Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE8/Firefox links redirect & multiple windows keep opening in both browsers


  • This topic is locked This topic is locked
30 replies to this topic

#1 zoolers

zoolers

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 03 December 2009 - 10:10 PM

Hello-

i'm having what i think is a malware problem. when i do a search on yahoo or firefox and select a link result the window opens to a random url (usually related to cleaning spyware) Also, when i click on firefox or ie to open one browser multiple browsers open (note: this does not happen all the time)

i ran the spybot-search & destroy, adaware, panda, trend micro house call and they did not come up with any issues that resolved this issue

other things to note:
1) i cannot boot into safe mode (the last file showing is mup.sys)
2) i cannot use system restore (at the moment this is currently disabled)

thanks so much for taking the time to look at this issue and please let me know if you need any thing else

dds file:

DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 21:48:25.28 on Thu 12/03/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.424 [GMT -5:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\AIM6\aolsoftware.exe
svchost.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page =
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uWindow Title = Windows Internet Explorer provided by Yahoo!
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearchAssistant =
mSearchAssistant =
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Alcmtr] ALCMTR.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
StartupFolder: c:\docume~1\hp_adm~1.you\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1.you\applic~1\mozilla\firefox\profiles\zeqdve7u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program files\mozilla firefox\extensions\{7A8213D3-D08E-4A55-AA3A-D031A3BC8EB6}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program files\mozilla firefox\extensions\{DA353499-16A5-4682-B210-1A6862343CE8}

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-12-3 315408]
R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-10-20 340456]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-28 24652]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]

=============== Created Last 30 ================

2009-12-04 01:13:35 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-04 01:13:34 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-04 01:12:35 0 d-----w- c:\program files\Kaspersky Lab
2009-12-04 01:12:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-12-04 01:09:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-12-02 22:26:46 0 d-----w- c:\windows\pss
2009-12-02 21:08:40 0 d-----w- c:\program files\AVG
2009-12-02 17:11:07 0 d-----w- c:\program files\Panda Security
2009-12-01 23:11:49 0 d-----w- c:\program files\Trend Micro
2009-11-19 23:21:11 0 d-----w- c:\program files\CCleaner
2009-11-19 21:04:02 0 ----a-w- c:\windows\system32\NvApps.xml
2009-11-11 00:41:24 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-11 00:41:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-11-10 21:18:13 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

==================== Find3M ====================

2009-10-22 09:19:04 5939712 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-10-21 01:34:56 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-15 02:18:34 36880 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-05-17 20:35:45 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042720090504\index.dat
2009-05-17 20:35:45 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051720090518\index.dat

============= FINISH: 21:50:20.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:35 PM

Posted 04 December 2009 - 08:12 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5
    %SYSTEMDRIVE%\nvatabus.sys /s /md5
    %SYSTEMDRIVE%\viamraid.sys /s /md5
    %SYSTEMDRIVE%\nvata.sys /s /md5
    CREATERESTOREPOINT



  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.


=============

The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 zoolers

zoolers
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 04 December 2009 - 01:22 PM

Hi Sam-

Thanks so much for helping me out with this. Below are the logs you requested. i did run into something while running gmer. it said the log stopped and then kaspersky anti-virus popped up saying it had detected a malicious software with the object: C:\WINDOWS\system32\drivers\atapi.sys and the virus: Rootkit.Win32.TDSS.y. Kaspersky has given the option to perform a disinfection procedure. let me know if i should do that. i've included the unfinished gmer log at the bottom of this post..do i need to run it again or stop kaspersky while running it?

thanks again,

-jb

the followng order:
OTL.txt
Extras.txt

OTL logfile created on: 12/4/2009 12:34:08 PM - Run 1
OTL by OldTimer - Version 3.1.11.5 Folder = C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 449.11 Mb Available Physical Memory | 46.86% Memory free
2.26 Gb Paging File | 1.85 Gb Available in Paging File | 82.07% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 270.61 Gb Total Space | 249.52 Gb Free Space | 92.21% Space Free | Partition Type: NTFS
Drive D: | 8.82 Gb Total Space | 0.60 Gb Free Space | 6.85% Space Free | Partition Type: FAT32
Drive E: | 0.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4DACD0EA75
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/04 12:32:10 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
PRC - [2009/10/29 06:01:25 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/20 20:39:28 | 00,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2009/10/20 20:34:38 | 00,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
PRC - [2009/05/19 00:23:16 | 00,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/12/08 14:50:04 | 00,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe
PRC - [2008/11/06 12:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/06 18:24:42 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
PRC - [2006/06/21 06:08:48 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/04/13 11:05:00 | 00,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2006/04/07 03:50:22 | 00,065,536 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
PRC - [2006/02/16 00:34:58 | 00,249,856 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
PRC - [2005/11/10 22:03:52 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PRC - [2005/08/03 01:19:16 | 00,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/03 01:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2005/02/02 18:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [1998/05/07 11:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\WINDOWS\system\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2009/12/04 12:32:10 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
MOD - [2006/10/06 18:24:39 | 00,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\IadHide5.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/20 20:39:28 | 00,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/06/21 06:08:48 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/05/09 17:50:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/08/03 01:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2004/10/22 12:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-579758089-1594664927-2996123245-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-579758089-1594664927-2996123245-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-579758089-1594664927-2996123245-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-579758089-1594664927-2996123245-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-579758089-1594664927-2996123245-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-579758089-1594664927-2996123245-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-579758089-1594664927-2996123245-1007\S-1-5-21-579758089-1594664927-2996123245-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {7A8213D3-D08E-4A55-AA3A-D031A3BC8EB6}:1.0
FF - prefs.js..extensions.enabledItems: {DA353499-16A5-4682-B210-1A6862343CE8}:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/14 06:18:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/30 06:03:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2006/10/06 18:08:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2009/10/30 06:03:38 | 00,000,000 | ---D | M]

[2009/04/28 19:30:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Extensions
[2009/12/03 21:46:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\zeqdve7u.default\extensions
[2009/12/03 21:46:09 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/04/27 13:19:45 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{7A8213D3-D08E-4A55-AA3A-D031A3BC8EB6}
[2009/04/27 19:20:35 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{DA353499-16A5-4682-B210-1A6862343CE8}
[2009/12/03 20:13:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (36 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKU\S-1-5-21-579758089-1594664927-2996123245-1007\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-579758089-1594664927-2996123245-1007..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\kodak\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\kodak\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-579758089-1594664927-2996123245-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWire...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/06 18:20:30 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 00:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/11/14 21:13:14 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 14 Days ==========

