Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This


  • This topic is locked This topic is locked
41 replies to this topic

#1 Willemeana

Willemeana

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:14 AM

Posted 10 November 2009 - 11:01 PM

I was referred to this site by CNET.com. They told me to post my Hijack this log here and that hopefully someone would be able to help me. I am unable to download anything and I can't uninstall AVG anti virus. Thank you in advance. :-)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:55 PM, on 10/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Wendy\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
F:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=extensa_5630
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=extensa_5630
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1\bin\npjpi141.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9723 bytes

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:14 PM

Posted 17 November 2009 - 09:09 AM

Hello ,
And :( to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log
  • GMER log


Please give me some time to review your logs and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay
.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Willemeana

Willemeana
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:14 AM

Posted 18 November 2009 - 06:26 PM

DDS (Ver_09-10-26.01) - NTFSx86
My Anti virus stopped working and my laptop stopped allowing me to download any programs or attachments my emails. I had to save the DDS programs to a memory stick in order to run them on my laptop. I hope I have done this correctly...thanks for your help. :D




Run by Wendy at 19:42:29.06 on 18/11/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3000.1641 [GMT -3.5:30]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Wendy\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
F:\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=0309&m=extensa_5630
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=0309&m=extensa_5630
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eRecoveryService]
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\alluse~1\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 7.0\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,avgrsstx.dll,c:\progra~1\kasper~1\kasper~1.0\r3hook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-3 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-3 108552]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2007-4-4 20760]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-5-7 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-7 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-28 210432]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-3-30 112128]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-4-15 51160]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-4-8 43736]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-3 297752]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\drivers\TpChoice.sys [2008-5-7 17968]

=============== Created Last 30 ================

2009-11-13 09:48:14 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-13 09:47:54 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-13 09:47:45 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-13 09:47:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-11 22:17:40 0 d-----w- c:\windows\system32\Adobe
2009-11-10 20:39:24 0 d-----w- c:\program files\Microsoft
2009-11-10 20:39:07 0 d-----w- c:\program files\Windows Live SkyDrive
2009-11-10 20:20:39 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 20:19:58 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-10 04:04:53 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-11-10 04:04:28 0 d-----w- c:\users\wendy\appdata\roaming\SUPERAntiSpyware.com
2009-11-10 04:04:28 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-10 04:03:17 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-10 03:23:37 0 d-----w- c:\users\wendy\appdata\roaming\Malwarebytes
2009-11-10 03:23:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-10 03:23:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-10 03:23:27 0 d-----w- c:\programdata\Malwarebytes
2009-11-10 03:23:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-10 02:48:24 0 d-----w- c:\program files\Windows Portable Devices
2009-11-10 02:48:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-10 02:46:40 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-10 02:46:39 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-10 02:46:39 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-10 02:46:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-11-10 02:46:01 258048 ----a-w- c:\windows\system32\winspool.drv
2009-11-10 02:46:00 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-11-10 02:46:00 37888 ----a-w- c:\windows\system32\cdd.dll
2009-11-10 02:43:49 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-10 02:43:47 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-10 02:43:47 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-09 15:50:51 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-11-09 15:50:51 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-11-09 15:48:24 0 d-----w- c:\program files\Kaspersky Lab
2009-11-09 15:48:23 0 d-----w- c:\programdata\Kaspersky Lab
2009-11-09 15:48:14 69488 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-09 15:48:14 5408288 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-09 15:46:19 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-11-09 03:48:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-11-09 02:41:27 524288 --sha-w- c:\users\wendy\ntuser.dat{1c323346-ccdd-11de-813e-001d72e0cd54}.TMContainer00000000000000000002.regtrans-ms
2009-11-09 02:41:26 65536 --sha-w- c:\users\wendy\ntuser.dat{1c323346-ccdd-11de-813e-001d72e0cd54}.TM.blf
2009-11-09 02:41:26 524288 --sha-w- c:\users\wendy\ntuser.dat{1c323346-ccdd-11de-813e-001d72e0cd54}.TMContainer00000000000000000001.regtrans-ms
2009-11-07 13:21:15 0 d-----w- c:\users\wendy\Tracing
2009-11-07 13:04:04 0 d-----w- c:\program files\common files\Windows Live
2009-11-02 00:56:05 0 d-----w- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-11-02 00:54:54 0 d-----w- c:\programdata\Symantec
2009-11-02 00:54:53 0 d-----w- c:\programdata\Norton
2009-11-02 00:46:40 0 d-----w- c:\programdata\NortonInstaller
2009-11-02 00:33:05 0 d-----w- c:\users\wendy\appdata\roaming\GetRightToGo
2009-10-31 01:26:44 0 d--h--w- C:\$AVG
2009-10-31 01:26:06 0 d-----w- c:\programdata\avg9
2009-10-29 04:48:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-28 03:28:08 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 03:28:06 8147456 ----a-w- c:\windows\system32\wmploc.DLL

