Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect and more?


  • Please log in to reply
5 replies to this topic

#1 WhyDoComputersSuck

WhyDoComputersSuck

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 05 January 2012 - 07:44 AM

About a week ago I was hit with the XP Antispyware 2012 malware, and followed the instructions on this site to remove it. Since then I have been having some other redirect type issues: new tabs opening at random intervals pointing to some news7 type site, and also whole new firefox browser windows opening with about 10-20 tabs going to various parked ad type sites.

I installed the trial version of Kaspersky's AV product and scanned and found and quarantined a variety of trojans, I also ran MalwareBytes and removed some things that way. I'm still seeing these issues, and subsequent scans are coming up with nothing.

Occasionally my machine gets very sluggish as well. This morning Kaspersky reported finding this: HEUR:Trojan.Script.Iframer infecting my ping.exe, but beyond denying it, it doesn't appear to have removed the problem.

Thanks in advance!

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:12 PM

Posted 05 January 2012 - 09:41 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 WhyDoComputersSuck

WhyDoComputersSuck
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 06 January 2012 - 07:54 PM

Ran them all. I rebooted my machine right after running GMER and my user profile was missing... I was able to do a system restore and get it back. Is this another symptom or a potential side effect of the tool?

Here are the logs:

======================================================================================================================================================
= checkup.txt
======================================================================================================================================================
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
SUPERAntiSpyware
Secunia PSI (2.0.0.4003)
Java™ 6 Update 29
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Kaspersky Lab Kaspersky PURE avp.exe
``````````End of Log````````````

======================================================================================================================================================
= FSS.txt
======================================================================================================================================================
Farbar Service Scanner
Ran by Nick (administrator) on 06-01-2012 at 07:12:13
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(8) Gpc(6) IPSec(4) kl1(10) NetBT(5) PSched(7) Tcpip(3) TVTPktFilter(9)
0x0A0000000A000000040000000100000002000000030000000500000006000000070000000800000009000000


**** End of log ****

======================================================================================================================================================= MiniToolBox
======================================================================================================================================================
MiniToolBox by Farbar
Ran by Nick (administrator) on 06-01-2012 at 07:13:27
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Intel® 82566MM Gigabit Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : LENOVO-F64097DC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : homeEthernet adapter Wireless Network Connection: Connection-specific DNS Suffix . : home Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN Physical Address. . . . . . . . . : 00-1F-3B-82-D4-B9 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.4 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.1 Lease Obtained. . . . . . . . . . : Friday, January 06, 2012 6:42:13 AM Lease Expires . . . . . . . . . . : Saturday, January 07, 2012 6:42:12 AMEthernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Intel® 82566MM Gigabit Network Connection Physical Address. . . . . . . . . : 00-1C-25-B6-9B-C1Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.115.104, 74.125.115.103, 74.125.115.147, 74.125.115.106
74.125.115.99, 74.125.115.105

Pinging google.com [74.125.113.105] with 32 bytes of data:Reply from 74.125.113.105: bytes=32 time=55ms TTL=49Reply from 74.125.113.105: bytes=32 time=56ms TTL=49Ping statistics for 74.125.113.105: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 55ms, Maximum = 56ms, Average = 55msServer: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.137.149.56, 98.139.180.149, 209.191.122.70, 72.30.2.43

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:Reply from 209.191.122.70: bytes=32 time=67ms TTL=50Reply from 209.191.122.70: bytes=32 time=82ms TTL=50Ping statistics for 209.191.122.70: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 67ms, Maximum = 82ms, Average = 74msServer: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1f 3b 82 d4 b9 ...... Intel® Wireless WiFi Link 4965AGN - Packet Scheduler Miniport
0x3 ...00 1c 25 b6 9b c1 ...... Intel® 82566MM Gigabit Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.4 192.168.1.4 25
192.168.1.4 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.4 192.168.1.4 25
224.0.0.0 240.0.0.0 192.168.1.4 192.168.1.4 25
255.255.255.255 255.255.255.255 192.168.1.4 3 1
255.255.255.255 255.255.255.255 192.168.1.4 192.168.1.4 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/05/2012 06:03:07 PM) (Source: Application Error) (User: )
Description: Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.
Processing media-specific event for [SearchIndexer.exe!ws!]

Error: (01/05/2012 05:26:19 PM) (Source: Application Error) (User: )
Description: Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.
Processing media-specific event for [SearchIndexer.exe!ws!]

Error: (01/05/2012 06:34:05 AM) (Source: Diskeeper) (User: )
Description: Diskeeper Control Center - ERROR
Diskeeper was not able to initialize RPC.

Error: (01/05/2012 06:34:05 AM) (Source: Diskeeper) (User: )
Description: Diskeeper Control Center - ERROR
No valid endpoint could be found.

Error: (01/04/2012 05:53:35 PM) (Source: Application Error) (User: )
Description: Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.
Processing media-specific event for [SearchIndexer.exe!ws!]

Error: (01/04/2012 05:26:30 PM) (Source: Diskeeper) (User: )
Description: Diskeeper Control Center - ERROR
Diskeeper was not able to initialize RPC.

Error: (01/04/2012 05:26:30 PM) (Source: Diskeeper) (User: )
Description: Diskeeper Control Center - ERROR
No valid endpoint could be found.

Error: (01/04/2012 07:06:52 AM) (Source: Application Error) (User: )
Description: Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.
Processing media-specific event for [SearchIndexer.exe!ws!]

Error: (01/04/2012 07:04:19 AM) (Source: Application Error) (User: )
Description: Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.
Processing media-specific event for [SearchIndexer.exe!ws!]

Error: (01/04/2012 06:57:20 AM) (Source: Application Error) (User: )
Description: Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting module tquery.dll, version 7.0.6001.16503, fault address 0x00019c07.
Processing media-specific event for [SearchIndexer.exe!ws!]


System errors:
=============
Error: (01/05/2012 06:06:58 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 3 time(s).

Error: (01/05/2012 06:03:13 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/05/2012 05:27:18 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (01/05/2012 05:26:44 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/05/2012 07:48:41 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/05/2012 07:34:13 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/05/2012 07:29:50 AM) (Source: DCOM) (User: Nick)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (01/05/2012 07:29:36 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/05/2012 07:29:08 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