[2009/12/04 12:32:11 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
[2009/12/03 21:51:24 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\RootRepeal.exe
[2009/12/03 20:12:35 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2009/12/03 20:12:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/12/03 20:12:20 | 00,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/12/03 20:09:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/12/03 20:09:07 | 67,291,088 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\kav2010_9.0.0.736en.exe
[2009/12/02 17:46:33 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/12/02 17:26:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/12/02 17:26:40 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\avast_home_setup.exe
[2009/12/02 16:08:40 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/12/02 15:57:55 | 00,891,248 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\avg_free_stb_all_9_40_cnet.exe
[2009/12/02 12:11:07 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/12/01 20:32:26 | 01,839,496 | ---- | C] (Trend Micro) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\HousecallLauncher.exe
[2009/12/01 18:11:49 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/01 18:10:54 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\HJTInstall.exe
[2009/11/25 15:31:57 | 04,585,944 | ---- | C] (ManiacTools.com ) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\mp3-splitter-joiner.exe
[2006/02/19 12:28:56 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/04 12:32:10 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
[2009/12/04 12:29:59 | 00,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/12/04 12:28:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009/12/04 12:27:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/04 12:27:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/04 12:27:08 | 10,051,13344 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/03 21:51:23 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\RootRepeal.exe
[2009/12/03 21:47:37 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\dds.scr
[2009/12/03 20:16:36 | 00,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/12/03 20:13:35 | 00,108,059 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/12/03 20:13:34 | 00,095,259 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/12/03 20:09:07 | 67,291,088 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\kav2010_9.0.0.736en.exe
[2009/12/03 19:52:50 | 04,194,304 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\NTUSER.DAT
[2009/12/03 19:52:50 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\ntuser.ini
[2009/12/03 19:52:31 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/03 17:42:01 | 01,839,496 | ---- | M] (Trend Micro) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\HousecallLauncher.exe
[2009/12/03 16:01:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/03 09:54:21 | 00,006,616 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\cc_20091203_095417.reg
[2009/12/02 17:41:41 | 00,002,368 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\cc_20091202_174135.reg
[2009/12/02 17:26:40 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\avast_home_setup.exe
[2009/12/02 15:57:56 | 00,891,248 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\avg_free_stb_all_9_40_cnet.exe
[2009/12/02 12:10:15 | 00,177,240 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\activescan2_en.exe
[2009/12/01 20:32:31 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\housecall.guid.cache
[2009/12/01 20:30:45 | 00,014,366 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\cc_20091201_203038.reg
[2009/12/01 18:11:49 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\HijackThis.lnk
[2009/12/01 17:35:59 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\HJTInstall.exe
[2009/11/30 18:48:53 | 00,052,011 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\IMG0008-main_Full.jpg
[2009/11/30 09:48:48 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\2010-Ballot - .doc
[2009/11/25 20:33:30 | 00,736,425 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\mergemp3.zip
[2009/11/25 15:32:02 | 04,585,944 | ---- | M] (ManiacTools.com ) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\mp3-splitter-joiner.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/03 21:47:44 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\dds.scr
[2009/12/03 20:13:35 | 00,108,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/12/03 20:13:34 | 00,095,259 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/12/03 09:54:18 | 00,006,616 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\cc_20091203_095417.reg
[2009/12/02 17:41:38 | 00,002,368 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\cc_20091202_174135.reg
[2009/12/02 12:10:37 | 00,177,240 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\activescan2_en.exe
[2009/12/01 20:32:31 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\housecall.guid.cache
[2009/12/01 20:30:40 | 00,014,366 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\cc_20091201_203038.reg
[2009/12/01 18:11:49 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\HijackThis.lnk
[2009/11/30 18:48:52 | 00,052,011 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\IMG0008-main_Full.jpg
[2009/11/30 09:34:40 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\2010-Ballot - .doc
[2009/11/25 20:33:30 | 00,736,425 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\mergemp3.zip
[2009/05/02 13:43:35 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/04/28 16:21:16 | 00,005,120 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/28 15:51:34 | 00,000,155 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\fusioncache.dat
[2008/05/03 12:19:02 | 00,000,217 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2008/05/03 12:18:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/12/11 17:05:01 | 00,000,022 | ---- | C] () -- C:\WINDOWS\TONKA.INI
[2007/01/03 20:26:24 | 00,002,917 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/03 19:47:38 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/26 13:47:31 | 00,000,200 | ---- | C] () -- C:\WINDOWS\actval.ini
[2006/10/06 18:49:05 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/06 18:28:45 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/10/06 18:23:51 | 00,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/10/06 18:23:44 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/10/06 18:20:45 | 00,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/10/06 18:08:50 | 00,004,543 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/10/06 18:08:10 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/10/06 18:03:03 | 00,000,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/10/06 18:02:05 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/10/06 17:59:05 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/06 17:59:05 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/06 17:59:05 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/06 17:59:04 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/06 17:59:04 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/06 17:59:04 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/06 17:59:04 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/06 17:57:51 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/10/06 17:36:00 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/10/06 17:36:00 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/10/06 17:35:42 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 13:58:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 23:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 01:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/09/16 22:24:26 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/07/26 09:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== LOP Check ==========

[2008/11/21 06:08:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2006/10/06 18:13:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2009/07/03 12:44:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KEDDS
[2009/07/03 12:45:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2009/04/27 20:31:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/21 06:08:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/10/06 18:13:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/12/03 16:01:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/09 23:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/09 23:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/09 23:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[2005/06/17 08:33:40 | 00,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/04 07:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
< End of report >


OTL Extras logfile created on: 12/4/2009 12:34:08 PM - Run 1
OTL by OldTimer - Version 3.1.11.5 Folder = C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 449.11 Mb Available Physical Memory | 46.86% Memory free
2.26 Gb Paging File | 1.85 Gb Available in Paging File | 82.07% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 270.61 Gb Total Space | 249.52 Gb Free Space | 92.21% Space Free | Partition Type: NTFS
Drive D: | 8.82 Gb Total Space | 0.60 Gb Free Space | 6.85% Space Free | Partition Type: FAT32
Drive E: | 0.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4DACD0EA75
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-579758089-1594664927-2996123245-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FB4740B3-2530-452D-A825-F7AB246CA7DF}" = muvee autoProducer 5.0
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"AudioConverter Studio_is1" = AudioConverter Studio 6.0
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape Browser" = Netscape Browser (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual MP3 Splitter & Joiner_is1" = Visual MP3 Splitter & Joiner 6.0
"WildTangent hpmedia Master Uninstall" = My HP Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/3/2009 1:41:22 PM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 11905
Description = Product: ESScore -- Error 1905.Module C:\Program Files\Kodak\Kodak
EasyShare software\bin\vdt.dll failed to unregister. HRESULT -2147220472. Contact
your support personnel.

Error - 7/3/2009 1:41:46 PM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 11905
Description = Product: ESSgui -- Error 1905.Module C:\Program Files\Kodak\Kodak
EasyShare software\bin\ESCom.dll failed to unregister. HRESULT -2147220472. Contact
your support personnel.

Error - 7/18/2009 11:13:03 AM | Computer Name = YOUR-4DACD0EA75 | Source = MsiInstaller | ID = 10005
Description = Product: Java™ 6 Update 13 -- Error 25099. Unzipping core files
failed.

Error - 7/30/2009 12:20:16 AM | Computer Name = YOUR-4DACD0EA75 | Source = McLogEvent | ID = 5051
Description =

Error - 7/30/2009 3:10:24 AM | Computer Name = YOUR-4DACD0EA75 | Source = McLogEvent | ID = 5051
Description =

Error - 7/30/2009 11:40:31 AM | Computer Name = YOUR-4DACD0EA75 | Source = McLogEvent | ID = 5051
Description =

Error - 7/30/2009 11:47:19 AM | Computer Name = YOUR-4DACD0EA75 | Source = McLogEvent | ID = 5051
Description =

Error - 7/31/2009 3:41:43 AM | Computer Name = YOUR-4DACD0EA75 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module wscsvc.dll, version 5.1.2600.5512, fault address 0x00008b0e.

Error - 8/14/2009 8:35:57 PM | Computer Name = YOUR-4DACD0EA75 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/29/2009 8:45:10 AM | Computer Name = YOUR-4DACD0EA75 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3498, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 11/18/2009 10:10:24 AM | Computer Name = YOUR-4DACD0EA75 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 2243
seconds with 180 seconds of active time. This session ended with a crash.

Error - 11/18/2009 10:11:07 AM | Computer Name = YOUR-4DACD0EA75 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 27
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/3/2009 8:54:28 PM | Computer Name = YOUR-4DACD0EA75 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/3/2009 8:54:28 PM | Computer Name = YOUR-4DACD0EA75 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/3/2009 10:43:06 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows CardSpace service
to connect.

Error - 12/3/2009 10:43:06 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The Windows CardSpace service failed to start due to the following
error: %%1053

Error - 12/4/2009 1:23:13 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows CardSpace service
to connect.

Error - 12/4/2009 1:23:13 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The Windows CardSpace service failed to start due to the following
error: %%1053

Error - 12/4/2009 1:27:35 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2 IntelIde ViaIde