==================== Find3M ====================

2009-11-10 02:48:18 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-10 02:48:18 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-10 02:48:18 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-10 02:48:18 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-09 16:18:55 112144 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-11-03 00:12:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41:26 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41:26 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41:26 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41:26 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-18 09:22:16 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-03-30 21:20:42 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 19:43:06.45 ===============

Attached Files



#4 Willemeana

Willemeana
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:14 AM

Posted 18 November 2009 - 07:08 PM

GMER 1.0.15.15227 - http://www.gmer.net
Rootkit scan 2009-11-18 20:34:52
Windows 6.0.6002 Service Pack 2
Running: 7g4h6ftn.exe; Driver: C:\Users\Wendy\AppData\Local\Temp\fwrcqpob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x8EFDC0B0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 621 822EDD64 4 Bytes [B0, C0, FD, 8E]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[196] ntdll.dll!LdrLoadDll 77949390 5 Bytes JMP 10001F20 C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab)
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[264] ntdll.dll!LdrLoadDll 77949390 5 Bytes JMP 10001F20 C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[320] ntdll.dll!LdrLoadDll 77949390 5 Bytes JMP 00161F20 C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab)
.text C:\Program Files\Launch Manager\LManager.exe[392] ntdll.dll!LdrLoadDll 77949390 5 Bytes JMP 00301F20 C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab)
.text C:\Program Files\Acer\Empowering Technology\Service\ETService.exe[484] ntdll.dll!LdrLoadDll 77949390 5 Bytes JMP 10001F20 C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll (Kaspersky Anti-Virus Ring 3 Hooker/Kaspersky Lab)
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74947817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7499A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7494BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7493F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749475E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7493E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74978395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7494DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7493FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7493FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749371CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [749CCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7496C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7493D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74936853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7493687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74942AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[5192] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:372] 86F26000
Thread System [4:380] 86F26000
Thread System [4:384] 86F5B7E0
Thread System [4:388] 86F5B7E0
Thread System [4:396] 86F5D7D0
Thread System [4:400] 86F5D7D0
Thread System [4:404] 86F5D7D0
Thread System [4:412] 86F5B7E0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269cc09b4
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\002269cc09b4 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:14 PM

Posted 19 November 2009 - 04:17 AM

Hello Willemeana,

P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


TWO ANTIVIRUS PROGRAMS
---------------------------------------
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or Kaspersky. I strongly recommend you keep Kaspersky and remove AVG since Kaspersky is a better scanner and your AVG is outdated anyway.


COMBOFIX
---------------
Please download ComboFix from one of these locations:Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Willemeana

Willemeana
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:14 AM

Posted 19 November 2009 - 07:08 PM

I can't uninstall AVG, that is part of the reason I have Kaspersky. When I try to uninstall AVG, a message pops up and says action failed. I can't even delete the AVG folder. Can I still run this Combofix with AVG still on my laptop. Also will this fix the fact that I can't download anything new? Thank you for your help....

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:14 PM

Posted 20 November 2009 - 04:03 AM

When I try to uninstall AVG, a message pops up and says action failed. I can't even delete the AVG folder. Can I still run this Combofix with AVG still on my laptop.

Yes, you can. Make sure you disable AVG. If you did that and Combofix still tells you its running, you can ignore the warning and run Combofix anyway.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Willemeana

Willemeana
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:14 AM

Posted 20 November 2009 - 07:21 PM

ComboFix 09-11-20.02 - Wendy 20/11/2009 20:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3000.1858 [GMT -3.5:30]
Running from: F:\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Suyin.reg
c:\windows\system32\drivers\pciide.sys
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2009-10-20 to 2009-11-20 )))))))))))))))))))))))))))))))
.

