 8,231,600,128 bytes free
    Post-Run: 8,205,086,720 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - FAD8C38A2CB3F9458851E363E69E9E08




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:28:46 AM, on 12/4/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Program Files\FolderSize\FolderSizeSvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Sandboxie\SbieCtrl.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\conime.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe "
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [HaierDcService] C:\Program Files\CE100 Dialer\Driver\HaierDcService.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe "
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{426DCFD6-E3FB-4A80-BDAE-176E41F9BC02}: NameServer = 10.17.3.244 10.17.3.252
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

    --
    End of file - 6105 bytes
     
    Adashu,
    #18
  20. 2009/12/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
c:\windows\x32dott.exe


Folder::

Driver::

Registry::

RegLockDel::

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
    • A new HijackThis log.
     
    broni,
    #19
  21. 2009/12/03
    Adashu

    Adashu Inactive Thread Starter

    Joined:
    2009/12/02
    Messages:
    22
    Likes Received:
    0
    ComboFix 09-12-03.04 - Administrator 4/2009 Fri 11:46.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.1023.666 [GMT 7:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
    AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

    FILE ::
    "c:\windows\x32dott.exe "
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\x32dott.exe

    .
    ((((((((((((((((((((((((( Files Created from 2009-11-04 to 2009-12-04 )))))))))))))))))))))))))))))))
    .

