Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot remove trojan


  • This topic is locked This topic is locked
14 replies to this topic

#1 dcrht

dcrht

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 07 January 2010 - 05:50 AM

Hi, thank you for reading this. Every 5 minutes KIS 2010 warns me that svchost.exe in temp folder contains Downloader.Win32.Agent.cywu. After being deleted by KIS 2010, it is being generated again and again.
I don't think it has caused any harm to my computer except being annoying, so I would like to remove it asap.

I cannot find out the source of the trojan. KIS 2010, SUPERAntiSpyware and MBAM said my computer is clean.

* RootRepeal.exe cannot be run on Windows 7! mellow.gif









DDS (Ver_09-12-01.01) - NTFSx86
Run by alice at 17:56:15.05 on 07/01/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7600.0.950.852.1033.18.3069.795 [GMT 8:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\GridService\peer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SuperLogix\Super Utilities\SuperUtil.exe
C:\Program Files\WinSnap\WinSnap.exe
C:\Users\alice\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\QTRAYIME.EXE
C:\Program Files\DNA\btdna.exe
C:\Users\alice\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.nicovideo.jp/myvideo/2166165?sort=n
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [AdobeBridge]
uRun: [MirokoClient] "c:\program files\miroko\MirokoClient.exe" -startup
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\alice\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Super Utilities] c:\program files\superlogix\super utilities\SuperUtil.exe /min
uRun: [WinSnap] "c:\program files\winsnap\WinSnap.exe" /startup
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Grid Service] "c:\program files\gridservice\peer.exe" -n Grid
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Blackmagic CheckVersion PCI] c:\program files\blackmagic design\blackmagic intensity\CheckVersionPCI.exe
mRun: [avp] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\microt~1.lnk - c:\program files\microtek\scanwizard 5\ScannerFinder.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\alice\appdata\roaming\mozilla\firefox\profiles\mk4caool.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nicovideo.jp/myvideo/3517478?sort=n
FF - component: c:\program files\mozilla firefox 3.6 beta 3\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox 3.6 beta 3\plugins\npwachk.dll
FF - plugin: c:\users\alice\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.6 beta 3\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox 3.6 beta 3\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox 3.6 beta 3\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AFPAnsi;Alfa File Protector Ansi;c:\windows\system32\drivers\AFPAnsi.sys [2010-1-4 43936]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-4 64288]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R1 SuperMounter;SuperMounter;c:\windows\system32\drivers\supermounter.sys [2010-1-4 11264]
R3 BMDDeckLinkAudio;BMDDeckLinkAudio;c:\windows\system32\drivers\deckaud.sys [2009-11-11 13824]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
R3 DeckLink;DeckLink;c:\windows\system32\drivers\Intensity.sys [2009-11-11 228352]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2009-12-29 40576]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-5 230912]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2009-12-29 27192]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-6-28 1310720]