Error - 12/4/2009 1:27:35 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/4/2009 1:27:37 PM | Computer Name = YOUR-4DACD0EA75 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/4/2009 1:27:37 PM | Computer Name = YOUR-4DACD0EA75 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-04 13:15:46
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\kwxyafod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xF386F58C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xF386FE0C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xF3870922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xF3870E94]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xF38700EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xF386E436]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xF3870D6C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xF386F192]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xF3870C28]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xF386F34E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xF3870FC6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xF3872C08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xF386FAAA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xF3870CCA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xF38725FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xF386E9FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xF386ED88]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xF3870576]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xF38735CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xF386EECA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xF386EF74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xF3870382]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xF387268C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xF386E412]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xF386E424]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xF3872CBC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xF386F0C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xF3870F36]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xF386FE8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xF386E5DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xF3870E04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xF386F792]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xF3872C32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xF3871068]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xF386F6B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xF386F01E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xF386EC46]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xF3872FD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xF386E896]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xF3872922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xF386EB0E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xF386E2B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xF38713F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xF38712B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xF387239A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xF3875E2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xF38734AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xF386E248]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xF387065C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xF386FCC8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xF3871C4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xF3872786]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xF3873114]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xF386E71E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xF38731F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xF3873320]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xF3872526]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xF386F90A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xF386F860]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xF3872E8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xF386F9EA]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C8C 80504528 16 Bytes [4E, F3, 86, F3, C6, 0F, 87, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CC0 8050455C 4 Bytes JMP C9B738E7
.text ntkrnlpa.exe!ZwCallbackReturn + 2D48 805045E4 12 Bytes [8C, 26, 87, F3, 12, E4, 86, ...] {MOV WORD [ESI], FS; XCHG EBX, ESI; ADC AH, AH; XCHG BL, DH; AND AL, 0xe4; XCHG BL, DH}
.text ntkrnlpa.exe!ZwCallbackReturn + 2E88 80504724 4 Bytes CALL 0C893AAF
.text ntkrnlpa.exe!ZwCallbackReturn + 2EC4 80504760 16 Bytes [0E, EB, 86, F3, B0, E2, 86, ...]
.text ...
.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF74297AC]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF67C0360, 0x20574D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [70, 11, 33, 6D]
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [70, 11, 33, 6D]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F334A820] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F334A820] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00390240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 003902B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 00390320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00390390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 00FF0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 00FF08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 00FF0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00FF09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00FF0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FF0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 00390630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 003906A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 00390710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 00390780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 003907F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00FF0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00FF0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00FF0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 00390860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FF0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00FF0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00FF0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00FF0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00FF0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] 003909B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00390A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 00390A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 00390B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 00390B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00FF0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 00FF0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 00FF0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7D1F0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 00390BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 00390C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 7D1F06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 00390CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 7D1F0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 7D1F07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7D1F08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7D1F09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00390EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00390F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 7D1F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7D1F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7D1F0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7D1E0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 01210240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 012102B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 01210320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 01210390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 01210400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 01210470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 012104E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 01210550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7D1E0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 7D1E09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 7D1E0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7D1E0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 012105C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 7D1E0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 7D1E0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7D1E0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01210710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 01210780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 012107F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 01210860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 012108D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 01210940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 012109B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7D1E0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 01210A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 01210A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] 01210B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 003A0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01210B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 01210BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 01210C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 01210CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 01210D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 01210DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 01210E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 01210E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 01210EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 003A0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 003A00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 01210F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 01220010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 01220080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 012200F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 01220160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 012201D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 01220240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 012202B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 003A0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 01220320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 01220390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 01220400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 003A0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01220470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 003A0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 01230320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 01230390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 01230400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01230470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 012304E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 01230550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 012305C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 01230630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 012306A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 01240710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 01240780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 012407F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 01240860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 01240C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 01240CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] 01240D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 01240DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 01240E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 01240E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 01240EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 01240F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01250010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7D1E0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapDestroy] 7D1E0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7D1E0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 7D1F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 7D1F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualFree] 7D1E0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[860] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualAlloc] 7D1E02B0
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\gdi32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\gdi32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\gdi32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\gdi32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1716] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00390240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 003902B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 00390320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00390390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 01070860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 010708D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 01070940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 010709B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 01070A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01070A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 00390630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 003906A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 00390710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 00390780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 003907F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 01070B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 01070B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 01070BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 00390860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01070C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 01070CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 01070D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 01070DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 01070E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] 003909B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00390A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 00390A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 00390B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 00390B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01070E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 01070EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 01070F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7D1F0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 00390BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 00390C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 7D1F06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 00390CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 7D1F0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 7D1F07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7D1F08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7D1F09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00390EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00390F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 7D1F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7D1F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7D1F0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7D1E0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 01080240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 010802B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 01080320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 01080390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 01080400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 01080470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 010804E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 01080550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7D1E0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 7D1E09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 7D1E0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7D1E0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 010805C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 7D1E0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 7D1E0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7D1E0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01080710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 01080780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 010807F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 01080860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 010808D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 01080940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 010809B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7D1E0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 01080A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 01080A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] 01080B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 003A0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01080B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 01080BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 01080C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 01080CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 01080D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 01080DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 01080E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 01080E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 01080EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 003A0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 003A00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 01080F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 01090010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 01090080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 010900F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 01090160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 010901D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 01090240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 010902B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 003A0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 01090320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 01090390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 01090400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 003A0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01090470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 003A0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 010A0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 010A0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 010A0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 010A0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 010A04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 010A0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 010A05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 010A0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 010A06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 010B0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 010B0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 010B0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 010B0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 010B0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 010C0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] 010C0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 010C00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 010C0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 010C01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 010C0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 010C02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 010C0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7D1E0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe[3552] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3576] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\00001367 -> \Driver\atapi \Device\Harddisk0\DR0 8611050C
---- Processes - GMER 1.0.15 ----

Library C:\Documents (*** hidden *** ) @ C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [860] 0x08BC0000

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BFB7D740-B3D8-E38A-867C-2FD05E1713E9}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BFB7D740-B3D8-E38A-867C-2FD05E1713E9}@iaaaphlcidgibfekeh 0x6A 0x61 0x61 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BFB7D740-B3D8-E38A-867C-2FD05E1713E9}@hacaammahnmjapob 0x6B 0x61 0x70 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D2FB27F0-1640-06CD-C2C9-FD1B53C21661}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D2FB27F0-1640-06CD-C2C9-FD1B53C21661}@iadihmikfgdjccnjnp 0x6A 0x61 0x64 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D2FB27F0-1640-06CD-C2C9-FD1B53C21661}@hanibdfpflnfcaaf 0x6A 0x61 0x64 0x70 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:35 PM

Posted 04 December 2009 - 06:55 PM

No, you don't need to run Gmer again. I see the problem.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 zoolers

zoolers
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 04 December 2009 - 09:38 PM

Hi Sam-

i had some funky behavior running the tddskiller..i ran it and it said 1 file was infected/cured (atapi.sys) and when i hit the enter key the window closed another opened and then the computer rebooted..all happened very quickly..now it won't reboot normally..i get a very quick blue screen of death and then the option to boot into safe mode..the good news is that safe mode actually boots now!

here's the log from the c: drive

again..than you!