    2009-12-03 23:30 . 2009-12-03 23:38 -------- d-----w- c:\windows\ie8updates
    2009-12-03 23:29 . 2009-12-03 23:42 -------- d--h--w- c:\windows\$hf_mig$
    2009-12-03 15:22 . 2009-08-04 13:54 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-12-03 15:22 . 2009-08-04 13:56 2189312 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2009-12-03 15:22 . 2009-08-04 13:17 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2009-12-03 15:14 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2009-12-03 15:14 . 2009-08-29 08:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2009-12-03 15:14 . 2009-08-29 08:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2009-12-03 15:14 . 2009-08-29 08:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2009-12-03 15:14 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2009-12-03 15:14 . 2009-08-29 08:08 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2009-12-03 15:07 . 2009-06-09 15:21 2067968 -c----w- c:\windows\system32\dllcache\mstscax.dll
    2009-12-03 11:37 . 2009-12-03 11:37 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
    2009-12-03 11:37 . 2009-12-03 11:37 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
    2009-12-01 10:14 . 2001-08-17 06:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
    2009-12-01 10:14 . 2001-08-17 06:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2009-12-01 10:14 . 2008-04-13 17:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
    2009-12-01 10:14 . 2008-04-13 17:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2009-12-01 09:21 . 2009-12-01 09:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2009-12-01 09:21 . 2009-09-10 07:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-01 09:21 . 2009-12-01 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-12-01 09:21 . 2009-12-01 09:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-12-01 09:21 . 2009-09-10 07:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-01 07:14 . 2009-12-01 07:14 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-12-01 07:11 . 2009-12-01 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-12-01 07:11 . 2009-12-01 07:11 -------- d-----w- c:\program files\SUPERAntiSpyware
    2009-12-01 07:11 . 2009-12-01 07:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    2009-12-01 07:10 . 2009-12-01 07:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-11-30 14:22 . 2009-08-05 17:00 -------- d---a-w- C:\xampp
    2009-11-30 14:22 . 2009-11-30 14:05 88481772 ----a-w- C:\xampp-win32-1.7.2_2.zip
    2009-11-30 11:09 . 2009-12-01 10:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
    2009-11-30 09:44 . 2009-11-30 09:44 -------- d-----w- c:\program files\DeskPins
    2009-11-30 09:34 . 2009-11-30 10:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nero
    2009-11-30 09:34 . 2009-11-30 09:34 -------- d-----w- c:\program files\Common Files\Nero
    2009-11-30 09:34 . 2009-11-30 09:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
    2009-11-30 09:33 . 2008-11-13 16:46 2373416 ----a-w- c:\documents and settings\All Users\Application Data\Nero\Nero\DrWeb\DrWeb32.dll
    2009-11-30 09:33 . 2008-11-13 16:33 2373416 ----a-w- c:\documents and settings\All Users\Application Data\Nero\Nero 9\DrWeb\DrWeb32.dll
    2009-11-30 09:29 . 2009-11-30 09:33 -------- d-----w- c:\program files\Nero
    2009-11-30 09:19 . 2008-07-09 13:42 102400 ----a-w- c:\windows\system32\FlashRenHelper.dll
    2009-11-30 09:19 . 2006-05-28 07:59 28672 ----a-w- c:\windows\system32\FolderWatcher.dll
    2009-11-30 09:19 . 2009-11-30 09:19 -------- d-----w- c:\documents and settings\All Users\Application Data\RL Vision
    2009-11-30 09:19 . 2009-11-30 09:23 -------- d-----w- c:\program files\Flash Renamer
    2009-11-30 07:25 . 2009-11-30 07:25 -------- d-----w- c:\program files\CoreCodec
    2009-11-30 06:16 . 2009-11-30 06:16 -------- d-----w- c:\program files\uTorrent
    2009-11-30 06:16 . 2009-11-30 10:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
    2009-11-30 05:13 . 2009-11-30 05:13 -------- d-----w- c:\program files\UltraISO
    2009-11-30 05:13 . 2009-11-30 05:13 -------- d-----w- c:\program files\Common Files\EZB Systems
    2009-11-30 04:47 . 2009-11-30 04:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Autodesk
    2009-11-30 04:42 . 2009-11-30 04:46 -------- d-----w- c:\program files\Common Files\Autodesk Shared
    2009-11-30 04:42 . 2009-11-30 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
    2009-11-30 04:42 . 2009-11-30 04:42 -------- d-----w- c:\program files\Autodesk
    2009-11-29 06:33 . 2009-03-27 03:09 135168 ----a-w- c:\windows\system32\DVDIFOFilter.dll
    2009-11-29 06:32 . 2009-11-29 06:32 -------- d-----w- c:\windows\system32\filters
    2009-11-29 06:32 . 2009-11-29 06:32 -------- d-----w- c:\program files\Tipard Studio
    2009-11-29 06:21 . 2009-11-29 06:21 -------- d-----w- c:\program files\FreeTime
    2009-11-29 04:02 . 2009-11-29 04:02 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2009-11-29 04:00 . 2009-11-29 04:00 -------- d-----r- C:\Sandbox
    2009-11-29 03:47 . 2009-11-29 03:47 -------- d-----w- c:\program files\Sandboxie
    2009-11-29 03:27 . 2009-11-29 03:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Yahoo
    2009-11-29 03:26 . 2009-11-29 03:26 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2009-11-29 03:25 . 2009-11-29 03:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