=============== Created Last 30 ================

2010-01-07 05:53:21 0 d-----w- c:\users\alice\appdata\roaming\DNA
2010-01-06 17:47:36 0 d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2010-01-06 17:47:24 4990056 ----a-w- c:\windows\system32\NVStWiz.exe
2010-01-06 16:08:47 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-06 16:08:34 0 d-----w- c:\users\alice\appdata\roaming\SUPERAntiSpyware.com
2010-01-06 16:08:34 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-06 15:39:36 658 ----a-w- c:\windows\system32\.crusader
2010-01-06 15:30:23 13896 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-01-06 15:30:03 0 d-----w- c:\programdata\Hitman Pro
2010-01-06 15:30:00 0 d-----w- c:\program files\Hitman Pro 3.5
2010-01-06 15:01:25 0 d-----w- C:\Autoruns
2010-01-06 14:45:15 0 d-----w- c:\program files\TrendMicro
2010-01-05 11:56:28 0 d-----w- c:\program files\Blackmagic Design
2010-01-05 10:25:24 485920 ------w- c:\windows\system32\nvuninst.exe-nv19201
2010-01-05 03:51:11 788 ----a-w- c:\windows\system32\DVCState-{00000007-00000000-00000000-00001102-00000005-00231102}.rfx
2010-01-05 03:51:11 55468 ----a-w- c:\windows\system32\BMXStateBkp-{00000007-00000000-00000000-00001102-00000005-00231102}.rfx
2010-01-05 03:51:11 55468 ----a-w- c:\windows\system32\BMXState-{00000007-00000000-00000000-00001102-00000005-00231102}.rfx
2010-01-05 03:51:11 1080 ----a-w- c:\windows\system32\settingsbkup.sfm
2010-01-05 03:51:11 1080 ----a-w- c:\windows\system32\settings.sfm
2010-01-05 02:05:45 421244401 ----a-w- c:\windows\MEMORY.DMP
2010-01-04 15:00:32 0 d-----w- c:\program files\common files\Creative Labs Shared
2010-01-04 14:59:46 0 d-----w- c:\program files\Creative
2010-01-04 14:57:22 102400 ----a-w- c:\windows\system32\cttele32.dll
2010-01-04 14:53:48 0 d-----w- c:\windows\system32\Data
2010-01-04 13:38:50 0 d-----w- c:\program files\Spyware Doctor
2010-01-04 13:38:50 0 d-----w- c:\program files\common files\PC Tools
2010-01-04 07:47:35 0 d-----w- c:\users\alice\appdata\roaming\PC Tools
2010-01-04 07:47:35 0 d-----w- c:\programdata\PC Tools
2010-01-04 07:39:00 0 ----a-w- c:\users\alice\appdata\roaming\yahootoolbarsetup.exe
2010-01-04 07:34:38 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-04 07:16:22 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-04 06:52:20 44000 ----a-w- c:\windows\system32\drivers\AFPUni.sys
2010-01-04 06:52:20 11264 ----a-w- c:\windows\system32\drivers\supermounter.sys
2010-01-04 06:52:19 43936 ----a-w- c:\windows\system32\drivers\AFPAnsi.sys
2010-01-04 06:52:19 261120 ----a-w- c:\windows\system32\baksm.dll
2010-01-04 06:52:19 261120 ----a-w- c:\windows\system32\baksm.dat
2010-01-04 06:52:18 5974016 ----a-w- c:\windows\system32\vbsbak.dat
2010-01-04 06:52:18 261120 ----a-w- c:\windows\system32\SuperMenuHook.dll
2010-01-04 06:52:15 6144 ----a-w- c:\windows\system32\SuperRes.dll
2010-01-04 06:52:14 73728 ----a-w- c:\windows\system32\smh.dat
2010-01-04 06:52:13 89088 ----a-w- c:\windows\system32\Shreder.dll
2010-01-04 06:52:13 56 ----a-w- c:\windows\system32\vb6sock.dll
2010-01-04 06:52:13 1473536 ----a-w- c:\windows\system32\context.dll
2010-01-04 06:52:11 0 d-----w- c:\program files\SuperLogix
2010-01-04 06:31:25 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-01-04 06:31:14 0 d-----w- c:\programdata\Lavasoft
2010-01-04 06:31:14 0 d-----w- c:\program files\Lavasoft
2010-01-04 05:28:10 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-01-04 05:28:09 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-01-04 05:27:04 0 d-----w- c:\program files\Winamp Detect
2010-01-02 04:22:13 0 d-----w- c:\program files\vReveal
2010-01-01 10:25:43 0 d-----w- c:\program files\HyperSnap 6
2010-01-01 10:15:38 0 d-----w- c:\program files\Koei
2009-12-31 09:52:14 0 d-----w- c:\program files\GetData
2009-12-29 23:47:16 0 d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-12-29 19:21:53 35 ----a-w- c:\windows\Ulead32.INI
2009-12-29 19:14:57 7680 ----a-w- c:\windows\system32\drivers\Onsreged.sys
2009-12-29 19:14:57 60928 ----a-w- c:\windows\system32\drivers\Smplscsi.sys
2009-12-29 19:14:57 285216 ----a-w- c:\windows\system32\drivers\Onsio.sys
2009-12-29 19:14:51 15396 ----a-w- c:\windows\system32\Msmusd5.dll
2009-12-29 19:14:51 13962 ----a-w- c:\windows\system32\Msmusd6.dll
2009-12-29 19:14:51 12499 ----a-w- c:\windows\system32\Msmusd7.dll
2009-12-29 19:14:47 0 d-----w- c:\program files\Microtek
2009-12-29 19:14:13 101888 ----a-w- c:\windows\system32\MSME4W2.dll
2009-12-29 15:49:29 40576 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
2009-12-29 15:49:28 0 d-----w- c:\program files\Virtual Audio Cable
2009-12-29 05:16:44 87 ---ha-r- c:\windows\ctfile.rfc
2009-12-29 05:16:44 73728 ----a-w- c:\windows\system32\CmdRtr.DLL
2009-12-29 05:16:44 148480 ----a-w- c:\windows\system32\APOMngr.DLL
2009-12-29 05:11:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2009-12-29 05:11:19 0 d-----w- c:\program files\VS Revo Group
2009-12-28 02:12:58 65536 --sha-w- c:\users\alice\ntuser.dat{76a4b9c6-f356-11de-8c38-003018a5c946}.TM.blf
2009-12-28 02:12:58 524288 --sha-w- c:\users\alice\ntuser.dat{76a4b9c6-f356-11de-8c38-003018a5c946}.TMContainer00000000000000000002.regtrans-ms
2009-12-28 02:12:58 524288 --sha-w- c:\users\alice\ntuser.dat{76a4b9c6-f356-11de-8c38-003018a5c946}.TMContainer00000000000000000001.regtrans-ms
2009-12-27 13:03:57 0 d-----w- c:\users\alice\appdata\roaming\CravingExplorer
2009-12-27 12:11:51 0 d-----w- c:\program files\天?予報??
2009-12-27 12:11:18 0 d-----w- c:\program files\CravingExplorer
2009-12-27 04:57:00 8294454 ---ha-w- c:\windows\system32\toyhide.bmp
2009-12-26 12:02:48 0 d-----w- c:\windows\pss
2009-12-24 21:50:16 2081 ----a-w- c:\windows\BorisFX9.2.ini
2009-12-24 21:47:05 69632 ----a-w- c:\windows\system32\MtxPreview.dll
2009-12-24 21:47:05 49152 ----a-w- c:\windows\system32\MtxParhBFXPreview.dll
2009-12-24 21:47:05 49152 ----a-w- c:\windows\system32\CvoAPI.dll
2009-12-24 21:47:05 45056 ----a-w- c:\windows\system32\BFXSrcFilter.ax
2009-12-24 21:47:05 237568 ----a-r- c:\windows\system32\qtmlClient.dll
2009-12-24 21:45:28 0 d-----w- c:\program files\Boris FX, Inc
2009-12-24 18:38:27 0 d-----w- c:\program files\megui
2009-12-21 22:40:10 0 d-----w- c:\users\alice\appdata\roaming\NeatImage PS
2009-12-17 20:39:53 9333352 ----a-w- c:\windows\system32\nvd3dum.dll
2009-12-17 20:39:53 7620608 ----a-w- c:\windows\system32\SET5BFD.tmp
2009-12-17 20:39:53 4241000 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-12-17 20:39:53 3155456 ----a-w- c:\windows\system32\SET73FF.tmp
2009-12-17 20:39:51 219752 ----a-w- c:\windows\system32\nvcod187.dll
2009-12-16 16:14:37 0 d-----w- C:\IExp1.tmp
2009-12-16 16:14:30 0 d-----w- C:\IExp0.tmp
2009-12-16 16:14:29 0 d-----w- c:\windows\RegisteredPackages
2009-12-16 16:14:27 0 d--h--w- c:\windows\msdownld.tmp
2009-12-16 16:14:20 0 d-----w- c:\program files\Windows Media Components
2009-12-15 23:39:28 1285712 ----a-w- c:\windows\system32\drivers\tcpip.sys.backup
2009-12-15 01:15:00 0 d-----w- c:\program files\Neat Video for VirtualDub
2009-12-14 22:34:07 0 d-----w- c:\users\alice\appdata\roaming\NeatImage SL
2009-12-14 22:32:19 0 d-----w- c:\program files\Neat Video for Premiere
2009-12-14 22:23:24 0 d-----w- c:\program files\Neat Image
2009-12-13 12:30:06 1391104 ----a-w- C:\apploc.msi
2009-12-13 07:11:10 219335 ----a-w- c:\users\alice\foo_input_tak-0.4.3-20090615.zip
2009-12-12 13:31:20 0 d-----w- c:\program files\Minefield
2009-12-10 16:11:00 66664 ----a-w- c:\windows\system32\nvshext.dll
2009-12-08 12:30:14 0 d-----r- c:\users\alice\Virtual Machines
2009-12-08 12:10:13 0 d-----w- c:\program files\Windows Virtual PC
2009-12-08 12:06:17 14848 ----a-w- c:\windows\system32\vpchbuspipe.dll
2009-12-08 12:06:05 78336 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2009-12-08 12:06:05 165376 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2009-12-08 12:06:04 559616 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2009-12-08 12:06:04 55040 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2009-12-08 12:06:04 294912 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2009-12-08 12:06:04 2169856 ----a-w- c:\windows\system32\VPCWizard.exe
2009-12-08 12:06:03 793600 ----a-w- c:\windows\system32\vmsal.exe
2009-12-08 12:06:03 1260032 ----a-w- c:\windows\system32\VPCSettings.exe
2009-12-08 12:06:03 1002496 ----a-w- c:\windows\system32\VMWindow.exe
2009-12-08 12:06:02 3329536 ----a-w- c:\windows\system32\vpc.exe
2009-12-08 12:01:55 0 d-----w- c:\program files\Windows XP Mode