2009-11-13 09:48 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-13 09:48 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-13 09:48 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-13 09:48 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-13 09:47 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-13 09:47 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-13 09:47 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-13 09:47 . 2009-08-06 22:53 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-13 09:47 . 2009-08-06 22:14 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-11 22:36 . 2009-11-11 22:36 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbFBC3.tmp.exe
2009-11-11 22:17 . 2009-11-11 22:18 -------- d-----w- c:\windows\system32\Adobe
2009-11-10 20:40 . 2009-11-10 20:40 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-10 20:39 . 2009-11-10 20:39 -------- d-----w- c:\program files\Microsoft
2009-11-10 20:39 . 2009-11-10 20:39 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-10 20:20 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 20:19 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-10 04:07 . 2009-11-16 11:47 117760 ----a-w- c:\users\Wendy\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-10 04:04 . 2009-11-10 04:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-11-10 04:04 . 2009-11-17 01:44 4096 d-----w- c:\program files\SUPERAntiSpyware
2009-11-10 04:04 . 2009-11-10 04:04 -------- d-----w- c:\users\Wendy\AppData\Roaming\SUPERAntiSpyware.com
2009-11-10 04:03 . 2009-11-10 04:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-10 03:23 . 2009-11-10 03:23 -------- d-----w- c:\users\Wendy\AppData\Roaming\Malwarebytes
2009-11-10 03:23 . 2009-09-10 18:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-10 03:23 . 2009-11-10 03:23 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-10 03:23 . 2009-11-10 03:23 -------- d-----w- c:\programdata\Malwarebytes
2009-11-10 03:23 . 2009-09-10 18:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-10 02:48 . 2009-11-10 02:48 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-10 02:46 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-10 02:46 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-10 02:46 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-10 02:46 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-11-10 02:46 . 2009-09-24 22:54 258048 ----a-w- c:\windows\system32\winspool.drv
2009-11-10 02:46 . 2009-09-25 01:27 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-11-10 02:46 . 2009-09-25 01:27 37888 ----a-w- c:\windows\system32\cdd.dll
2009-11-10 02:43 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-10 02:43 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-10 02:43 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-09 16:18 . 2009-11-09 16:18 112144 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\X86\kl1.sys
2009-11-09 16:18 . 2009-11-09 16:18 682512 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\updater.dll
2009-11-09 16:18 . 2009-11-09 16:18 150032 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\diffs.dll
2009-11-09 16:18 . 2009-11-09 16:18 342544 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\ckahum.dll
2009-11-09 15:50 . 2009-11-09 16:18 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-11-09 15:50 . 2009-11-09 16:18 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-11-09 15:48 . 2009-11-09 15:48 -------- d-----w- c:\program files\Kaspersky Lab
2009-11-09 15:48 . 2009-11-20 22:55 4096 d-----w- c:\programdata\Kaspersky Lab
2009-11-09 15:48 . 2009-11-20 23:57 5845536 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-09 15:46 . 2009-11-09 15:46 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-11-09 03:49 . 2009-11-09 04:01 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-08 23:06 . 2009-11-08 23:06 552 ----a-w- c:\users\Wendy\AppData\Local\d3d8caps.dat
2009-11-07 13:21 . 2009-11-20 23:59 -------- d-----w- c:\users\Wendy\Tracing
2009-11-07 13:04 . 2009-11-07 13:04 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-02 00:56 . 2009-11-03 03:26 -------- d-----w- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-11-02 00:54 . 2009-11-02 06:56 -------- d-----w- c:\programdata\Symantec
2009-11-02 00:54 . 2009-11-09 02:00 -------- d-----w- c:\programdata\Norton
2009-11-02 00:46 . 2009-11-02 00:46 -------- d-----w- c:\programdata\NortonInstaller
2009-11-02 00:33 . 2009-11-02 01:14 -------- d-----w- c:\users\Wendy\AppData\Roaming\GetRightToGo
2009-10-31 01:26 . 2009-10-31 01:31 -------- d-----w- C:\$AVG
2009-10-31 01:26 . 2009-10-31 01:26 -------- d-----w- c:\programdata\avg9
2009-10-29 04:48 . 2009-10-29 04:48 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-28 03:28 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 03:28 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 23:54 . 2009-11-09 15:48 80264 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-20 23:54 . 2009-03-30 16:16 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-14 03:38 . 2008-05-07 08:56 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-11 22:19 . 2009-03-30 16:15 4096 d-----w- c:\program files\Google
2009-11-10 21:25 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-10 21:04 . 2008-05-07 08:44 12288 d-----w- c:\programdata\Microsoft Help
2009-11-10 20:40 . 2009-03-30 18:34 4096 d-----w- c:\program files\Windows Live
2009-11-10 19:53 . 2009-03-30 16:16 -------- d-----w- c:\programdata\Partner
2009-11-10 02:48 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-10 02:48 . 2009-11-10 02:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-10 00:22 . 2009-06-03 13:51 -------- d-----w- c:\program files\AVG
2009-11-09 16:18 . 2007-04-28 20:21 112144 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-11-09 03:39 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery
2009-11-09 03:39 . 2009-03-30 20:56 8192 d-----w- c:\users\Wendy\AppData\Roaming\uTorrent
2009-11-09 03:39 . 2009-06-03 13:51 -------- d-----w- c:\programdata\avg8
2009-11-09 03:39 . 2008-05-07 08:45 8192 d-----w- c:\program files\Microsoft Works
2009-11-09 02:24 . 2009-06-03 13:51 -------- d-----w- c:\programdata\avg8(152)
2009-11-03 00:12 . 2009-10-03 04:26 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-18 14:25 . 2009-03-30 21:03 8192 d-----w- c:\program files\DivX
2009-10-18 14:24 . 2009-03-30 21:03 4096 d-----w- c:\program files\Common Files\DivX Shared
2009-10-15 00:51 . 2008-05-07 08:48 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-05 10:51 . 2009-10-21 12:27 2064152 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-10-05 10:51 . 2009-10-17 10:46 2023704 ----a-w- c:\programdata\avg8\update\backup\avgtray.exe
2009-10-05 10:50 . 2009-10-07 11:32 1142552 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe
2009-10-01 01:02 . 2009-11-10 02:45 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-10 02:45 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-10 02:45 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-10 02:45 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-10 02:45 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-10 02:45 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-10 02:45 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-10 02:45 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-10 02:45 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-10 02:45 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-10 02:45 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-10 02:45 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-25 02:10 . 2009-11-10 02:45 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-10 02:45 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-10 02:45 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-10 02:45 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-10 02:45 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-10 02:45 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-10 02:45 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-10 02:45 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-10 02:45 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-10 02:45 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:32 . 2009-11-10 02:45 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-10 02:45 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-10 02:45 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-10 02:45 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-10 02:45 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-10 02:45 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-10 02:45 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-10 02:45 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-10 02:45 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-10 02:45 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-10 02:45 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-10 02:45 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-10 02:45 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-14 09:29 . 2009-10-15 00:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-15 00:44 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 11:41 . 2009-10-15 00:44 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27 . 2009-09-02 23:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 23:30 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-15 00:47 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-15 00:47 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-15 00:47 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-15 00:47 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-03-30 21:20 . 2009-03-30 21:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 14:28 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-17 2001648]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-11 39408]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-05-21 6144000]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-21 1826816]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:4e,f3,26,8f,43,38,ca,01