Host Name: YOUR-4DACD0EA75
OS Name: Microsoft Windows XP Professional
OS Version: 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner:
Registered Organization:
Product ID: 76487-OEM-0011903-00803
Original Install Date: 4/28/2009, 4:50:10 PM
System Up Time: 0 Days, 8 Hours, 48 Minutes, 36 Seconds
System Manufacturer: HP Pavilion 061
System Model: RC659AA-ABA a1632x
System type: X86-based PC
Processor(s): 1 Processor(s) Installed.
[01]: x86 Family 15 Model 43 Stepping 1 AuthenticAMD ~2004 Mhz
BIOS Version: HP-CPC - 42302e31
Windows Directory: C:\WINDOWS
System Directory: C:\WINDOWS\system32
Boot Device: \Device\HarddiskVolume1
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (GMT-05:00) Eastern Time (US & Canada)
Total Physical Memory: 958 MB
Available Physical Memory: 302 MB
Virtual Memory: Max Size: 2,048 MB
Virtual Memory: Available: 2,000 MB
Virtual Memory: In Use: 48 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\YOUR-4DACD0EA75
Hotfix(s): 167 Hotfix(s) Installed.
[01]: File 1
[02]: File 1
[03]: File 1
[04]: File 1
[05]: File 1
[06]: File 1
[07]: File 1
[08]: File 1
[09]: File 1
[10]: File 1
[11]: File 1
[12]: File 1
[13]: File 1
[14]: File 1
[15]: File 1
[16]: File 1
[17]: File 1
[18]: File 1
[19]: File 1
[20]: File 1
[21]: File 1
[22]: File 1
[23]: File 1
[24]: File 1
[25]: File 1
[26]: File 1
[27]: File 1
[28]: File 1
[29]: File 1
[30]: File 1
[31]: File 1
[32]: File 1
[33]: File 1
[34]: File 1
[35]: File 1
[36]: File 1
[37]: File 1
[38]: File 1
[39]: File 1
[40]: File 1
[41]: File 1
[42]: File 1
[43]: File 1
[44]: File 1
[45]: File 1
[46]: File 1
[47]: File 1
[48]: File 1
[49]: File 1
[50]: File 1
[51]: File 1
[52]: File 1
[53]: File 1
[54]: File 1
[55]: File 1
[56]: File 1
[57]: File 1
[58]: File 1
[59]: File 1
[60]: File 1
[61]: File 1
[62]: File 1
[63]: File 1
[64]: File 1
[65]: File 1
[66]: File 1
[67]: File 1
[68]: File 1
[69]: File 1
[70]: File 1
[71]: Q147222
[72]: KB930494 - QFE
[73]: KB953295 - QFE
[74]: SP3 - SP
[75]: M953297 - Update
[76]: S867460 - Update
[77]: KB900325 - Update
[78]: Q936181
[79]: Q954430
[80]: Q973688
[81]: KB923723 - Update
[82]: KB929399
[83]: KB952069_WM9
[84]: KB954155_WM9
[85]: KB968816_WM9
[86]: KB973540_WM9
[87]: KB913800
[88]: KB926251
[89]: KB936782_WMP10
[90]: KB936782_WMP11
[91]: KB939683
[92]: KB954154_WM11
[93]: KB959772_WM11
[94]: KB925398_WMP64
[95]: KB923689
[96]: KB941569
[97]: KB968220-IE8 - Update
[98]: KB969897-IE8 - Update
[99]: KB971961-IE8 - Update
[100]: KB972260-IE8 - Update
[101]: KB974455-IE8 - Update
[102]: KB976749-IE8 - Update
[103]: MSCompPackV1 - Update
[104]: KB936929 - Service Pack
[105]: KB953295 - Update
[106]: KB923561 - Update
[107]: KB938464-v2 - Update
[108]: KB946648 - Update
[109]: KB950760 - Update
[110]: KB950762 - Update
[111]: KB950974 - Update
[112]: KB951066 - Update
[113]: KB951376-v2 - Update
[114]: KB951748 - Update
[115]: KB951978 - Update
[116]: KB952004 - Update
[117]: KB952287 - Update
[118]: KB952954 - Update
[119]: KB953356 - Update
[120]: KB954459 - Update
[121]: KB954550-v5 - Update
[122]: KB954600 - Update
[123]: KB955069 - Update
[124]: KB955839 - Update
[125]: KB956572 - Update
[126]: KB956744 - Update
[127]: KB956802 - Update
[128]: KB956803 - Update
[129]: KB956844 - Update
[130]: KB957097 - Update
[131]: KB958644 - Update
[132]: KB958687 - Update
[133]: KB958690 - Update
[134]: KB958869 - Update
[135]: KB959426 - Update
[136]: KB960225 - Update
[137]: KB960715 - Update
[138]: KB960803 - Update
[139]: KB960859 - Update
[140]: KB961118 - Update
[141]: KB961371 - Update
[142]: KB961373 - Update
[143]: KB961501 - Update
[144]: KB967715 - Update
[145]: KB968389 - Update
[146]: KB968537 - Update
[147]: KB969059 - Update
[148]: KB969898 - Update
[149]: KB969947 - Update
[150]: KB970238 - Update
[151]: KB970653-v3 - Update
[152]: KB971486 - Update
[153]: KB971557 - Update
[154]: KB971633 - Update
[155]: KB971657 - Update
[156]: KB973346 - Update
[157]: KB973354 - Update
[158]: KB973507 - Update
[159]: KB973525 - Update
[160]: KB973687 - Update
[161]: KB973815 - Update
[162]: KB973869 - Update
[163]: KB974112 - Update
[164]: KB974571 - Update
[165]: KB975025 - Update
[166]: KB975467 - Update
[167]: KB976098-v2 - Update
NetWork Card(s): 2 NIC(s) Installed.
[01]: 1394 Net Adapter
Connection Name: 1394 Connection
DHCP Enabled: Yes
DHCP Server: N/A
IP address(es)
[02]: NVIDIA nForce Networking Controller
Connection Name: Local Area Connection
DHCP Enabled: Yes
DHCP Server: 192.168.1.1
IP address(es)
[01]: 192.168.1.102
21:15:19:937 736 ForceUnloadDriver: NtUnloadDriver error 2
21:15:19:937 736 ForceUnloadDriver: NtUnloadDriver error 2
21:15:19:937 736 ForceUnloadDriver: NtUnloadDriver error 2
21:15:19:937 736 main: Driver KLMD successfully dropped
21:15:20:46 736 main: Driver KLMD successfully loaded
21:15:20:46 736
Scanning Registry ...
21:15:20:46 736 ScanServices: Searching service UACd.sys
21:15:20:46 736 ScanServices: Open/Create key error 2
21:15:20:46 736 ScanServices: Searching service TDSSserv.sys
21:15:20:46 736 ScanServices: Open/Create key error 2
21:15:20:46 736 ScanServices: Searching service gaopdxserv.sys
21:15:20:46 736 ScanServices: Open/Create key error 2
21:15:20:46 736 ScanServices: Searching service gxvxcserv.sys
21:15:20:46 736 ScanServices: Open/Create key error 2
21:15:20:46 736 ScanServices: Searching service MSIVXserv.sys
21:15:20:46 736 ScanServices: Open/Create key error 2
21:15:20:46 736 UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000
21:15:20:46 736 UnhookRegistry: Kernel local addr: 1250000
21:15:20:46 736 UnhookRegistry: KeServiceDescriptorTable addr: 12D5700
21:15:20:46 736 UnhookRegistry: KiServiceTable addr: 127D460
21:15:20:46 736 UnhookRegistry: NtEnumerateKey service number (local): 47
21:15:20:46 736 UnhookRegistry: NtEnumerateKey local addr: 139CFF2
21:15:20:62 736 KLMD_OpenDevice: Trying to open KLMD device
21:15:20:62 736 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
21:15:20:62 736 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
21:15:20:62 736 KLMD_ReadMem: Trying to ReadMemory 0x805002C9[0x4]
21:15:20:62 736 UnhookRegistry: NtEnumerateKey service number (kernel): 47
21:15:20:62 736 KLMD_ReadMem: Trying to ReadMemory 0x8050457C[0x4]
21:15:20:62 736 UnhookRegistry: NtEnumerateKey real addr: 80623FF2
21:15:20:62 736 UnhookRegistry: NtEnumerateKey calc addr: 80623FF2
21:15:20:62 736 UnhookRegistry: No SDT hooks found on NtEnumerateKey
21:15:20:62 736 KLMD_ReadMem: Trying to ReadMemory 0x80623FF2[0xA]
21:15:20:62 736 UnhookRegistry: No splicing found on NtEnumerateKey
21:15:20:62 736
Scanning Kernel memory ...
21:15:20:62 736 KLMD_OpenDevice: Trying to open KLMD device
21:15:20:62 736 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
21:15:20:62 736 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
21:15:20:62 736 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 860CAA08
21:15:20:62 736 DetectCureTDL3: KLMD_GetDeviceObjectList returned 11 DevObjects
21:15:20:62 736 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 85802650
21:15:20:62 736 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85802650
21:15:20:62 736 KLMD_ReadMem: Trying to ReadMemory 0x85802650[0x38]
21:15:20:62 736 DetectCureTDL3: DRIVER_OBJECT addr: 860CAA08
21:15:20:62 736 KLMD_ReadMem: Trying to ReadMemory 0x860CAA08[0xA8]
21:15:20:62 736 KLMD_ReadMem: Trying to ReadMemory 0xE18045D8[0x208]
21:15:20:62 736 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
21:15:20:62 736 DetectCureTDL3: IrpHandler (0) addr: F7626BB0
21:15:20:62 736 DetectCureTDL3: IrpHandler (1) addr: 804F4562
21:15:20:62 736 DetectCureTDL3: IrpHandler (2) addr: F7626BB0
21:15:20:62 736 DetectCureTDL3: IrpHandler (3) addr: F7620D1F
21:15:20:62 736 DetectCureTDL3: IrpHandler (4) addr: F7620D1F
21:15:20:62 736 DetectCureTDL3: IrpHandler (5) addr: 804F4562
21:15:20:62 736 DetectCureTDL3: IrpHandler (6) addr: 804F4562
21:15:20:62 736 DetectCureTDL3: IrpHandler (7) addr: 804F4562
21:15:20:62 736 DetectCureTDL3: IrpHandler (8) addr: 804F4562
21:15:20:62 736 DetectCureTDL3: IrpHandler (9) addr: F76212E2
21:15:20:62 736 DetectCureTDL3: IrpHandler (10) addr: 804F4562
21:15:20:62 736 DetectCureTDL3: IrpHandler (11) addr: 804F4562
21:15:20:62 736 DetectCureTDL3: IrpHandler (12) addr: 804F4562
21:15:20:62 736 DetectCureTDL3: IrpHandler (13) addr: 804F4562
21:15:20:62 736 DetectCureTDL3: IrpHandler (14) addr: F76213BB
21:15:20:62 736 DetectCureTDL3: IrpHandler (15) addr: F7624F28
21:15:20:62 736 DetectCureTDL3: IrpHandler (16) addr: F76212E2
21:15:20:62 736 DetectCureTDL3: IrpHandler (17) addr: 804F4562
21:15:20:62 736 DetectCureTDL3: IrpHandler (18) addr: 804F4562
21:15:20:62 736 DetectCureTDL3: IrpHandler (19) addr: 804F4562
21:15:20:62 736 DetectCureTDL3: IrpHandler (20) addr: 804F4562
21:15:20:62 736 DetectCureTDL3: IrpHandler (21) addr: 804F4562
21:15:20:62 736 DetectCureTDL3: IrpHandler (22) addr: F7622C82
21:15:20:62 736 DetectCureTDL3: IrpHandler (23) addr: F762799E
21:15:20:62 736 DetectCureTDL3: IrpHandler (24) addr: 804F4562
21:15:20:62 736 DetectCureTDL3: IrpHandler (25) addr: 804F4562
21:15:20:62 736 DetectCureTDL3: IrpHandler (26) addr: 804F4562
21:15:20:62 736 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\Disk.sys
21:15:20:62 736 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\Disk.sys
21:15:20:78 736 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 857F1650
21:15:20:78 736 KLMD_GetLowerDeviceObject: Trying to get lower device object for 857F1650
21:15:20:78 736 KLMD_ReadMem: Trying to ReadMemory 0x857F1650[0x38]
21:15:20:78 736 DetectCureTDL3: DRIVER_OBJECT addr: 860CAA08
21:15:20:78 736 KLMD_ReadMem: Trying to ReadMemory 0x860CAA08[0xA8]
21:15:20:78 736 KLMD_ReadMem: Trying to ReadMemory 0xE18045D8[0x208]
21:15:20:78 736 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
21:15:20:78 736 DetectCureTDL3: IrpHandler (0) addr: F7626BB0
21:15:20:78 736 DetectCureTDL3: IrpHandler (1) addr: 804F4562
21:15:20:78 736 DetectCureTDL3: IrpHandler (2) addr: F7626BB0
21:15:20:78 736 DetectCureTDL3: IrpHandler (3) addr: F7620D1F
21:15:20:78 736 DetectCureTDL3: IrpHandler (4) addr: F7620D1F
21:15:20:78 736 DetectCureTDL3: IrpHandler (5) addr: 804F4562
21:15:20:78 736 DetectCureTDL3: IrpHandler (6) addr: 804F4562
21:15:20:78 736 DetectCureTDL3: IrpHandler (7) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (8) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (9) addr: F76212E2
21:15:20:93 736 DetectCureTDL3: IrpHandler (10) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (11) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (12) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (13) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (14) addr: F76213BB
21:15:20:93 736 DetectCureTDL3: IrpHandler (15) addr: F7624F28
21:15:20:93 736 DetectCureTDL3: IrpHandler (16) addr: F76212E2
21:15:20:93 736 DetectCureTDL3: IrpHandler (17) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (18) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (19) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (20) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (21) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (22) addr: F7622C82