ANC
CSVirtualDiskDrv
Fips
IBMTPCHK
intelppm
IPSec
kl1
KLIF
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip
TPHKDRV
TPPWRIF
TSMAPIP
tvtumon

Error: (01/05/2012 07:29:08 AM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31


Microsoft Office Sessions:
=========================
Error: (01/05/2012 06:03:07 PM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.6001.16503tquery.dll7.0.6001.1650300019c07

Error: (01/05/2012 05:26:19 PM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.6001.16503tquery.dll7.0.6001.1650300019c07

Error: (01/05/2012 06:34:05 AM) (Source: Diskeeper)(User: )
Description: Diskeeper was not able to initialize RPC.

Error: (01/05/2012 06:34:05 AM) (Source: Diskeeper)(User: )
Description: No valid endpoint could be found.

Error: (01/04/2012 05:53:35 PM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.6001.16503tquery.dll7.0.6001.1650300019c07

Error: (01/04/2012 05:26:30 PM) (Source: Diskeeper)(User: )
Description: Diskeeper was not able to initialize RPC.

Error: (01/04/2012 05:26:30 PM) (Source: Diskeeper)(User: )
Description: No valid endpoint could be found.

Error: (01/04/2012 07:06:52 AM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.6001.16503tquery.dll7.0.6001.1650300019c07

Error: (01/04/2012 07:04:19 AM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.6001.16503tquery.dll7.0.6001.1650300019c07

Error: (01/04/2012 06:57:20 AM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.6001.16503tquery.dll7.0.6001.1650300019c07


=========================== Installed Programs ============================

(Version: 1.0.4.0)
Access Help (Version: 2.02)
Ad-Aware (Version: 9.6.0)
Ad-Aware Security Toolbar (Version: 0.9.1.8)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.11)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 8.3.1 (Version: 8.3.1)
Client Security Solution (Version: 8.00.0311.00)
Diskeeper Lite (Version: 9.0.541)
Epson Event Manager (Version: 2.30.01)
EPSON Scan
EPSON WorkForce 610 Series Printer Uninstall
EpsonNet Print (Version: 2.4i)
EpsonNet Setup (Version: 3.1c)
GIMP 2.6.11 (Version: 2.6.11)
GnuCash 2.4.8
Help Center (Version: 2.00c)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software (Version: 11.01.0.API)
InterVideo Register Manager (Version: 1.0.4.0)
InterVideo WinDVD (Version: 5.0-B11.1156)
InterVideo WinDVD Creator 3 (Version: 3.0.01.196)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Kaspersky PURE (Version: 9.1.0.124)
Lenovo Registration
Maintenance Manager (Version: 3.0.5.0)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
mCore (Version: 9.21.0000)
mDriver (Version: 9.21.0000)
Message Center (Version: 2.01b)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
mMHouse (Version: 9.21.0000)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
mPfMgr (Version: 9.21.0000)
mProSafe (Version: 9.00.0000)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.00.3883.8)
mWlsSafe (Version: 9.00.0000)
NVIDIA Drivers
On Screen Display (Version: 5.04)
OpenOffice.org 3.3 (Version: 3.3.9567)
PC-Doctor 5 for Windows (Version: 5.00.4565.08)
Picasa 3 (Version: 3.8)
Presentation Director (Version: 3.04)
Productivity Center Supplement for ThinkPad (Version: 2.00)
RecordNow Audio (Version: 2.0.4)
RecordNow Copy (Version: 2.0.4)
RecordNow Data (Version: 2.0.4)
Remove Multimedia Center
Rescue and Recovery (Version: 4.21.0016.00)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (Version: 3.52.02)
Secunia PSI (2.0.0.4003) (Version: 2.0.0.4003)
Sonic DLA (Version: 5.2.0)
Sonic Express Labeler (Version: 2.1.0)
Sonic Icons for Lenovo (Version: 1.0.2)
Sonic Update Manager (Version: 3.0.0)
SoundMAX (Version: 5.10.01.5410)
SUPERAntiSpyware (Version: 5.0.1142)
System Migration Assistant (Version: 5.20.0033)
System Update (Version: 3.15.0017)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 5.1.0.3100)
ThinkPad EasyEject Utility (Version: 2.32)
ThinkPad FullScreen Magnifier (Version: 1.16)
ThinkPad Modem (Version: 7.62.00)
ThinkPad PC Card Power Policy (Version: 1.02)
ThinkPad Power Management Driver (Version: 1.43)
ThinkPad Power Manager (Version: 1.22)
ThinkPad UltraNav Driver (Version: 7.5.17.24)
ThinkPad UltraNav Utility (Version: 1.03)
ThinkVantage Access Connections (Version: 4.42)
ThinkVantage Active Protection System (Version: 1.54)
ThinkVantage Productivity Center (Version: 2.10)
ThinkVantage Technologies Welcome Message (Version: 1.18)
VLC media player 1.1.11 (Version: 1.1.11)
Wallpapers
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Toolbar (Version: 03.01.0130)
Windows Management Framework Core
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
XP Themes (Version: 1.00.0000)

========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 3054.22 MB
Available physical RAM: 1739.88 MB
Total Pagefile: 4939.02 MB
Available Pagefile: 3826.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1955.75 MB

========================= Partitions: =====================================

1 Drive c: (Preload) (Fixed) (Total:142.35 GB) (Free:117.69 GB) NTFS
3 Drive y: (nick) (Network) (Total:818.46 GB) (Free:747.2 GB) NTFS
4 Drive z: (public) (Network) (Total:818.46 GB) (Free:747.2 GB) NTFS

========================= Users: ========================================

User accounts for \\LENOVO-F64097DC

Administrator ASPNET Guest
HelpAssistant Kate Nick
SUPPORT_388945a0


**** End of log ****

======================================================================================================================================================
= MBAM
======================================================================================================================================================
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.06.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Nick :: LENOVO-F64097DC [administrator]

1/6/2012 7:17:13 AM
mbam-log-2012-01-06 (07-17-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207607
Time elapsed: 11 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#4 WhyDoComputersSuck

WhyDoComputersSuck
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 06 January 2012 - 07:56 PM

======================================================================================================================================================
= GMER
======================================================================================================================================================
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-06 19:27:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HITACHI_ rev.DCDZ