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [03/06/2009 10:22 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [03/06/2009 10:22 AM 108552]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [04/04/2007 2:59 PM 20760]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 9:24 PM 74480]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 4:41 PM 16384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [07/05/2008 5:25 AM 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [07/04/2008 2:12 AM 50424]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 7:09 PM 11032]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [28/03/2008 8:14 AM 210432]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [30/03/2009 5:48 PM 112128]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [15/04/2008 2:43 PM 51160]
R3 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [08/04/2008 3:16 PM 43736]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 9:24 PM 7408]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/06/2009 10:21 AM 297752]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [04/04/2008 6:33 AM 131072]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [20/01/2008 10:53 PM 21504]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\System32\drivers\TpChoice.sys [07/05/2008 3:09 AM 17968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=0309&m=extensa_5630
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-eRecoveryService - (no file)
AddRemove-HijackThis - F:\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-20 20:27
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4916)
c:\windows\system32\btmmhook.dll
c:\windows\System32\SysHook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-11-20 20:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-21 00:10

Pre-Run: 74,265,878,528 bytes free
Post-Run: 74,385,817,600 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - 64F34514C8B1604DB47B14B4E7FF7CF6

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:14 PM

Posted 21 November 2009 - 05:51 AM

Please run MBAM, update it first and run a full scan.

Post the log in your next reply.