21:15:20:93 736 DetectCureTDL3: IrpHandler (23) addr: F762799E
21:15:20:93 736 DetectCureTDL3: IrpHandler (24) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (25) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (26) addr: 804F4562
21:15:20:93 736 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\Disk.sys
21:15:20:93 736 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\Disk.sys
21:15:20:93 736 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 857E0650
21:15:20:93 736 KLMD_GetLowerDeviceObject: Trying to get lower device object for 857E0650
21:15:20:93 736 KLMD_ReadMem: Trying to ReadMemory 0x857E0650[0x38]
21:15:20:93 736 DetectCureTDL3: DRIVER_OBJECT addr: 860CAA08
21:15:20:93 736 KLMD_ReadMem: Trying to ReadMemory 0x860CAA08[0xA8]
21:15:20:93 736 KLMD_ReadMem: Trying to ReadMemory 0xE18045D8[0x208]
21:15:20:93 736 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
21:15:20:93 736 DetectCureTDL3: IrpHandler (0) addr: F7626BB0
21:15:20:93 736 DetectCureTDL3: IrpHandler (1) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (2) addr: F7626BB0
21:15:20:93 736 DetectCureTDL3: IrpHandler (3) addr: F7620D1F
21:15:20:93 736 DetectCureTDL3: IrpHandler (4) addr: F7620D1F
21:15:20:93 736 DetectCureTDL3: IrpHandler (5) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (6) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (7) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (8) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (9) addr: F76212E2
21:15:20:93 736 DetectCureTDL3: IrpHandler (10) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (11) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (12) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (13) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (14) addr: F76213BB
21:15:20:93 736 DetectCureTDL3: IrpHandler (15) addr: F7624F28
21:15:20:93 736 DetectCureTDL3: IrpHandler (16) addr: F76212E2
21:15:20:93 736 DetectCureTDL3: IrpHandler (17) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (18) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (19) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (20) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (21) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (22) addr: F7622C82
21:15:20:93 736 DetectCureTDL3: IrpHandler (23) addr: F762799E
21:15:20:93 736 DetectCureTDL3: IrpHandler (24) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (25) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (26) addr: 804F4562
21:15:20:93 736 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\Disk.sys
21:15:20:93 736 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\Disk.sys
21:15:20:93 736 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 85878650
21:15:20:93 736 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85878650
21:15:20:93 736 KLMD_ReadMem: Trying to ReadMemory 0x85878650[0x38]
21:15:20:93 736 DetectCureTDL3: DRIVER_OBJECT addr: 860CAA08
21:15:20:93 736 KLMD_ReadMem: Trying to ReadMemory 0x860CAA08[0xA8]
21:15:20:93 736 KLMD_ReadMem: Trying to ReadMemory 0xE18045D8[0x208]
21:15:20:93 736 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
21:15:20:93 736 DetectCureTDL3: IrpHandler (0) addr: F7626BB0
21:15:20:93 736 DetectCureTDL3: IrpHandler (1) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (2) addr: F7626BB0
21:15:20:93 736 DetectCureTDL3: IrpHandler (3) addr: F7620D1F
21:15:20:93 736 DetectCureTDL3: IrpHandler (4) addr: F7620D1F
21:15:20:93 736 DetectCureTDL3: IrpHandler (5) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (6) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (7) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (8) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (9) addr: F76212E2
21:15:20:93 736 DetectCureTDL3: IrpHandler (10) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (11) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (12) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (13) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (14) addr: F76213BB
21:15:20:93 736 DetectCureTDL3: IrpHandler (15) addr: F7624F28
21:15:20:93 736 DetectCureTDL3: IrpHandler (16) addr: F76212E2
21:15:20:93 736 DetectCureTDL3: IrpHandler (17) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (18) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (19) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (20) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (21) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (22) addr: F7622C82
21:15:20:93 736 DetectCureTDL3: IrpHandler (23) addr: F762799E
21:15:20:93 736 DetectCureTDL3: IrpHandler (24) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (25) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (26) addr: 804F4562
21:15:20:93 736 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\Disk.sys
21:15:20:93 736 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\Disk.sys
21:15:20:93 736 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 85E3AAB8
21:15:20:93 736 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85E3AAB8
21:15:20:93 736 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 85D4F8E0
21:15:20:93 736 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85D4F8E0
21:15:20:93 736 KLMD_ReadMem: Trying to ReadMemory 0x85D4F8E0[0x38]
21:15:20:93 736 DetectCureTDL3: DRIVER_OBJECT addr: 85FB7568
21:15:20:93 736 KLMD_ReadMem: Trying to ReadMemory 0x85FB7568[0xA8]
21:15:20:93 736 KLMD_ReadMem: Trying to ReadMemory 0xE1F2D348[0x208]
21:15:20:93 736 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
21:15:20:93 736 DetectCureTDL3: IrpHandler (0) addr: F78DD218
21:15:20:93 736 DetectCureTDL3: IrpHandler (1) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (2) addr: F78DD218
21:15:20:93 736 DetectCureTDL3: IrpHandler (3) addr: F78DD23C
21:15:20:93 736 DetectCureTDL3: IrpHandler (4) addr: F78DD23C
21:15:20:93 736 DetectCureTDL3: IrpHandler (5) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (6) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (7) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (8) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (9) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (10) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (11) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (12) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (13) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (14) addr: F78DD180
21:15:20:93 736 DetectCureTDL3: IrpHandler (15) addr: F78D89E6
21:15:20:93 736 DetectCureTDL3: IrpHandler (16) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (17) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (18) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (19) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (20) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (21) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (22) addr: F78DC5F0
21:15:20:93 736 DetectCureTDL3: IrpHandler (23) addr: F78DAA6E
21:15:20:93 736 DetectCureTDL3: IrpHandler (24) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (25) addr: 804F4562
21:15:20:93 736 DetectCureTDL3: IrpHandler (26) addr: 804F4562
21:15:20:93 736 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\usbstor.sys
21:15:20:93 736 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\usbstor.sys
21:15:20:109 736 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 85E90668
21:15:20:109 736 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85E90668
21:15:20:109 736 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 85D24030
21:15:20:109 736 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85D24030
21:15:20:109 736 KLMD_ReadMem: Trying to ReadMemory 0x85D24030[0x38]
21:15:20:109 736 DetectCureTDL3: DRIVER_OBJECT addr: 85FB7568
21:15:20:109 736 KLMD_ReadMem: Trying to ReadMemory 0x85FB7568[0xA8]
21:15:20:109 736 KLMD_ReadMem: Trying to ReadMemory 0xE1F2D348[0x208]
21:15:20:109 736 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
21:15:20:109 736 DetectCureTDL3: IrpHandler (0) addr: F78DD218
21:15:20:109 736 DetectCureTDL3: IrpHandler (1) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (2) addr: F78DD218
21:15:20:109 736 DetectCureTDL3: IrpHandler (3) addr: F78DD23C
21:15:20:109 736 DetectCureTDL3: IrpHandler (4) addr: F78DD23C
21:15:20:109 736 DetectCureTDL3: IrpHandler (5) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (6) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (7) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (8) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (9) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (10) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (11) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (12) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (13) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (14) addr: F78DD180
21:15:20:109 736 DetectCureTDL3: IrpHandler (15) addr: F78D89E6
21:15:20:109 736 DetectCureTDL3: IrpHandler (16) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (17) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (18) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (19) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (20) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (21) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (22) addr: F78DC5F0
21:15:20:109 736 DetectCureTDL3: IrpHandler (23) addr: F78DAA6E
21:15:20:109 736 DetectCureTDL3: IrpHandler (24) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (25) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (26) addr: 804F4562
21:15:20:109 736 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\usbstor.sys
21:15:20:109 736 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\usbstor.sys
21:15:20:109 736 DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 851504D0
21:15:20:109 736 KLMD_GetLowerDeviceObject: Trying to get lower device object for 851504D0
21:15:20:109 736 DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 85DE3EA0
21:15:20:109 736 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85DE3EA0
21:15:20:109 736 KLMD_ReadMem: Trying to ReadMemory 0x85DE3EA0[0x38]
21:15:20:109 736 DetectCureTDL3: DRIVER_OBJECT addr: 85FB7568
21:15:20:109 736 KLMD_ReadMem: Trying to ReadMemory 0x85FB7568[0xA8]
21:15:20:109 736 KLMD_ReadMem: Trying to ReadMemory 0xE1F2D348[0x208]
21:15:20:109 736 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
21:15:20:109 736 DetectCureTDL3: IrpHandler (0) addr: F78DD218
21:15:20:109 736 DetectCureTDL3: IrpHandler (1) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (2) addr: F78DD218
21:15:20:109 736 DetectCureTDL3: IrpHandler (3) addr: F78DD23C
21:15:20:109 736 DetectCureTDL3: IrpHandler (4) addr: F78DD23C
21:15:20:109 736 DetectCureTDL3: IrpHandler (5) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (6) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (7) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (8) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (9) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (10) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (11) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (12) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (13) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (14) addr: F78DD180