Running: 82fswim9.exe; Driver: C:\DOCUME~1\Nick\LOCALS~1\Temp\kwkcrpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB3251598]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xB3251E18]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xB325292E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xB3252EA0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xB32520FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xB3250442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xB3252D78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xB325119E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xB3252C34]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xB325135A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xB3252FD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB3254C14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xB3251AB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xB3252CD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xB3254606]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xB3250A06]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xB3250D94]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xB3252582]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xB32555D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xB3250ED6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xB3250F80]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xB325238E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xB3254698]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xB325041E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xB3250430]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xB3254CC8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xB32510CC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xB3252F42]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xB3251E9A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xB32505E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xB3252E10]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xB325179E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xB3254C3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xB3253074]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xB32516C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xB325102A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xB3250C52]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xB3254FE0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xB32508A2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xB325492E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xB3250B1A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xB32502BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xB32533FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xB32532C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xB32543A6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xB3257E38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xB32554B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xB3250254]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xB3252668]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xB3251CD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xB3253C56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xB3254792]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xB3255120]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xB325072A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xB3255204]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xB325532C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xB3254532]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB131A640]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xB325186C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xB3254E96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xB32519F6]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP B32464DC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP B32468B6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 16 Bytes [5A, 13, 25, B3, D2, 2F, 25, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 12 Bytes [98, 46, 25, B3, 1E, 04, 25, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2DC0 8050465C 8 Bytes CALL 91036B66
.text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80504780 16 Bytes [1A, 0B, 25, B3, BC, 02, 25, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [04, 52, 25, B3, 2C, 53, 25, ...]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7F75360, 0x30A257, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] USER32.dll!AlignRects 7E412A78 4 Bytes [E0, 13, 38, 6D]
.text C:\WINDOWS\system32\SearchIndexer.exe[4392] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
? C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] USER32.dll!AlignRects 7E412A78 4 Bytes [E0, 13, 38, 6D]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5544] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106C3A89 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5544] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106C3A1B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5544] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1046C909 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5544] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1046CEBD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0138B750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5912] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 025E0001
.text C:\Program Files\Mozilla Firefox\firefox.exe[5912] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A50F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5912] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 71A20F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5912] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5912] WS2_32.dll!send 71AB4C27 6 Bytes JMP 719F0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5912] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71960F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5912] WS2_32.dll!recv 71AB676F 6 Bytes JMP 719C0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5912] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 71990F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5912] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 71930F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [B2631DC0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [B2631DC0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00370240
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 003702B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 00370320
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00370390
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 00B70860
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 00B708D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 00B70940
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00B709B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00B70A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B70A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 00370630
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 003706A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 00370710
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 00370780
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 003707F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00B70B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00B70B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00B70BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 00370860
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B70C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00B70CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00B70D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00B70DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00B70E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] 003709B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00370A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 00370A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 00370B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 00370B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B70E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 00B70EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 00B70F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7D1F0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 00370BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 00370C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 7D1F06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 00370CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 7D1F0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 7D1F07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7D1F08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7D1F09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00370EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00370F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 7D1F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7D1F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7D1F0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7D1E0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 00B80240