==================== Find3M ====================

2010-01-06 15:09:03 691 ----a-w- c:\users\alice\appdata\roaming\GetValue.vbs
2010-01-06 15:09:03 35 ----a-w- c:\users\alice\appdata\roaming\SetValue.bat
2010-01-06 15:09:03 2942 ----a-w- c:\windows\system32\tmp.reg
2010-01-04 14:57:02 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-04 14:57:02 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-30 06:55:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 06:54:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-20 12:33:00 812648 ----a-w- c:\windows\system32\nvsvc.dll
2009-11-20 12:33:00 12685928 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-20 12:33:00 122984 ----a-w- c:\windows\system32\nvvsvc.exe
2009-11-20 12:33:00 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-11 04:01:42 228352 ----a-w- c:\windows\system32\drivers\Intensity.sys
2009-11-11 03:54:16 13824 ----a-w- c:\windows\system32\drivers\deckaud.sys
2009-11-09 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-02 12:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:22:37 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-26 09:27:09 25088 ----a-w- c:\windows\system32\qckey32.dll
2009-10-20 12:34:56 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-15 20:53:46 34101504 ----a-w- c:\users\alice\appdata\roaming\sdsetup.exe
2009-10-10 20:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:59:53.09 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:07 AM

Posted 14 January 2010 - 09:57 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 dcrht

dcrht
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 15 January 2010 - 08:29 PM

Thanks for replying.

As I have stated in the first post, svchost.exe is generated in temp folder every 5 minutes. No more signs except than this. I scanned my computer with MBAM, SUPERAntiSpyware, Hitman Pro, KIS 2010 but found nothing.

Here are the logs.

Attached Files



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:07 AM

Posted 15 January 2010 - 08:37 PM

Hi,

please try to run a scan with gmer instead of rootrepeal:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 dcrht

dcrht
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 15 January 2010 - 11:42 PM

Hi, here are the logs:



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-16 11:30:11
Windows 6.1.7600
Running: xz8wvzxx.exe; Driver: C:\Users\alice\AppData\Local\Temp\uglcrpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8BB79BD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8BB7B52C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8BB7B782]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8BB7B9FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8BB7A450]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8BB7AB32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8BB7AF3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8BB7A5F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8BB7AE14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8BB797D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8BB7ACD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8BB79992]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8BB7B06E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x8BB7CCB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8BB7A0EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8BB7A1EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8BB7AD72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8BB7C6A2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8BB7D672]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8BB7A752]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8BB7C734]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8BB7CD64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8BB7AFDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8BB7A4D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8BB7AEAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8BB79DD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8BB7CCDA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8BB7B110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8BB79CFA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8BB7BC3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8BB7D07C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8BB7C9CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8BB7B49A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8BB7B360]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8BB7C442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8BB7D554]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8BB7A86C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8BB7A30C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8BB7BCF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8BB7C82E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8BB7D1BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8BB7D2A0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8BB7D3C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8BB7C5CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8BB79F4E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8BB79EA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8BB7CF32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8BB7A02E]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8343FAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8343F104
INT 0x61 ? 967D2A58
INT 0x93 ? 967D27D8
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8343F3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 834282D8
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8343F1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8343F958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8343F6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8343FF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 834401A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83058579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8307CF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 220 83084720 4 Bytes [D0, 9B, B7, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 248 83084748 8 Bytes [2C, B5, B7, 8B, 82, B7, B7, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 28C 8308478C 4 Bytes [FC, B9, B7, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 2B8 830847B8 4 Bytes [50, A4, B7, 8B] {PUSH EAX; MOVSB ; MOV BH, 0x8b}
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 830847DC 4 Bytes [32, AB, B7, 8B]
.text ...
? System32\Drivers\spkf.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 93A71CA0 5 Bytes JMP 871FD1D8
.text algnbby0.SYS 93C83000 12 Bytes [44, A8, 42, 83, EE, A6, 42, ...]
.text algnbby0.SYS 93C8300D 9 Bytes [87, 42, 83, 48, AB, 42, 83, ...] {XCHG [EDX-0x7d], EAX; DEC EAX; STOSD ; INC EDX; ADD DWORD [EAX], 0x0}
.text algnbby0.SYS 93C83017 170 Bytes [00, DE, 87, 3B, 81, E6, 85, ...]
.text algnbby0.SYS 93C830C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text algnbby0.SYS 93C830CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text peauth.sys A6157C9D 28 Bytes [15, 60, 56, B2, 24, 4A, 7A, ...]
.text peauth.sys A6157CC1 28 Bytes [15, 60, 56, B2, 24, 4A, 7A, ...]
PAGE peauth.sys A615DE20 101 Bytes [CB, D0, C3, 70, 40, 67, 4A, ...]
PAGE peauth.sys A615E02C 102 Bytes [96, 02, C0, DE, BD, 20, 2B, ...]