Sorry for the short post, I just hurt my knee quite bad and can't sit well at my desk :(

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Willemeana

Willemeana
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:14 AM

Posted 21 November 2009 - 12:19 PM

No infections found....but still can't download anything and can't delete AVG or uninstall it.

Sorry to hear about your knee...hope you are feeling better soon...



Malwarebytes' Anti-Malware 1.41
Database version: 3206
Windows 6.0.6002 Service Pack 2

21/11/2009 1:41:28 PM
mbam-log-2009-11-21 (13-41-28).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 208876
Time elapsed: 1 hour(s), 5 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:14 PM

Posted 21 November 2009 - 12:36 PM

Can you please post me a new GMER log?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Willemeana

Willemeana
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:14 AM

Posted 21 November 2009 - 06:55 PM

DDS (Ver_09-10-26.01) - NTFSx86
Run by Wendy at 20:20:23.46 on 21/11/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3000.1670 [GMT -3.5:30]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Users\Wendy\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
F:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=0309&m=extensa_5630
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe"
StartupFolder: c:\alluse~1\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 7.0\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-3 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-3 108552]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2007-4-4 20760]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-5-7 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-7 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-28 210432]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-3-30 112128]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-4-15 51160]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-4-8 43736]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-3 297752]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\drivers\TpChoice.sys [2008-5-7 17968]

=============== Created Last 30 ================

2009-11-20 23:30:44 98816 ----a-w- c:\windows\sed.exe
2009-11-20 23:30:44 77312 ----a-w- c:\windows\MBR.exe
2009-11-20 23:30:44 260608 ----a-w- c:\windows\PEV.exe
2009-11-20 23:30:44 161792 ----a-w- c:\windows\SWREG.exe
2009-11-20 23:30:25 0 d-----w- C:\ComboFix
2009-11-13 09:48:14 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-13 09:47:54 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-13 09:47:45 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-13 09:47:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-11 22:17:40 0 d-----w- c:\windows\system32\Adobe
2009-11-10 20:39:24 0 d-----w- c:\program files\Microsoft
2009-11-10 20:39:07 0 d-----w- c:\program files\Windows Live SkyDrive
2009-11-10 20:20:39 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 20:19:58 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-10 04:04:53 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-11-10 04:04:28 0 d-----w- c:\users\wendy\appdata\roaming\SUPERAntiSpyware.com
2009-11-10 04:04:28 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-10 04:03:17 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-10 03:23:37 0 d-----w- c:\users\wendy\appdata\roaming\Malwarebytes
2009-11-10 03:23:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-10 03:23:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-10 03:23:27 0 d-----w- c:\programdata\Malwarebytes
2009-11-10 03:23:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-10 02:48:24 0 d-----w- c:\program files\Windows Portable Devices
2009-11-10 02:48:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-10 02:46:40 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-10 02:46:39 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-10 02:46:39 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-10 02:46:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-11-10 02:46:01 258048 ----a-w- c:\windows\system32\winspool.drv
2009-11-10 02:46:00 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-11-10 02:46:00 37888 ----a-w- c:\windows\system32\cdd.dll
2009-11-10 02:43:49 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-10 02:43:47 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-10 02:43:47 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-09 15:50:51 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-11-09 15:50:51 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-11-09 15:48:24 0 d-----w- c:\program files\Kaspersky Lab
2009-11-09 15:48:23 0 d-----w- c:\programdata\Kaspersky Lab
2009-11-09 15:48:14 83216 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-09 15:48:14 6259488 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-09 15:46:19 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-11-09 03:48:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-11-09 02:41:27 524288 --sha-w- c:\users\wendy\ntuser.dat{1c323346-ccdd-11de-813e-001d72e0cd54}.TMContainer00000000000000000002.regtrans-ms
2009-11-09 02:41:26 65536 --sha-w- c:\users\wendy\ntuser.dat{1c323346-ccdd-11de-813e-001d72e0cd54}.TM.blf
2009-11-09 02:41:26 524288 --sha-w- c:\users\wendy\ntuser.dat{1c323346-ccdd-11de-813e-001d72e0cd54}.TMContainer00000000000000000001.regtrans-ms
2009-11-07 13:21:15 0 d-----w- c:\users\wendy\Tracing
2009-11-07 13:04:04 0 d-----w- c:\program files\common files\Windows Live
2009-11-02 00:56:05 0 d-----w- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-11-02 00:54:54 0 d-----w- c:\programdata\Symantec
2009-11-02 00:54:53 0 d-----w- c:\programdata\Norton
2009-11-02 00:46:40 0 d-----w- c:\programdata\NortonInstaller
2009-11-02 00:33:05 0 d-----w- c:\users\wendy\appdata\roaming\GetRightToGo
2009-10-31 01:26:44 0 d-----w- C:\$AVG
2009-10-31 01:26:06 0 d-----w- c:\programdata\avg9
2009-10-29 04:48:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-28 03:28:08 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 03:28:06 8147456 ----a-w- c:\windows\system32\wmploc.DLL