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B802B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00B80320
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00B80390
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00B80400
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 00B80470
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 00B804E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 00B80550
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7D1E0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 7D1E09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 7D1E0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7D1E0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 00B805C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 7D1E0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 7D1E0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 00380010
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B80780
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00B807F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00B80860
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 00B808D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00B80940
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00B809B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00B80A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 00380080
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00B80A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00B80B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] 00B80B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 003800F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B80BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00B80C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00B80CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 00B80D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00B80DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00B80E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 00B80E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 00B80EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00B80F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00380160
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 003801D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00B90010
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00B90080
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00B900F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00B90160
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00B901D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00B90240
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00B902B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 00B90320
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00380470
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00B90390
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00B90400
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 00B90470
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 003804E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B904E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00380550
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 00BA05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 00BA0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 00BA06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 00BA0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 00BA0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 00BA0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] 00BA0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 00BA0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 00BA0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 00BA0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 00BA0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 00BA0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BA0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7D1E0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapDestroy] 7D1E0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7D1E0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 7D1F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 7D1F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 7D1F0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 7D1F0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 7D1F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualFree] 7D1E0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[1360] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualAlloc] 7D1E02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00370240
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 003702B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 00370320
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00370390
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 014F0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 014F08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 014F0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 014F09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 014F0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 014F0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 00370630
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 003706A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 00370710
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 00370780
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 003707F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 014F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 014F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 014F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 00370860
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 014F0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 014F0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 014F0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 014F0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 014F0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] 003709B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00370A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 00370A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 00370B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 00370B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 014F0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 014F0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 014F0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7D1F0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 00370BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 00370C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 7D1F06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 00370CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 7D1F0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 7D1F07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7D1F08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7D1F09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00370EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00370F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 7D1F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7D1F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7D1F0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7D1E0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 01500240