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] USER32.dll!NotifyWinEvent + 48B 76FDF724 4 Bytes [70, 11, 33, 6D]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] USER32.dll!NotifyWinEvent + 48B 76FDF724 4 Bytes [70, 11, 33, 6D]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [812AE042] \SystemRoot\System32\Drivers\spkf.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [812AE6D6] \SystemRoot\System32\Drivers\spkf.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [812AE800] \SystemRoot\System32\Drivers\spkf.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [812AE13E] \SystemRoot\System32\Drivers\spkf.sys
IAT \SystemRoot\System32\Drivers\algnbby0.SYS[ataport.SYS!AtaPortNotification] 000003E3
IAT \SystemRoot\System32\Drivers\algnbby0.SYS[ataport.SYS!AtaPortQuerySystemTime] 8B24568B
IAT \SystemRoot\System32\Drivers\algnbby0.SYS[ataport.SYS!AtaPortReadPortUchar] 50522046
IAT \SystemRoot\System32\Drivers\algnbby0.SYS[ataport.SYS!AtaPortStallExecution] FFEC9FE8
IAT \SystemRoot\System32\Drivers\algnbby0.SYS[ataport.SYS!AtaPortWritePortUchar] 08C483FF
IAT \SystemRoot\System32\Drivers\algnbby0.SYS[ataport.SYS!AtaPortWritePortUlong] 0874FF85
IAT \SystemRoot\System32\Drivers\algnbby0.SYS[ataport.SYS!AtaPortGetPhysicalAddress] FF53006A
IAT \SystemRoot\System32\Drivers\algnbby0.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 08C483D7
IAT \SystemRoot\System32\Drivers\algnbby0.SYS[ataport.SYS!AtaPortGetScatterGatherList] [81107D8B] \SystemRoot\system32\CI.dll (Code Integrity Module/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\algnbby0.SYS[ataport.SYS!AtaPortGetParentBusType] 0003E5FF
IAT \SystemRoot\System32\Drivers\algnbby0.SYS[ataport.SYS!AtaPortRequestCallback] 0F840F00
IAT \SystemRoot\System32\Drivers\algnbby0.SYS[ataport.SYS!AtaPortWritePortBufferUshort] [81000001] \SystemRoot\system32\DRIVERS\volmgr.sys (Volume Manager Driver/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\algnbby0.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0003E3FF
IAT \SystemRoot\System32\Drivers\algnbby0.SYS[ataport.SYS!AtaPortCompleteRequest] EC840F00
IAT \SystemRoot\System32\Drivers\algnbby0.SYS[ataport.SYS!AtaPortCopyMemory] 8B000000
IAT \SystemRoot\System32\Drivers\algnbby0.SYS[ataport.SYS!AtaPortEtwTraceLog] 0001F88E
IAT \SystemRoot\System32\Drivers\algnbby0.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] FC8E0B00
IAT \SystemRoot\System32\Drivers\algnbby0.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 0F000001
IAT \SystemRoot\System32\Drivers\algnbby0.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 0000DA84
IAT \SystemRoot\System32\Drivers\algnbby0.SYS[ataport.SYS!AtaPortReadPortBufferUshort] ECD8E800
IAT \SystemRoot\System32\Drivers\algnbby0.SYS[ataport.SYS!AtaPortInitialize] 8E8BFFFF
IAT \SystemRoot\System32\Drivers\algnbby0.SYS[ataport.SYS!AtaPortGetDeviceBase] 000001F8
IAT \SystemRoot\System32\Drivers\algnbby0.SYS[ataport.SYS!AtaPortDeviceStateChange] 01E08E01

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00210240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 002102B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00210320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00210390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 002107F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 00210860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 00210B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 00210B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00210BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00210C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 003D0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 00210CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 003D0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 003D0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 003D0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003D0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 75F70860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 75F708D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 75F70940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 75F709B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00210D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00210DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 75F70A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 75F70A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 75F70B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 75F70B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 75F70BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 75F70C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 77A60940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 77A609B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 77A60A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 77A60B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 003E0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 003E0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 003E04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 003E0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 003E05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 003E0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 003E06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 77A60CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 003E0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003E0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 002206A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 003F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 003F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 003F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00220710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 002207F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 003F0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 003F0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 003F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 003F0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 003F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 003F0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 003F06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 003F0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003F0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00220860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 002208D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00220940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 003F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 003F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 005308D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 00530940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 005309B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 00530A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 00530A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 00530B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 00530B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 00530BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 00530C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 005404E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 00540550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 005405C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 00540630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 005406A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 00540710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1012] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 00540780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00210240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 002102B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00210320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00210390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 002107F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 00210860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 00210B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 00210B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00210BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00210C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00580DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 00210CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00580E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00580E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 00580EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00580F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 75F70860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 75F708D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 75F70940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 75F709B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00210D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00210DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 75F70A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 75F70A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 75F70B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 75F70B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 75F70BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 75F70C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 77A60940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 77A609B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 77A60A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 77A60B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00590400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00590470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 005904E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00590550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 005905C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00590630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 005906A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 77A60CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 00590710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00590780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 002206A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 005A02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 005A0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 005A0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00220710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 002207F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 005A0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 005A0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 005A04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 005A0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 005A05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 005A0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 005A06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 005A0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 005A0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00220860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 002208D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00220940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 005A0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 005A0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 005B08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 005B0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 005B09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 005B0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 005B0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 005B0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 005B0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 005B0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 005B0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 005C04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 005C0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 005C05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 005C0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 005C06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 005C0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2008] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 005C0780

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 868561F8

AttachedDevice \FileSystem\Ntfs \Ntfs AFPAnsi.sys (Windows NT File System Protector Network Edition/Alfa Corporation)

Device \Driver\volmgr \Device\VolMgrControl 868521F8
Device \Driver\sptd \Device\4169482558 spkf.sys
Device \Driver\usbuhci \Device\USBPDO-0 8720D500
Device \Driver\usbuhci \Device\USBPDO-1 8720D500
Device \Driver\usbuhci \Device\USBPDO-2 8720D500
Device \Driver\usbehci \Device\USBPDO-3 87177500
Device \Driver\usbuhci \Device\USBPDO-4 8720D500

AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\usbuhci \Device\USBPDO-5 8720D500
Device \Driver\NetBT \Device\NetBT_Tcpip_{13291377-5C89-4837-90CB-CEF4C9D59DFB} 8719B2D8
Device \Driver\usbuhci \Device\USBPDO-6 8720D500
Device \Driver\volmgr \Device\HarddiskVolume1 868521F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbehci \Device\USBPDO-7 87177500
Device \Driver\cdrom \Device\CdRom0 870C21F8
Device \Driver\volmgr \Device\HarddiskVolume2 868521F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume3 868521F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\atapi \Device\Ide\IdePort0 868541F8
Device \Driver\atapi \Device\Ide\IdePort1 868541F8
Device \Driver\atapi \Device\Ide\IdePort2 868541F8
Device \Driver\atapi \Device\Ide\IdePort3 868541F8
Device \Driver\atapi \Device\Ide\IdePort4 868541F8
Device \Driver\atapi \Device\Ide\IdePort5 868541F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 868541F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-4 868541F8
Device \Driver\volmgr \Device\HarddiskVolume4 868521F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume5 868521F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\PCI_PNP3808 \Device\00000069 spkf.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 8719B2D8

AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\ACPI_HAL \Device\0000005d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\usbuhci \Device\USBFDO-0 8720D500
Device \Driver\usbuhci \Device\USBFDO-1 8720D500
Device \Driver\usbuhci \Device\USBFDO-2 8720D500
Device \Driver\usbehci \Device\USBFDO-3 87177500
Device \Driver\usbuhci \Device\USBFDO-4 8720D500
Device \Driver\usbuhci \Device\USBFDO-5 8720D500
Device \Driver\usbuhci \Device\USBFDO-6 8720D500
Device \Driver\usbehci \Device\USBFDO-7 87177500
Device \Driver\algnbby0 \Device\Scsi\algnbby01 8732C500
Device -> \Driver\atapi \Device\Harddisk0\DR0 86941841

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE9 0x65 0xCC 0x71 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x6A 0xC3 0xCF 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x6A 0x50 0x7E 0x8B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE9 0x65 0xCC 0x71 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x6A 0xC3 0xCF 0x88 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x6A 0x50 0x7E 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xEA 0xCA 0xDE 0x8E ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Attached Files

  • Attached File  gmer.log   1.04KB   11 downloads


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:07 AM

Posted 16 January 2010 - 06:15 AM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 dcrht

dcrht
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 16 January 2010 - 08:02 AM

Hi and thanks for your help, I have followed your instructions and here is the log (why is it in Chinese?!)