    2009-11-29 03:25 . 2009-08-18 10:38 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
    2009-11-29 03:23 . 2009-11-29 03:24 -------- d-----w- c:\program files\Common Files\Adobe
    2009-11-29 03:23 . 2009-11-29 03:25 -------- d-----w- c:\program files\Yahoo!
    2009-11-29 03:11 . 2009-12-04 02:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\MiniLyrics
    2009-11-29 03:11 . 2009-11-29 03:11 -------- d-----w- c:\program files\Minilyrics
    2009-11-29 03:09 . 2009-12-01 10:57 -------- d-----w- C:\Lyrics
    2009-11-29 02:55 . 2008-08-04 09:44 1060808 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.adashu\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\cache\megauper.exe
    2009-11-29 02:55 . 2009-11-29 02:55 -------- d-----w- c:\program files\GungHo
    2009-11-29 02:52 . 2009-11-29 02:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
    2009-11-29 02:28 . 2009-11-29 02:28 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
    2009-11-29 02:28 . 2009-11-29 02:28 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
    2009-11-29 02:28 . 2009-11-29 02:28 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
    2009-11-29 02:28 . 2009-11-29 02:28 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
    2009-11-29 02:28 . 2009-11-29 02:28 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
    2009-11-29 02:09 . 2009-11-29 02:09 3149464 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\idmupdt.exe
    2009-11-29 02:07 . 2009-11-29 02:07 95259 ----a-w- c:\windows\system32\drivers\klick.dat
    2009-11-29 02:07 . 2009-11-29 02:07 108059 ----a-w- c:\windows\system32\drivers\klin.dat
    2009-11-29 02:05 . 2009-12-04 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2009-11-29 02:05 . 2009-11-29 02:05 -------- d-----w- c:\program files\Kaspersky Lab
    2009-11-29 02:04 . 2009-11-29 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-04 03:22 . 2009-11-29 01:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache
    2009-11-29 05:17 . 2009-11-29 01:57 -------- d-----w- c:\program files\Internet Download Manager
    2009-11-29 03:35 . 2009-11-29 01:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\IDM
    2009-11-29 03:01 . 2009-11-29 01:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
    2009-11-29 02:55 . 2009-11-29 01:35 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-11-29 01:58 . 2009-11-29 01:58 198064 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
    2009-11-29 01:54 . 2009-11-29 01:54 -------- d-----w- c:\program files\FolderSize
    2009-11-29 01:51 . 2009-11-29 01:51 -------- d-----w- c:\program files\CE100 Dialer
    2009-11-29 01:46 . 2009-11-29 01:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
    2009-11-29 01:45 . 2009-11-29 01:45 34616 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-29 01:44 . 2009-11-29 01:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI
    2009-11-29 01:44 . 2009-11-29 01:44 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
    2009-11-29 01:42 . 2009-11-29 01:42 0 ----a-w- c:\windows\nsreg.dat
    2009-11-29 01:42 . 2009-11-29 01:42 -------- d-----w- c:\program files\K-Lite Codec Pack
    2009-11-29 01:39 . 2009-11-29 01:39 -------- d-----w- c:\program files\Common Files\ATI Technologies
    2009-11-29 01:37 . 2009-11-29 01:35 -------- d-----w- c:\program files\ATI Technologies
    2009-11-29 01:37 . 2009-11-29 01:35 -------- d-----w- c:\program files\Common Files\InstallShield
    2009-11-29 01:37 . 2009-11-29 01:34 -------- d-----w- c:\program files\Winamp
    2009-11-29 01:30 . 2009-11-28 18:55 -------- d-----w- c:\program files\Windows Desktop Search
    2009-11-28 19:26 . 2009-11-28 18:59 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2009-11-28 19:10 . 2009-11-28 19:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
    2009-11-28 19:06 . 2009-11-28 19:06 -------- d-----w- c:\program files\microsoft frontpage
    2009-11-28 19:05 . 2009-11-28 19:06 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-11-28 19:05 . 2009-11-28 19:05 -------- d-----w- c:\program files\Java
    2009-11-28 19:03 . 2009-11-28 19:03 94248 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2009-11-28 19:02 . 2009-11-28 19:02 -------- d-----w- c:\program files\MSBuild
    2009-11-28 19:02 . 2009-11-28 19:02 -------- d-----w- c:\program files\Reference Assemblies
    2009-11-28 18:58 . 2009-11-28 18:58 -------- d-----w- c:\program files\Windows Media Connect 2
    2009-11-28 18:55 . 2009-11-28 18:55 21640 ----a-w- c:\windows\system32\emptyregdb.dat
    2009-11-28 18:54 . 2009-11-28 18:54 -------- d-----w- c:\program files\MSXML 4.0
    2009-11-14 13:06 . 2009-11-14 13:06 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
    2009-11-09 18:00 . 2009-11-29 01:42 85504 ----a-w- c:\windows\system32\ff_vfw.dll
    2009-10-20 12:34 . 2009-10-20 12:34 219664 ----a-w- c:\windows\system32\klogon.dll
    2009-10-14 13:18 . 2009-10-14 13:18 36880 ----a-w- c:\windows\system32\drivers\klbg.sys
    2009-10-02 11:39 . 2009-10-02 11:39 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
    2009-09-14 06:42 . 2009-09-14 06:42 32272 ----a-w- c:\windows\system32\drivers\klim5.sys
    2009-09-11 14:13 . 2009-01-23 19:05 136704 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-09 11:01 . 2009-09-09 11:01 27675 ----a-w- c:\windows\system32\drivers\klopp.dat
    2009-09-09 10:43 . 2009-11-26 15:41 210352 ----a-w- c:\windows\system32\idmmbc.dll
    .