21:15:20:109 736 DetectCureTDL3: IrpHandler (15) addr: F78D89E6
21:15:20:109 736 DetectCureTDL3: IrpHandler (16) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (17) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (18) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (19) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (20) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (21) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (22) addr: F78DC5F0
21:15:20:109 736 DetectCureTDL3: IrpHandler (23) addr: F78DAA6E
21:15:20:109 736 DetectCureTDL3: IrpHandler (24) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (25) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (26) addr: 804F4562
21:15:20:109 736 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\usbstor.sys
21:15:20:109 736 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\usbstor.sys
21:15:20:109 736 DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 8518D920
21:15:20:109 736 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8518D920
21:15:20:109 736 DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 85D68D08
21:15:20:109 736 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85D68D08
21:15:20:109 736 KLMD_ReadMem: Trying to ReadMemory 0x85D68D08[0x38]
21:15:20:109 736 DetectCureTDL3: DRIVER_OBJECT addr: 85FB7568
21:15:20:109 736 KLMD_ReadMem: Trying to ReadMemory 0x85FB7568[0xA8]
21:15:20:109 736 KLMD_ReadMem: Trying to ReadMemory 0xE1F2D348[0x208]
21:15:20:109 736 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
21:15:20:109 736 DetectCureTDL3: IrpHandler (0) addr: F78DD218
21:15:20:109 736 DetectCureTDL3: IrpHandler (1) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (2) addr: F78DD218
21:15:20:109 736 DetectCureTDL3: IrpHandler (3) addr: F78DD23C
21:15:20:109 736 DetectCureTDL3: IrpHandler (4) addr: F78DD23C
21:15:20:109 736 DetectCureTDL3: IrpHandler (5) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (6) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (7) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (8) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (9) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (10) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (11) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (12) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (13) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (14) addr: F78DD180
21:15:20:109 736 DetectCureTDL3: IrpHandler (15) addr: F78D89E6
21:15:20:109 736 DetectCureTDL3: IrpHandler (16) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (17) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (18) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (19) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (20) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (21) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (22) addr: F78DC5F0
21:15:20:109 736 DetectCureTDL3: IrpHandler (23) addr: F78DAA6E
21:15:20:109 736 DetectCureTDL3: IrpHandler (24) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (25) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (26) addr: 804F4562
21:15:20:109 736 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\usbstor.sys
21:15:20:109 736 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\usbstor.sys
21:15:20:109 736 DetectCureTDL3: 8 Curr stack PDEVICE_OBJECT: 860C8C68
21:15:20:109 736 KLMD_GetLowerDeviceObject: Trying to get lower device object for 860C8C68
21:15:20:109 736 KLMD_ReadMem: Trying to ReadMemory 0x860C8C68[0x38]
21:15:20:109 736 DetectCureTDL3: DRIVER_OBJECT addr: 860CAA08
21:15:20:109 736 KLMD_ReadMem: Trying to ReadMemory 0x860CAA08[0xA8]
21:15:20:109 736 KLMD_ReadMem: Trying to ReadMemory 0xE18045D8[0x208]
21:15:20:109 736 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
21:15:20:109 736 DetectCureTDL3: IrpHandler (0) addr: F7626BB0
21:15:20:109 736 DetectCureTDL3: IrpHandler (1) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (2) addr: F7626BB0
21:15:20:109 736 DetectCureTDL3: IrpHandler (3) addr: F7620D1F
21:15:20:109 736 DetectCureTDL3: IrpHandler (4) addr: F7620D1F
21:15:20:109 736 DetectCureTDL3: IrpHandler (5) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (6) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (7) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (8) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (9) addr: F76212E2
21:15:20:109 736 DetectCureTDL3: IrpHandler (10) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (11) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (12) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (13) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (14) addr: F76213BB
21:15:20:109 736 DetectCureTDL3: IrpHandler (15) addr: F7624F28
21:15:20:109 736 DetectCureTDL3: IrpHandler (16) addr: F76212E2
21:15:20:109 736 DetectCureTDL3: IrpHandler (17) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (18) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (19) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (20) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (21) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (22) addr: F7622C82
21:15:20:109 736 DetectCureTDL3: IrpHandler (23) addr: F762799E
21:15:20:109 736 DetectCureTDL3: IrpHandler (24) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (25) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (26) addr: 804F4562
21:15:20:109 736 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\Disk.sys
21:15:20:109 736 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\Disk.sys
21:15:20:109 736 DetectCureTDL3: 9 Curr stack PDEVICE_OBJECT: 86150C68
21:15:20:109 736 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86150C68
21:15:20:109 736 KLMD_ReadMem: Trying to ReadMemory 0x86150C68[0x38]
21:15:20:109 736 DetectCureTDL3: DRIVER_OBJECT addr: 860CAA08
21:15:20:109 736 KLMD_ReadMem: Trying to ReadMemory 0x860CAA08[0xA8]
21:15:20:109 736 KLMD_ReadMem: Trying to ReadMemory 0xE18045D8[0x208]
21:15:20:109 736 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
21:15:20:109 736 DetectCureTDL3: IrpHandler (0) addr: F7626BB0
21:15:20:109 736 DetectCureTDL3: IrpHandler (1) addr: 804F4562
21:15:20:109 736 DetectCureTDL3: IrpHandler (2) addr: F7626BB0
21:15:20:125 736 DetectCureTDL3: IrpHandler (3) addr: F7620D1F
21:15:20:125 736 DetectCureTDL3: IrpHandler (4) addr: F7620D1F
21:15:20:125 736 DetectCureTDL3: IrpHandler (5) addr: 804F4562
21:15:20:125 736 DetectCureTDL3: IrpHandler (6) addr: 804F4562
21:15:20:125 736 DetectCureTDL3: IrpHandler (7) addr: 804F4562
21:15:20:125 736 DetectCureTDL3: IrpHandler (8) addr: 804F4562
21:15:20:125 736 DetectCureTDL3: IrpHandler (9) addr: F76212E2
21:15:20:125 736 DetectCureTDL3: IrpHandler (10) addr: 804F4562
21:15:20:125 736 DetectCureTDL3: IrpHandler (11) addr: 804F4562
21:15:20:125 736 DetectCureTDL3: IrpHandler (12) addr: 804F4562
21:15:20:125 736 DetectCureTDL3: IrpHandler (13) addr: 804F4562
21:15:20:125 736 DetectCureTDL3: IrpHandler (14) addr: F76213BB
21:15:20:125 736 DetectCureTDL3: IrpHandler (15) addr: F7624F28
21:15:20:125 736 DetectCureTDL3: IrpHandler (16) addr: F76212E2
21:15:20:125 736 DetectCureTDL3: IrpHandler (17) addr: 804F4562
21:15:20:125 736 DetectCureTDL3: IrpHandler (18) addr: 804F4562
21:15:20:125 736 DetectCureTDL3: IrpHandler (19) addr: 804F4562
21:15:20:125 736 DetectCureTDL3: IrpHandler (20) addr: 804F4562
21:15:20:125 736 DetectCureTDL3: IrpHandler (21) addr: 804F4562
21:15:20:125 736 DetectCureTDL3: IrpHandler (22) addr: F7622C82
21:15:20:125 736 DetectCureTDL3: IrpHandler (23) addr: F762799E
21:15:20:125 736 DetectCureTDL3: IrpHandler (24) addr: 804F4562
21:15:20:125 736 DetectCureTDL3: IrpHandler (25) addr: 804F4562
21:15:20:125 736 DetectCureTDL3: IrpHandler (26) addr: 804F4562
21:15:20:125 736 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\Disk.sys
21:15:20:125 736 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\Disk.sys
21:15:20:125 736 DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 860C9AB8
21:15:20:125 736 KLMD_GetLowerDeviceObject: Trying to get lower device object for 860C9AB8
21:15:20:125 736 DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 8615CE98
21:15:20:125 736 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8615CE98
21:15:20:125 736 DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 8610B940
21:15:20:125 736 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8610B940
21:15:20:125 736 KLMD_ReadMem: Trying to ReadMemory 0x8610B940[0x38]
21:15:20:125 736 DetectCureTDL3: DRIVER_OBJECT addr: 85D84360
21:15:20:125 736 KLMD_ReadMem: Trying to ReadMemory 0x85D84360[0xA8]
21:15:20:125 736 KLMD_ReadMem: Trying to ReadMemory 0x860E5940[0x38]
21:15:20:125 736 KLMD_ReadMem: Trying to ReadMemory 0x86170030[0xA8]
21:15:20:125 736 KLMD_ReadMem: Trying to ReadMemory 0xE10370E8[0x208]
21:15:20:125 736 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
21:15:20:125 736 DetectCureTDL3: IrpHandler (0) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (1) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (2) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (3) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (4) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (5) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (6) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (7) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (8) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (9) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (10) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (11) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (12) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (13) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (14) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (15) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (16) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (17) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (18) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (19) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (20) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (21) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (22) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (23) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (24) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (25) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: IrpHandler (26) addr: 8611050C
21:15:20:125 736 DetectCureTDL3: All IRP handlers pointed to one addr: 8611050C
21:15:20:125 736 KLMD_ReadMem: Trying to ReadMemory 0x8611050C[0x400]
21:15:20:125 736 TDL3_HookDetect: TDL3 is already cured
21:15:20:125 736 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\Drivers\atapi.sys
21:15:20:125 736 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\Drivers\atapi.sys
21:15:20:156 736
Completed