Unfortunately KIS alarmed me again about the svchost.exe in temp folder. wacko.gif
At least it has somehow sped up my computer.

Attached Files



#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:07 AM

Posted 16 January 2010 - 10:04 AM

Hi,

it seems that ComboFix does not see the infection. Please try the following tool instead:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 dcrht

dcrht
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 16 January 2010 - 12:47 PM

Hi, I did that and waited for few hours, nothing popped up, I think my comp is clean now and it is much faster!!
So it is the atapi.sys rootkit... wacko.gif

Thanks so much myrti, I have changed my passwords and will be more careful next time!

Attached Files



#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:07 AM

Posted 16 January 2010 - 12:55 PM

Hi,

I'm very tempted to say "It's always the atapi-rootkit". We've seen pretty much only seen that one lately. wink.gif That does not mean it is the only thing on the system however.

Please run a new scan with gmer to check if there is anything left. Are you still getting the warnings about the svchost?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 dcrht

dcrht
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 17 January 2010 - 05:01 AM

No, there are no more warnings.



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-17 17:57:50
Windows 6.1.7600
Running: xz8wvzxx.exe; Driver: C:\Users\alice\AppData\Local\Temp\uglcrpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8B99CBD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8B99E52C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8B99E782]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8B99E9FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8B99D450]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8B99DB32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8B99DF3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8B99D5F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8B99DE14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8B99C7D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8B99DCD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8B99C992]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8B99E06E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x8B99FCB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8B99D0EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8B99D1EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8B99DD72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8B99F6A2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8B9A0672]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8B99D752]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8B99F734]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8B99FD64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8B99DFDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8B99D4D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8B99DEAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8B99CDD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8B99FCDA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8B99E110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8B99CCFA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8B99EC3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8B9A007C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8B99F9CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8B99E49A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8B99E360]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8B99F442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8B9A0554]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8B99D86C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8B99D30C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8B99ECF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8B99F82E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8B9A01BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8B9A02A0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8B9A03C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8B99F5CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8B99CF4E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8B99CEA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8B99FF32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8B99D02E]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302EAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302E104
INT 0x61 ? 9A111CD8
INT 0x93 ? 9A111A58
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302E3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830172D8
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302E1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302E958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302E6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302EF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8308E579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B2F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 220 830BA720 4 Bytes [D0, CB, 99, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 248 830BA748 8 Bytes [2C, E5, 99, 8B, 82, E7, 99, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 28C 830BA78C 4 Bytes JMP 6B0C332A
.text ntkrnlpa.exe!RtlSidHashLookup + 2B8 830BA7B8 4 Bytes [50, D4, 99, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 830BA7DC 4 Bytes [32, DB, 99, 8B]
.text ...
? System32\Drivers\spyl.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 90BD6CA0 5 Bytes JMP 86EFF1D8
.text a8krwzk3.SYS 96C08000 12 Bytes [44, 98, 01, 83, EE, 96, 01, ...]
.text a8krwzk3.SYS 96C0800D 9 Bytes [77, 01, 83, 48, 9B, 01, 83, ...] {JA 0x3; OR DWORD [EAX-0x65], 0x1; ADD DWORD [EAX], 0x0}
.text a8krwzk3.SYS 96C08017 170 Bytes [00, DE, D7, 3A, 81, E6, D5, ...]
.text a8krwzk3.SYS 96C080C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text a8krwzk3.SYS 96C080CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text peauth.sys A494EC9D 28 Bytes [CF, 69, 4C, 86, 4C, 9A, 91, ...]
.text peauth.sys A494ECC1 28 Bytes [CF, 69, 4C, 86, 4C, 9A, 91, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtCreateFile + 6 770C4A16 4 Bytes [28, 00, 17, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtCreateFile + B 770C4A1B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtMapViewOfSection + 6 770C5076 1 Byte [28]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtMapViewOfSection + 6 770C5076 4 Bytes [28, 03, 17, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtMapViewOfSection + B 770C507B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenFile + 6 770C5126 4 Bytes [68, 00, 17, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenFile + B 770C512B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenProcess + 6 770C51D6 4 Bytes [A8, 01, 17, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenProcess + B 770C51DB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenProcessToken + B 770C51EB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenProcessTokenEx + 6 770C51F6 4 Bytes [A8, 02, 17, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenProcessTokenEx + B 770C51FB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenThread + 6 770C5256 4 Bytes [68, 01, 17, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenThread + B 770C525B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenThreadToken + 6 770C5266 4 Bytes [68, 02, 17, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenThreadToken + B 770C526B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenThreadTokenEx + B 770C527B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtQueryAttributesFile + 6 770C5386 4 Bytes [A8, 00, 17, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtQueryAttributesFile + B 770C538B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtQueryFullAttributesFile + B 770C543B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtSetInformationFile + 6 770C5A86 4 Bytes [28, 01, 17, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtSetInformationFile + B 770C5A8B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtSetInformationThread + 6 770C5AE6 4 Bytes [28, 02, 17, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtSetInformationThread + B 770C5AEB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtUnmapViewOfSection + 6 770C5E06 1 Byte [68]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtUnmapViewOfSection + 6 770C5E06 4 Bytes [68, 03, 17, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtUnmapViewOfSection + B 770C5E0B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtCreateFile + 6 770C4A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtCreateFile + B 770C4A1B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtMapViewOfSection + 6 770C5076 1 Byte [28]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtMapViewOfSection + 6 770C5076 4 Bytes [28, 03, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtMapViewOfSection + B 770C507B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenFile + 6 770C5126 4 Bytes [68, 00, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenFile + B 770C512B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenProcess + 6 770C51D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenProcess + B 770C51DB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenProcessToken + B 770C51EB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenProcessTokenEx + 6 770C51F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenProcessTokenEx + B 770C51FB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenThread + 6 770C5256 4 Bytes [68, 01, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenThread + B 770C525B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenThreadToken + 6 770C5266 4 Bytes [68, 02, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenThreadToken + B 770C526B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtOpenThreadTokenEx + B 770C527B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtQueryAttributesFile + 6 770C5386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtQueryAttributesFile + B 770C538B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtQueryFullAttributesFile + B 770C543B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtSetInformationFile + 6 770C5A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtSetInformationFile + B 770C5A8B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtSetInformationThread + 6 770C5AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtSetInformationThread + B 770C5AEB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtUnmapViewOfSection + 6 770C5E06 1 Byte [68]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtUnmapViewOfSection + 6 770C5E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[1788] ntdll.dll!NtUnmapViewOfSection + B 770C5E0B 1 Byte [E2]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] USER32.dll!NotifyWinEvent + 48B 7578F724 4 Bytes [70, 11, 33, 6D]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] USER32.dll!NotifyWinEvent + 48B 7578F724 4 Bytes [70, 11, 33, 6D]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] kernel32.dll!LockResource 7695345C 1 Byte [E9]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] kernel32.dll!LockResource 7695345C 5 Bytes JMP 28001F60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] kernel32.dll!CreateEventA 76953A2B 5 Bytes JMP 28001850 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] kernel32.dll!FindResourceW 7695922F 5 Bytes JMP 28001BF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] kernel32.dll!SizeofResource 7695924D 5 Bytes JMP 28001EF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] kernel32.dll!FindResourceExW 7695A7EF 5 Bytes JMP 28001C70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] kernel32.dll!LoadResource 7695D3B0 5 Bytes JMP 28001E30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] kernel32.dll!FindResourceExA 7695D4AD 7 Bytes JMP 28001D90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] kernel32.dll!FindResourceA 7695D575 5 Bytes JMP 28001D00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] ADVAPI32.dll!CryptDecrypt 75C62140 5 Bytes JMP 28001060 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] ADVAPI32.dll!CryptDeriveKey 75C62150 5 Bytes JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] USER32.dll!SetWindowPlacement 75778169 5 Bytes JMP 28005E90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] USER32.dll!CreateDialogParamW 75779BFF 5 Bytes JMP 28006110 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] USER32.dll!SetWindowRgn 7577B29A 4 Bytes JMP 28005FD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] USER32.dll!SetWindowRgn + 5 7577B29F 2 Bytes [CC, CC] {INT 3 ; INT 3 }