    ------- Sigcheck -------

    [-] 2009-04-18 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

    [-] 2009-04-18 . C951DB3D9B6EF3CF4B82454D30A8BF59 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2009-12-04_03.22.25 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-12-04 03:57 . 2009-12-04 03:57 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
    + 2009-12-04 03:57 . 2009-12-04 03:57 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
    + 2009-12-04 03:55 . 2009-12-04 03:55 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
    + 2009-12-04 03:55 . 2009-12-04 03:55 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
    + 2009-12-04 03:56 . 2009-12-04 03:56 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
    + 2009-12-04 03:55 . 2009-12-04 03:55 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
    + 2009-12-04 03:54 . 2009-12-04 03:54 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
    + 2009-12-04 03:54 . 2009-12-04 03:54 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
    + 2009-12-04 03:53 . 2009-12-04 03:53 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
    + 2009-12-04 03:54 . 2009-12-04 03:54 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
    + 2009-12-04 03:57 . 2009-12-04 03:57 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
    + 2009-12-04 03:57 . 2009-12-04 03:57 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
    + 2009-12-04 03:57 . 2009-12-04 03:57 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
    + 2009-12-04 03:57 . 2009-12-04 03:57 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
    + 2009-12-04 03:57 . 2009-12-04 03:57 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
    + 2009-12-04 03:57 . 2009-12-04 03:57 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
    + 2009-12-04 03:57 . 2009-12-04 03:57 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
    + 2009-12-04 03:57 . 2009-12-04 03:57 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
    + 2009-12-04 03:56 . 2009-12-04 03:56 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
    + 2009-12-04 03:56 . 2009-12-04 03:56 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
    + 2009-12-04 03:54 . 2009-12-04 03:54 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
    + 2009-12-04 03:56 . 2009-12-04 03:56 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2009-12-04 03:56 . 2009-12-04 03:56 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
    + 2009-12-04 03:56 . 2009-12-04 03:56 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
    + 2009-12-04 03:56 . 2009-12-04 03:56 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
    + 2009-12-04 03:53 . 2009-12-04 03:53 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
    + 2009-12-04 03:53 . 2009-12-04 03:53 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
    + 2009-12-04 03:56 . 2009-12-04 03:56 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
    + 2009-12-04 03:56 . 2009-12-04 03:56 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
    + 2009-12-04 03:56 . 2009-12-04 03:56 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
    + 2009-12-04 03:56 . 2009-12-04 03:56 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
    + 2009-12-04 03:56 . 2009-12-04 03:56 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
    + 2009-12-04 03:56 . 2009-12-04 03:56 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
    + 2009-12-04 03:56 . 2009-12-04 03:56 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
    + 2009-12-04 03:55 . 2009-12-04 03:55 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
    + 2009-12-04 03:54 . 2009-12-04 03:54 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
    + 2009-12-04 03:56 . 2009-12-04 03:56 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
    + 2009-12-04 03:55 . 2009-12-04 03:55 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
    + 2009-12-04 03:54 . 2009-12-04 03:54 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
    + 2009-12-04 03:54 . 2009-12-04 03:54 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
    + 2009-12-04 03:54 . 2009-12-04 03:54 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
    + 2009-12-04 03:54 . 2009-12-04 03:54 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
    + 2009-12-04 03:54 . 2009-12-04 03:54 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2009-12-04 03:55 . 2009-12-04 03:55 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
    + 2009-12-04 03:55 . 2009-12-04 03:55 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
    + 2009-12-04 03:54 . 2009-12-04 03:54 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
    + 2009-12-04 03:54 . 2009-12-04 03:54 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
    + 2009-12-04 03:54 . 2009-12-04 03:54 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
    + 2009-12-04 03:54 . 2009-12-04 03:54 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
    + 2009-12-04 03:53 . 2009-12-04 03:53 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
    + 2009-12-04 03:57 . 2009-12-04 03:57 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
    + 2009-12-04 03:57 . 2009-12-04 03:57 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
    + 2009-12-04 03:57 . 2009-12-04 03:57 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
    + 2009-12-04 03:57 . 2009-12-04 03:57 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
    + 2009-12-04 03:57 . 2009-12-04 03:57 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
    + 2009-12-04 03:57 . 2009-12-04 03:57 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
    + 2009-12-04 03:57 . 2009-12-04 03:57 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
    + 2009-12-04 03:56 . 2009-12-04 03:56 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
    + 2009-12-04 03:53 . 2009-12-04 03:53 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
    + 2009-12-04 03:53 . 2009-12-04 03:53 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
    + 2009-12-04 03:56 . 2009-12-04 03:56 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
    + 2009-12-04 03:56 . 2009-12-04 03:56 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
    + 2009-12-04 03:54 . 2009-12-04 03:54 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
    + 2009-12-04 03:56 . 2009-12-04 03:56 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
    + 2009-12-04 03:56 . 2009-12-04 03:56 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
    + 2009-12-04 03:55 . 2009-12-04 03:55 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
    + 2009-12-04 03:54 . 2009-12-04 03:54 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
    + 2009-12-04 03:56 . 2009-12-04 03:56 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
    + 2009-12-04 03:55 . 2009-12-04 03:55 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
    + 2009-12-04 03:55 . 2009-12-04 03:55 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2009-12-04 03:54 . 2009-12-04 03:54 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
    + 2009-12-04 03:57 . 2009-12-04 03:57 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
    + 2009-12-04 03:54 . 2009-12-04 03:54 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IDMan "= "c:\program files\Internet Download Manager\IDMan.exe" [2009-11-11 3171760]
    "Messenger (Yahoo!) "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-08-18 5137648]
    "SandboxieControl "= "c:\program files\Sandboxie\SbieCtrl.exe" [2009-09-30 387584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay" [X]
    "IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
    "PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "WinampAgent "= "c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
    "HaierDcService "= "c:\program files\CE100 Dialer\Driver\HaierDcService.exe" [2009-08-11 96768]
    "AVP "= "c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
    "Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
    "SoundMan "= "SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-10-24 90112]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 07:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=