Results:
21:15:20:156 736 Infected / Cured drivers in memory: 0 / 0
21:15:20:156 736 Infected / Cured drivers on disk: 0 / 0
21:15:20:156 736 Files deleted on next reboot: 0
21:15:20:156 736 Registry nodes deleted on next reboot: 0
21:15:20:156 736

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:35 PM

Posted 05 December 2009 - 09:43 AM

Open up this folder.

C:\WINDOWS\system32\Drivers

and locate the atapi.sys file.

Now drag atapi.sys to your desktop.
Wait about 10 seconds and then hit F5 on your keyboard.
Look to see if a new atapi.sys file is created in the Drivers folder.

IMPORTANT STEP - If you don't see a new atapi.sys created after hitting F5 you must drag atapi.sys back from your desktop into the Drivers folder again.
If this is the case, then don't bother with the next step. Just post back here and we'll proceed differently.




See if you can boot up to normal mode now.



Please visit the online Virustotal Virus Scanner
  • Click on Browse button.
  • Navigate to the following file and upload it.


    C:\WINDOWS\ServicePackFiles\i386\atapi.sys


  • The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 zoolers

zoolers
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 05 December 2009 - 11:37 AM

Hey Sam-

A new atapi.sys file was not created

thanks,
jb

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:35 PM

Posted 05 December 2009 - 01:30 PM

I'm assuming you are still stuck in safe mode?

Please open a command window (Start -> Run, type CMD and click OK). At the prompt type the following lines (one by one) and press Enter after each line:


Copy /y C:\WINDOWS\ServicePackFiles\i386\atapi.sys C:\WINDOWS\system32\drivers
Exit

You should get a message that says 1 file copied.


Check to see if you can reboot back into normal mode now.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 zoolers

zoolers
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 05 December 2009 - 02:19 PM

hi again-

it successfully copied the file, but i'm still unable to boot normally (i can boot into safe mode still)

thanks

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:35 PM

Posted 05 December 2009 - 03:23 PM

When you reboot do you get an option that says Last Known Good Configuration?
If so, try booting to it.

Otherwise see if you can get to System Restore and restore your computer to when it was booting normally.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 zoolers

zoolers
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 05 December 2009 - 04:06 PM

hi there-

i tried the last known configuration and that didn't work..i then tried to do system restore but it says it has been disabled and can't be enabled in safe mode, etc (ugh!)

thanks,
jb

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:35 PM

Posted 06 December 2009 - 09:20 AM

Upon rereading your comments I wonder if tddskiller didn't run completely.
Try running it again.