==================== Find3M ====================

2009-11-10 02:48:18 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-10 02:48:18 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-10 02:48:18 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-10 02:48:18 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-09 16:18:55 112144 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-11-03 00:12:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41:26 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41:26 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41:26 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41:26 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-18 09:22:16 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-03-30 21:20:42 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 20:21:23.30 ===============

Attached Files



#13 Willemeana

Willemeana
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:14 AM

Posted 21 November 2009 - 10:44 PM

Sorry...I ran and posted the wrong logs...sorry...:-)

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-22 00:10:35
Windows 6.0.6002 Service Pack 2
Running: ffzr2goy.exe; Driver: C:\Users\Wendy\AppData\Local\Temp\fwrcqpob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x8A3DF0B0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 621 822F7D64 4 Bytes [B0, F0, 3D, 8A]

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] USER32.dll!SetScrollInfo + 7A8 75577980 4 Bytes [70, 11, C6, 00]
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] USER32.dll!SetScrollInfo + 7A8 75577980 4 Bytes [70, 11, 39, 00] {JO 0x13; CMP [EAX], EAX}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 012604A8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 012604D2
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 012604FC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 01260526
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 01260550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 0126057A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 012605A4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 012605CE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 012605F8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 01260622
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 0126064C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 01260676
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 012606A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 012606CA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 012606F4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 0126071E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 01260748
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 01260772
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 0126079C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 012607C6
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 012607F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 0126081A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 01260844
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 0126086E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 01260898
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 012608C2
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 012608EC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 01260916
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 01260940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 01260B38
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 01260B62
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 01260B8C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 01260BB6
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 01260BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 01260C0A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 01260C34
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 01260C5E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01260C88
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] 01260CB2
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01260D84
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 01260DAE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 01260DD8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameA] 01260E02
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 01260E2C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 01260E56
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 01260E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 01260EAA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 01260ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 01260EFE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 01260F28
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 01260F52
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 01260F7C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01260FA6
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 01260FD0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 012F0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 012F003A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 012F0064
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 012F008E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 012F00B8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 012F00E2
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 012F010C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 012F0136
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 012F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 012F018A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 012F01B4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 012F01DE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameA] 012F0208
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 012F05F8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 012F0622
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 012F064C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW] 012F0676
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 012F06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 012F06CA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 012F081A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 012F09E8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 012F0A12
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 012F0A3C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 012F0A66
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 012F0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 012F0ABA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01260358
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 01260286
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 012601DE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 0126025C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 01260208
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01260358
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 012601DE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 0126025C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 01260286
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 012602DA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameW] 01260232
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] 01260304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryW] 01260304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 0126032E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameA] 01260208
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01260358
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryExW] 012602DA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 0126025C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryA] 01260286
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 012601DE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameW] 01260232
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01260358
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 012601DE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 0126025C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 01260286
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 012602DA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 01260232
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\Netapi32.dll [KERNEL32.dll!LoadLibraryW] 01260304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\Netapi32.dll [KERNEL32.dll!LoadLibraryA] 01260286
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\Netapi32.dll [KERNEL32.dll!FreeLibrary] 012601DE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\Netapi32.dll [KERNEL32.dll!GetProcAddress] 0126025C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\Netapi32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01260358
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\Netapi32.dll [KERNEL32.dll!GetModuleFileNameA] 01260208
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] 01260286
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!FreeLibrary] 012601DE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] 0126025C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1652] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01260358
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73D77817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73DCA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73D7BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73D6F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73D775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73D6E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73DA8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73D7DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73D6FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73D6FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73D671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73DFCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73D9C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73D6D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73D66853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73D6687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1820] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73D72AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C904A8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 00C904D2
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00C904FC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00C90526
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 00C90550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 00C9057A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00C905A4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00C905CE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00C905F8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00C90622
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00C9064C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00C90676
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C906A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00C906CA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00C906F4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00C9071E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00C90748
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 00C90772
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C9079C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 00C907C6
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 00C907F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 00C9081A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 00C90844
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C9086E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 00C90898
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 00C908C2
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 00C908EC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 00C90916
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 00C90940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 00C90B38
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00C90B62
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00C90B8C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00C90BB6
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 00C90BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 00C90C0A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 00C90C34
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 00C90C5E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C90C88
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] 00C90CB2
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C90D84
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00C90DAE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00C90DD8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameA] 00C90E02
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00C90E2C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00C90E56
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 00C90E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00C90EAA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00C90ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00C90EFE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00C90F28
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00C90F52
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00C90F7C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C90FA6
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00C90FD0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 01AD0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 01AD003A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 01AD0064
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 01AD008E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 01AD00B8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 01AD00E2
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01AD010C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 01AD0136
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 01AD0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 01AD018A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 01AD01B4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 01AD01DE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameA] 01AD0208
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01AD05F8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 01AD0622
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 01AD064C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW] 01AD0676
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 01AD06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 01AD06CA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 01AD0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 01AD0B0E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 01AD0B38
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 01AD0B62
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 01AD0B8C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01AD0BB6
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 01AD0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 00C90304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 00C9032E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 00C90208
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C90358
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 00C902DA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 00C9025C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 00C90286
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 00C901DE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 00C90232
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 00C90208
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C90358
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 00C901DE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 00C9025C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 00C90286
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 00C902DA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameW] 00C90232
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] 00C90304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C90358
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 00C901DE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 00C9025C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 00C90286
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 00C902DA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2208] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 00C90232
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3824] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:436] 86F2C000
Thread System [4:444] 86F2C000
Thread System [4:448] 86F797E0
Thread System [4:452] 86F797E0
Thread System [4:460] 86F7B7D0
Thread System [4:464] 86F7B7D0
Thread System [4:468] 86F7B7D0
Thread System [4:476] 86F797E0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269cc09b4
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\002269cc09b4 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:14 PM