    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 8:18 PM 36880]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 1:42 PM 32272]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 6:39 PM 19472]
    R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [9/30/2009 4:15 PM 116736]
    R3 wirelessusbser;Wireless USB Device for Legacy Serial Communication;c:\windows\system32\drivers\3GDatausbser.sys [11/29/2009 8:51 AM 102656]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    TCP: {426DCFD6-E3FB-4A80-BDAE-176E41F9BC02} = 10.17.3.244 10.17.3.252
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.adashu\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2185003&SearchSource=3&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.animetake.com/recently-updated-episodes/
    FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-04 11:51
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1708537768-602609370-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2f,0c,cc,7a,62,b0,12,43,9e,d8,c6,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2f,0c,cc,7a,62,b0,12,43,9e,d8,c6,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    "scansk "=hex(0):cc,47,44,4d,37,d9,67,46,29,65,d8,c6,23,bc,1f,2c,c4,d6,0a,c0,e2,
    35,45,c5,42,30,86,57,21,c9,3d,2f,08,a8,35,fd,ba,8d,82,81,00,00,00,00,00,00,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d6b848da-8c41-4301-8103-c2455e07ae1e}]
    @Denied: (Full) (Everyone)
    "Model "=dword:00000151
    "Therad "=dword:00000006
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(672)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2009-12-04 11:53
    ComboFix-quarantined-files.txt 2009-12-04 04:53
    ComboFix2.txt 2009-12-04 03:27

    Pre-Run: 8,117,760,000 bytes free
    Post-Run: 8,110,698,496 bytes free

    - - End Of File - - E6A71C32F06EF99CEC6AC2FC56A9C7BA




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:54:52 AM, on 12/4/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\FolderSize\FolderSizeSvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Sandboxie\SbieCtrl.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\conime.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe

    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe "
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [HaierDcService] C:\Program Files\CE100 Dialer\Driver\HaierDcService.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe "
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{426DCFD6-E3FB-4A80-BDAE-176E41F9BC02}: NameServer = 10.17.3.244 10.17.3.252
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

    --
    End of file - 6144 bytes
     
    Adashu,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...