Do you have your Windows XP disc?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 zoolers

zoolers
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 06 December 2009 - 12:07 PM

hi sam-

i re-ran tddskiller and still cannot get into normal mode (still okay with safe mode)

which windows xp disk? i have the disks the computer came with but the recovery disks were never made..although i do have them from another computer with the same OS

here's the log from tddskiller:


Host Name: YOUR-4DACD0EA75
OS Name: Microsoft Windows XP Professional
OS Version: 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner:
Registered Organization:
Product ID: 76487-OEM-0011903-00803
Original Install Date: 4/28/2009, 4:50:10 PM
System Up Time: 0 Days, 0 Hours, 3 Minutes, 2 Seconds
System Manufacturer: HP Pavilion 061
System Model: RC659AA-ABA a1632x
System type: X86-based PC
Processor(s): 1 Processor(s) Installed.
[01]: x86 Family 15 Model 43 Stepping 1 AuthenticAMD ~2004 Mhz
BIOS Version: HP-CPC - 42302e31
Windows Directory: C:\WINDOWS
System Directory: C:\WINDOWS\system32
Boot Device: \Device\HarddiskVolume1
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (GMT-05:00) Eastern Time (US & Canada)
Total Physical Memory: 958 MB
Available Physical Memory: 690 MB
Virtual Memory: Max Size: 2,048 MB
Virtual Memory: Available: 2,008 MB
Virtual Memory: In Use: 40 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\YOUR-4DACD0EA75
Hotfix(s): 167 Hotfix(s) Installed.
[01]: File 1
[02]: File 1
[03]: File 1
[04]: File 1
[05]: File 1
[06]: File 1
[07]: File 1
[08]: File 1
[09]: File 1
[10]: File 1
[11]: File 1
[12]: File 1
[13]: File 1
[14]: File 1
[15]: File 1
[16]: File 1
[17]: File 1
[18]: File 1
[19]: File 1
[20]: File 1
[21]: File 1
[22]: File 1
[23]: File 1
[24]: File 1
[25]: File 1
[26]: File 1
[27]: File 1
[28]: File 1
[29]: File 1
[30]: File 1
[31]: File 1
[32]: File 1
[33]: File 1
[34]: File 1
[35]: File 1
[36]: File 1
[37]: File 1
[38]: File 1
[39]: File 1
[40]: File 1
[41]: File 1
[42]: File 1
[43]: File 1
[44]: File 1
[45]: File 1
[46]: File 1
[47]: File 1
[48]: File 1
[49]: File 1
[50]: File 1
[51]: File 1
[52]: File 1
[53]: File 1
[54]: File 1
[55]: File 1
[56]: File 1
[57]: File 1
[58]: File 1
[59]: File 1
[60]: File 1
[61]: File 1
[62]: File 1
[63]: File 1
[64]: File 1
[65]: File 1
[66]: File 1
[67]: File 1
[68]: File 1
[69]: File 1
[70]: File 1
[71]: Q147222
[72]: KB930494 - QFE
[73]: KB953295 - QFE
[74]: SP3 - SP
[75]: M953297 - Update
[76]: S867460 - Update
[77]: KB900325 - Update
[78]: Q936181
[79]: Q954430
[80]: Q973688
[81]: KB923723 - Update
[82]: KB929399
[83]: KB952069_WM9
[84]: KB954155_WM9
[85]: KB968816_WM9
[86]: KB973540_WM9
[87]: KB913800
[88]: KB926251
[89]: KB936782_WMP10
[90]: KB936782_WMP11
[91]: KB939683
[92]: KB954154_WM11
[93]: KB959772_WM11
[94]: KB925398_WMP64
[95]: KB923689
[96]: KB941569
[97]: KB968220-IE8 - Update
[98]: KB969897-IE8 - Update
[99]: KB971961-IE8 - Update
[100]: KB972260-IE8 - Update
[101]: KB974455-IE8 - Update
[102]: KB976749-IE8 - Update
[103]: MSCompPackV1 - Update
[104]: KB936929 - Service Pack
[105]: KB953295 - Update
[106]: KB923561 - Update
[107]: KB938464-v2 - Update
[108]: KB946648 - Update
[109]: KB950760 - Update
[110]: KB950762 - Update
[111]: KB950974 - Update
[112]: KB951066 - Update
[113]: KB951376-v2 - Update
[114]: KB951748 - Update
[115]: KB951978 - Update
[116]: KB952004 - Update
[117]: KB952287 - Update
[118]: KB952954 - Update
[119]: KB953356 - Update
[120]: KB954459 - Update
[121]: KB954550-v5 - Update
[122]: KB954600 - Update
[123]: KB955069 - Update
[124]: KB955839 - Update
[125]: KB956572 - Update
[126]: KB956744 - Update
[127]: KB956802 - Update
[128]: KB956803 - Update
[129]: KB956844 - Update
[130]: KB957097 - Update
[131]: KB958644 - Update
[132]: KB958687 - Update
[133]: KB958690 - Update
[134]: KB958869 - Update
[135]: KB959426 - Update
[136]: KB960225 - Update
[137]: KB960715 - Update
[138]: KB960803 - Update
[139]: KB960859 - Update
[140]: KB961118 - Update
[141]: KB961371 - Update
[142]: KB961373 - Update
[143]: KB961501 - Update
[144]: KB967715 - Update
[145]: KB968389 - Update
[146]: KB968537 - Update
[147]: KB969059 - Update
[148]: KB969898 - Update
[149]: KB969947 - Update
[150]: KB970238 - Update
[151]: KB970653-v3 - Update
[152]: KB971486 - Update
[153]: KB971557 - Update
[154]: KB971633 - Update
[155]: KB971657 - Update
[156]: KB973346 - Update
[157]: KB973354 - Update
[158]: KB973507 - Update
[159]: KB973525 - Update
[160]: KB973687 - Update
[161]: KB973815 - Update
[162]: KB973869 - Update
[163]: KB974112 - Update
[164]: KB974571 - Update
[165]: KB975025 - Update
[166]: KB975467 - Update
[167]: KB976098-v2 - Update
NetWork Card(s): 1 NIC(s) Installed.
[01]: NVIDIA nForce Networking Controller
Connection Name: Local Area Connection
DHCP Enabled: Yes
DHCP Server: 192.168.0.1
IP address(es)
[01]: 192.168.0.100
11:51:59:968 1600 ForceUnloadDriver: NtUnloadDriver error 2
11:51:59:968 1600 ForceUnloadDriver: NtUnloadDriver error 2
11:51:59:968 1600 ForceUnloadDriver: NtUnloadDriver error 2
11:52:0:0 1600 main: Driver KLMD successfully dropped
11:52:0:0 1600 main: Driver KLMD successfully loaded
11:52:0:0 1600
Scanning Registry ...
11:52:0:31 1600 ScanServices: Searching service UACd.sys
11:52:0:31 1600 ScanServices: Open/Create key error 2
11:52:0:31 1600 ScanServices: Searching service TDSSserv.sys
11:52:0:31 1600 ScanServices: Open/Create key error 2
11:52:0:31 1600 ScanServices: Searching service gaopdxserv.sys
11:52:0:31 1600 ScanServices: Open/Create key error 2
11:52:0:31 1600 ScanServices: Searching service gxvxcserv.sys
11:52:0:31 1600 ScanServices: Open/Create key error 2
11:52:0:31 1600 ScanServices: Searching service MSIVXserv.sys
11:52:0:31 1600 ScanServices: Open/Create key error 2
11:52:0:31 1600 UnhookRegistry: Kernel module file name: C:\windows\system32\ntoskrnl.exe, base addr: 804D7000
11:52:0:62 1600 UnhookRegistry: Kernel local addr: B30000
11:52:0:78 1600 UnhookRegistry: KeServiceDescriptorTable addr: BBB520
11:52:0:109 1600 UnhookRegistry: KiServiceTable addr: B3D8B0
11:52:0:109 1600 UnhookRegistry: NtEnumerateKey service number (local): 47
11:52:0:109 1600 UnhookRegistry: NtEnumerateKey local addr: BD1E14
11:52:0:125 1600 KLMD_OpenDevice: Trying to open KLMD device
11:52:0:125 1600 UnhookRegistry: Cannot get access to KLMD, error 2
11:52:0:125 1600 ScanHiddenServices: UnhookRegistry error
11:52:0:125 1600
Scanning Kernel memory ...
11:52:0:125 1600 KLMD_OpenDevice: Trying to open KLMD device
11:52:0:125 1600 DetectCureTDL3: Cannot get access to KLMD, error 2
11:52:0:125 1600 DetectCureTDL3 failed
11:52:0:125 1600 UnloadDriver: NtUnloadDriver error 2
11:52:0:125 1600 main: Driver KLMD unload error
11:52:0:125 1600
Completed

Results:
11:52:0:125 1600 Infected / Cured drivers in memory: 0 / 0
11:52:0:125 1600 Infected / Cured drivers on disk: 0 / 0
11:52:0:125 1600 Files deleted on next reboot: 0
11:52:0:140 1600 Registry nodes deleted on next reboot: 0
11:52:0:140 1600

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:35 PM

Posted 06 December 2009 - 11:59 PM

What you're looking for is the Windows installation disc.
Once you find that, follow these directions to perform a repair installation.

http://www.microsoft.com/windowsxp/using/h...ips/doug92.mspx
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 zoolers

zoolers
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 07 December 2009 - 04:04 PM

hi sam-

i had assumed the Windows Install CD would be with all the manuals that the computer came with but its not there..is it possible it didn't come with one? is there a work-around?

thanks,
jb




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users