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] USER32.dll!CreateWindowExW 75780E51 5 Bytes JMP 28003CE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] USER32.dll!LoadIconW 75781431 2 Bytes JMP 28006950 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] USER32.dll!LoadIconW + 3 75781434 2 Bytes [88, B2]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] USER32.dll!LoadImageW 75782323 5 Bytes JMP 28006760 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] USER32.dll!GetWindowLongW 757883A9 7 Bytes JMP 28006AF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] USER32.dll!PeekMessageW 757891B5 5 Bytes JMP 280046B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] USER32.dll!TrackPopupMenuEx 757A5F72 5 Bytes JMP 28004F90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] USER32.dll!MessageBoxIndirectW 757CE9C3 5 Bytes JMP 28006300 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] SHELL32.dll!Shell_NotifyIconW 75CDFBA1 5 Bytes JMP 28003430 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] ole32.dll!CoRegisterClassObject 75AD11F5 5 Bytes JMP 28002370 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] ole32.dll!CoInitializeEx 75B00804 5 Bytes JMP 28002270 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] WININET.dll!InternetCloseHandle 76A6C87E 5 Bytes JMP 2800A290 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] WININET.dll!InternetReadFile 76A6E2A4 5 Bytes JMP 2800A0E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] WININET.dll!HttpOpenRequestA 76A7043A 5 Bytes JMP 28009F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] WININET.dll!HttpSendRequestA 76AE00FC 5 Bytes JMP 2800A1C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Mozilla Firefox 3.6 Beta 3\firefox.exe[4312] ntdll.dll!LdrLoadDll 770DF585 5 Bytes JMP 010013F0 C:\Program Files\Mozilla Firefox 3.6 Beta 3\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtCreateFile + 6 770C4A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtCreateFile + B 770C4A1B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtMapViewOfSection + 6 770C5076 1 Byte [28]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtMapViewOfSection + 6 770C5076 4 Bytes [28, 03, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtMapViewOfSection + B 770C507B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtOpenFile + 6 770C5126 4 Bytes [68, 00, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtOpenFile + B 770C512B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtOpenProcess + 6 770C51D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtOpenProcess + B 770C51DB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtOpenProcessToken + B 770C51EB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtOpenProcessTokenEx + 6 770C51F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtOpenProcessTokenEx + B 770C51FB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtOpenThread + 6 770C5256 4 Bytes [68, 01, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtOpenThread + B 770C525B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtOpenThreadToken + 6 770C5266 4 Bytes [68, 02, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtOpenThreadToken + B 770C526B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtOpenThreadTokenEx + B 770C527B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtQueryAttributesFile + 6 770C5386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtQueryAttributesFile + B 770C538B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtQueryFullAttributesFile + B 770C543B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtSetInformationFile + 6 770C5A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtSetInformationFile + B 770C5A8B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtSetInformationThread + 6 770C5AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtSetInformationThread + B 770C5AEB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtUnmapViewOfSection + 6 770C5E06 1 Byte [68]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtUnmapViewOfSection + 6 770C5E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4528] ntdll.dll!NtUnmapViewOfSection + B 770C5E0B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtCreateFile + 6 770C4A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtCreateFile + B 770C4A1B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtMapViewOfSection + 6 770C5076 1 Byte [28]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtMapViewOfSection + 6 770C5076 4 Bytes [28, 03, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtMapViewOfSection + B 770C507B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenFile + 6 770C5126 4 Bytes [68, 00, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenFile + B 770C512B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenProcess + 6 770C51D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenProcess + B 770C51DB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenProcessToken + B 770C51EB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenProcessTokenEx + 6 770C51F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenProcessTokenEx + B 770C51FB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenThread + 6 770C5256 4 Bytes [68, 01, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenThread + B 770C525B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenThreadToken + 6 770C5266 4 Bytes [68, 02, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenThreadToken + B 770C526B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenThreadTokenEx + B 770C527B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtQueryAttributesFile + 6 770C5386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtQueryAttributesFile + B 770C538B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtQueryFullAttributesFile + B 770C543B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtSetInformationFile + 6 770C5A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtSetInformationFile + B 770C5A8B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtSetInformationThread + 6 770C5AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtSetInformationThread + B 770C5AEB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtUnmapViewOfSection + 6 770C5E06 1 Byte [68]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtUnmapViewOfSection + 6 770C5E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtUnmapViewOfSection + B 770C5E0B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtCreateFile + 6 770C4A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtCreateFile + B 770C4A1B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtMapViewOfSection + 6 770C5076 1 Byte [28]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtMapViewOfSection + 6 770C5076 4 Bytes [28, 03, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtMapViewOfSection + B 770C507B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenFile + 6 770C5126 4 Bytes [68, 00, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenFile + B 770C512B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenProcess + 6 770C51D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenProcess + B 770C51DB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenProcessToken + B 770C51EB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenProcessTokenEx + 6 770C51F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenProcessTokenEx + B 770C51FB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenThread + 6 770C5256 4 Bytes [68, 01, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenThread + B 770C525B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenThreadToken + 6 770C5266 4 Bytes [68, 02, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenThreadToken + B 770C526B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtOpenThreadTokenEx + B 770C527B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtQueryAttributesFile + 6 770C5386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtQueryAttributesFile + B 770C538B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtQueryFullAttributesFile + B 770C543B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtSetInformationFile + 6 770C5A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtSetInformationFile + B 770C5A8B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtSetInformationThread + 6 770C5AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtSetInformationThread + B 770C5AEB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtUnmapViewOfSection + 6 770C5E06 1 Byte [68]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtUnmapViewOfSection + 6 770C5E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4900] ntdll.dll!NtUnmapViewOfSection + B 770C5E0B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtCreateFile + 6 770C4A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtCreateFile + B 770C4A1B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtMapViewOfSection + 6 770C5076 1 Byte [28]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtMapViewOfSection + 6 770C5076 4 Bytes [28, 03, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtMapViewOfSection + B 770C507B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenFile + 6 770C5126 4 Bytes [68, 00, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenFile + B 770C512B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcess + 6 770C51D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcess + B 770C51DB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessToken + B 770C51EB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessTokenEx + 6 770C51F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessTokenEx + B 770C51FB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThread + 6 770C5256 4 Bytes [68, 01, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThread + B 770C525B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadToken + 6 770C5266 4 Bytes [68, 02, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadToken + B 770C526B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadTokenEx + B 770C527B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryAttributesFile + 6 770C5386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryAttributesFile + B 770C538B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryFullAttributesFile + B 770C543B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationFile + 6 770C5A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationFile + B 770C5A8B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationThread + 6 770C5AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationThread + B 770C5AEB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtUnmapViewOfSection + 6 770C5E06 1 Byte [68]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtUnmapViewOfSection + 6 770C5E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtUnmapViewOfSection + B 770C5E0B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtCreateFile + 6 770C4A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtCreateFile + B 770C4A1B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtMapViewOfSection + 6 770C5076 1 Byte [28]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtMapViewOfSection + 6 770C5076 4 Bytes [28, 03, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtMapViewOfSection + B 770C507B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtOpenFile + 6 770C5126 4 Bytes [68, 00, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtOpenFile + B 770C512B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtOpenProcess + 6 770C51D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtOpenProcess + B 770C51DB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtOpenProcessToken + B 770C51EB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtOpenProcessTokenEx + 6 770C51F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtOpenProcessTokenEx + B 770C51FB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtOpenThread + 6 770C5256 4 Bytes [68, 01, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtOpenThread + B 770C525B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtOpenThreadToken + 6 770C5266 4 Bytes [68, 02, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtOpenThreadToken + B 770C526B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtOpenThreadTokenEx + B 770C527B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtQueryAttributesFile + 6 770C5386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtQueryAttributesFile + B 770C538B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtQueryFullAttributesFile + B 770C543B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtSetInformationFile + 6 770C5A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtSetInformationFile + B 770C5A8B 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtSetInformationThread + 6 770C5AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtSetInformationThread + B 770C5AEB 1 Byte [E2]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtUnmapViewOfSection + 6 770C5E06 1 Byte [68]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtUnmapViewOfSection + 6 770C5E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\alice\AppData\Local\Google\Chrome\Application\chrome.exe[5892] ntdll.dll!NtUnmapViewOfSection + B 770C5E0B 1 Byte [E2]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [812A3042] \SystemRoot\System32\Drivers\spyl.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [812A36D6] \SystemRoot\System32\Drivers\spyl.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [812A3800] \SystemRoot\System32\Drivers\spyl.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [812A313E] \SystemRoot\System32\Drivers\spyl.sys
IAT \SystemRoot\System32\Drivers\a8krwzk3.SYS[ataport.SYS!AtaPortNotification] 000003E3
IAT \SystemRoot\System32\Drivers\a8krwzk3.SYS[ataport.SYS!AtaPortQuerySystemTime] 8B24568B
IAT \SystemRoot\System32\Drivers\a8krwzk3.SYS[ataport.SYS!AtaPortReadPortUchar] 50522046
IAT \SystemRoot\System32\Drivers\a8krwzk3.SYS[ataport.SYS!AtaPortStallExecution] FFEC9FE8
IAT \SystemRoot\System32\Drivers\a8krwzk3.SYS[ataport.SYS!AtaPortWritePortUchar] 08C483FF
IAT \SystemRoot\System32\Drivers\a8krwzk3.SYS[ataport.SYS!AtaPortWritePortUlong] 0874FF85
IAT \SystemRoot\System32\Drivers\a8krwzk3.SYS[ataport.SYS!AtaPortGetPhysicalAddress] FF53006A
IAT \SystemRoot\System32\Drivers\a8krwzk3.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 08C483D7
IAT \SystemRoot\System32\Drivers\a8krwzk3.SYS[ataport.SYS!AtaPortGetScatterGatherList] [81107D8B] \SystemRoot\system32\CI.dll (Code Integrity Module/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\a8krwzk3.SYS[ataport.SYS!AtaPortGetParentBusType] 0003E5FF
IAT \SystemRoot\System32\Drivers\a8krwzk3.SYS[ataport.SYS!AtaPortRequestCallback] 0F840F00
IAT \SystemRoot\System32\Drivers\a8krwzk3.SYS[ataport.SYS!AtaPortWritePortBufferUshort] [81000001] \SystemRoot\system32\DRIVERS\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\a8krwzk3.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0003E3FF
IAT \SystemRoot\System32\Drivers\a8krwzk3.SYS[ataport.SYS!AtaPortCompleteRequest] EC840F00
IAT \SystemRoot\System32\Drivers\a8krwzk3.SYS[ataport.SYS!AtaPortCopyMemory] 8B000000
IAT \SystemRoot\System32\Drivers\a8krwzk3.SYS[ataport.SYS!AtaPortEtwTraceLog] 0001F88E
IAT \SystemRoot\System32\Drivers\a8krwzk3.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] FC8E0B00
IAT \SystemRoot\System32\Drivers\a8krwzk3.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 0F000001
IAT \SystemRoot\System32\Drivers\a8krwzk3.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 0000DA84
IAT \SystemRoot\System32\Drivers\a8krwzk3.SYS[ataport.SYS!AtaPortReadPortBufferUshort] ECD8E800
IAT \SystemRoot\System32\Drivers\a8krwzk3.SYS[ataport.SYS!AtaPortInitialize] 8E8BFFFF
IAT \SystemRoot\System32\Drivers\a8krwzk3.SYS[ataport.SYS!AtaPortGetDeviceBase] 000001F8
IAT \SystemRoot\System32\Drivers\a8krwzk3.SYS[ataport.SYS!AtaPortDeviceStateChange] 01E08E01