Posted 22 November 2009 - 06:59 AM

Hello Willemeana,

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

TFC
--------
Download TFC by OldTimer to your desktop.
(TFC only cleans temp folders. It will not clean URL history, prefetch, or cookies).
Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job.
Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean

NOTE:
It's normal after running TFC cleaner that the PC will be slower to boot the first time.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.



SUPERANTISPYWARE
-----------------------------
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
In your next reply, please include the following:
  • SUPERAntiSpyware scan log

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Willemeana

Willemeana
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:14 AM

Posted 22 November 2009 - 10:04 PM

Hi Elise,

Here is my new log, I do appreciate all your help:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/22/2009 at 11:19 PM

Application Version : 4.30.1004

Core Rules Database Version : 4303
Trace Rules Database Version: 2170

Scan type : Complete Scan
Total Scan Time : 00:52:28

Memory items scanned : 278
Memory threats detected : 0
Registry items scanned : 6792
Registry threats detected : 0
File items scanned : 105501
File threats detected : 41

Adware.Tracking Cookie
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\wendy@atdmt[1].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\wendy@bellcan.adbureau[2].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@ad.yieldmanager[2].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@adcentriconline[1].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@ads.adap[1].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@ads.bleepingcomputer[1].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@ads.lockedonmedia[2].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@ads.networldmedia[2].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@ads.webkinz[1].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@adserverpremium[2].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@advertising[1].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@apmebf[1].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@atdmt[1].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@bellcan.adbureau[2].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@bluestreak[1].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@bs.serving-sys[1].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@casalemedia[2].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@content.yieldmanager[2].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@content.yieldmanager[3].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@data.coremetrics[1].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@dmtracker[2].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@doubleclick[2].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@interclick[2].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@lfstmedia[2].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@lockedonmedia[2].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@mediaplex[1].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@msnportal.112.2o7[1].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@networldmedia[1].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@overture[1].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@popcapgames.122.2o7[1].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@revsci[2].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@searsca.122.2o7[1].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@serving-sys[2].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@sitestat.mayoclinic[1].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@statse.webtrendslive[2].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@trafficmp[1].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@tribalfusion[1].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@vitamine.networldmedia[2].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@zedo[2].txt
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@zoombanner[1].txt

Trojan.Agent/Gen-Nullo[Short]
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 7.0\R3HOOK.DLL




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users