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] [6A059832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] [6A05A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlLockHeap] [6A0594D8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlUnlockHeap] [6A0594E8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] [6A0592CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] [6A059E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlDestroyHeap] [6A0594B8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlCreateHeap] [6A0594A8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlExitUserProcess] [6A05AA9E] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] [6A05A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] [6A059832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] [6A0592CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] [6A059E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [750F5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] [6A0592CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] [6A059E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [750F5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] [6A059E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [750F5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] [6A059E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] [6A0592CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] [6A059E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] [6A0592CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] [6A059832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] [6A059E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] [6A0592CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] [6A059832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [750F5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] [6A059E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] [6A0592CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\QTRAYIME.EXE[412] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [750F5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 001F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 001F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 001F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 001F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 001F07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 001F0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 001F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 001F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 001F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 001F0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00670DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 001F0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00670E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00670E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 00670EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00670F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 769F0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 769F08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 769F0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 769F09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 001F0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 001F0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 769F0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 769F0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 769F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 769F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 769F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 769F0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 771C0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 771C09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 771C0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 771C0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00680400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00680470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 006804E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00680550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 006805C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00680630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 006806A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 771C0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 00680710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00680780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 002006A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 006902B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00690320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00690390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00200710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 002007F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00690400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00690470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 006904E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00690550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 006905C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00690630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 006906A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00690710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00690780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00200860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 002008D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00200940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00690B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1848] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00690BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 001F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 001F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 001F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 001F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 001F07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 001F0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 001F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 001F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 001F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 001F0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 002D0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 001F0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 002D0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 002D0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 002D0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 002D0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 769F0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 769F08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 769F0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 769F09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 001F0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 001F0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 769F0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 769F0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 769F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 769F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 769F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 769F0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 771C0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 771C09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 771C0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 771C0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 003E0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 003E0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 003E04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 003E0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 003E05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 003E0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 003E06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 771C0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 003E0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003E0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 002006A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 003F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 003F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 003F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00200710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 002007F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 003F0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 003F0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 003F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 003F0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 003F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 003F0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 003F06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 003F0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003F0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00200860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 002008D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00200940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 003F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3216] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 003F0BE0
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] [6A059832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] [6A05A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlLockHeap] [6A0594D8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlUnlockHeap] [6A0594E8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] [6A0592CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] [6A059E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlDestroyHeap] [6A0594B8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlCreateHeap] [6A0594A8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlExitUserProcess] [6A05AA9E] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] [6A059E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] [6A0592CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] [6A059832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [750F5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] [6A059E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] [6A0592CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] [6A0592CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] [6A059E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [750F5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] [6A05A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] [6A059832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] [6A0592CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] [6A059E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [750F5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] [6A059E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] [6A0592CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] [6A0592CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] [6A059E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] [6A059E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [750F5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] [6A059E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] [6A0592CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] [6A059832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] [6A059E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] [6A0592CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [750F5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [750F5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] [6A059E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] [6A0592CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] [6A0592CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] [6A059E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3344] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [750F5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 866551F8
Device \Driver\volmgr \Device\VolMgrControl 859821F8
Device \Driver\usbuhci \Device\USBPDO-0 86F001F8
Device \Driver\usbuhci \Device\USBPDO-1 86F001F8
Device \Driver\usbuhci \Device\USBPDO-2 86F001F8
Device \Driver\usbehci \Device\USBPDO-3 86EBF500
Device \Driver\usbuhci \Device\USBPDO-4 86F001F8

AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\usbuhci \Device\USBPDO-5 86F001F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{13291377-5C89-4837-90CB-CEF4C9D59DFB} 86E881F8
Device \Driver\usbuhci \Device\USBPDO-6 86F001F8
Device \Driver\volmgr \Device\HarddiskVolume1 859821F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbehci \Device\USBPDO-7 86EBF500
Device \Driver\volmgr \Device\HarddiskVolume2 859821F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 86D7B1F8
Device \Driver\volmgr \Device\HarddiskVolume3 859821F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 866531F8
Device \Driver\atapi \Device\Ide\IdePort0 866531F8
Device \Driver\atapi \Device\Ide\IdePort1 866531F8
Device \Driver\atapi \Device\Ide\IdePort2 866531F8
Device \Driver\atapi \Device\Ide\IdePort3 866531F8
Device \Driver\atapi \Device\Ide\IdePort4 866531F8
Device \Driver\atapi \Device\Ide\IdePort5 866531F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 866531F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-6 866531F8
Device \Driver\PCI_PNP6262 \Device\00000066 spyl.sys
Device \Driver\volmgr \Device\HarddiskVolume4 859821F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume5 859821F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBt_Wins_Export 86E881F8
Device \Driver\ACPI_HAL \Device\0000005a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\usbuhci \Device\USBFDO-0 86F001F8
Device \Driver\usbuhci \Device\USBFDO-1 86F001F8
Device \Driver\usbuhci \Device\USBFDO-2 86F001F8
Device \Driver\usbehci \Device\USBFDO-3 86EBF500
Device \Driver\usbuhci \Device\USBFDO-4 86F001F8
Device \Driver\sptd \Device\3042691262 spyl.sys
Device \Driver\usbuhci \Device\USBFDO-5 86F001F8
Device \Driver\usbuhci \Device\USBFDO-6 86F001F8
Device \Driver\usbehci \Device\USBFDO-7 86EBF500
Device \Driver\a8krwzk3 \Device\Scsi\a8krwzk31 870EC500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE9 0x65 0xCC 0x71 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x6A 0xC3 0xCF 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x6A 0x50 0x7E 0x8B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE9 0x65 0xCC 0x71 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x6A 0xC3 0xCF 0x88 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x6A 0x50 0x7E 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xEA 0xCA 0xDE 0x8E ...

---- EOF - GMER 1.0.15 ----

Attached Files

  • Attached File  gmer.log   122.75KB   1 downloads


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:07 AM

Posted 17 January 2010 - 08:12 AM

Hi,

happy to hear that. Please run a scan with Eset to check for remaining infections:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 dcrht

dcrht
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 17 January 2010 - 02:32 PM

C:\Windows.old.000\$Recycle.Bin\S-1-5-21-358072081-3747531061-3638451931-1001\$R346A5Y.exe a variant of Win32/Adware.ADON application deleted - quarantined

That's all! Thanks myrti thumbup.gif

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:07 AM

Posted 17 January 2010 - 02:41 PM

Hi,

that looks clean! smile.gif If you don't have any more problems with your PC I believe it is time to remove all the tools we used and let you go your way:

Please do the following to clean up your PC:
  1. Delete the tools used during the disinfection:
  2. Uninstall ComboFix.exe And all Backups of the files it deleted
    • Click START then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTC from the following mirror and save it to your desktop:
    • Double click on
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  3. If OTC faild to remove all programs from your Desktop, please delete the rest manually.
Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.
Some more links you might find of interest:Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:07 AM

Posted 23 January 2010 - 08:51 PM

Since the issue seems resolved, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users