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 015002B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 01500320
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 01500390
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 01500400
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 01500470
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 015004E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 01500550
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7D1E0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 7D1E09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 7D1E0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7D1E0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 015005C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 7D1E0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 7D1E0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 00380010
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01500780
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 015007F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 01500860
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 015008D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 01500940
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 015009B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 01500A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 00380080
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 01500A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 01500B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] 01500B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 003800F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01500BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 01500C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 01500CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 01500D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 01500DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 01500E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 01500E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 01500EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 01500F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00380160
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 003801D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 01510010
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 01510080
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 015100F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 01510160
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 015101D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 01510240
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 015102B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 01510320
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00380470
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 01510390
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 01510400
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 01510470
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 003804E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 015104E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00380550
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7D1E0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 01520B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 01520B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 01520BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 01520C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01520CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 01520D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01520DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 01520E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA] 01520E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 01520EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 015305C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 01530630
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 015306A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 01530710
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01530D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualFree] 7D1E0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualAlloc] 7D1E02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 01540B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 01540B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] 01540BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 01540C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 01540CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 01540D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 01540DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 01540E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01540E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapDestroy] 7D1E0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 7D1F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe[4728] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7D1E0010

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys (Windows Update Monitor Driver/Lenovo)
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 klmouflt.sys (KLMOUFLT Mouse Device Filter [fre_wnet_x86]/Kaspersky Lab)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \FileSystem\Fastfat \Fat A782ED20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat tvtumon.sys (Windows Update Monitor Driver/Lenovo)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Files - GMER 1.0.15 ----

File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\css.dat 8192 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\restore.log 110 bytes
File C:\RRbackups\common\rr.log 14991 bytes
File C:\RRbackups\common\SAM 262144 bytes
File C:\RRbackups\common\seccache.dat 8192 bytes
File C:\RRbackups\common\secpolicy.dat 53248 bytes
File C:\RRbackups\common\settings.dat 28672 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtcmn.dat 8192 bytes
File C:\RRbackups\common\tvtns.bin 23 bytes
File C:\RRbackups\common\usersids.dat 16640 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1145191951-4028459055-153634962-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1145191951-4028459055-153634962-500\f0fd6cf4-d03a-4922-a312-00c22ddd2c10 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1145191951-4028459055-153634962-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-769316030-3331706265-430942577-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-769316030-3331706265-430942577-500\ed7c78c0-3f76-40a7-92ba-ab8c4ba80187 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-769316030-3331706265-430942577-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\3640db8912e4e3c4eb1f79f871f92f7c_eb368bab-7b7f-4a7b-b473-65144d99406a 1273 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_eb368bab-7b7f-4a7b-b473-65144d99406a 57 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6b29ae44e85efac3c72ff4d1865d73f1_eb368bab-7b7f-4a7b-b473-65144d99406a 53 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_eb368bab-7b7f-4a7b-b473-65144d99406a 47 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_eb368bab-7b7f-4a7b-b473-65144d99406a 54 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\b973ec0ff915c48a18fe09064ce3a22d_eb368bab-7b7f-4a7b-b473-65144d99406a 56 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_eb368bab-7b7f-4a7b-b473-65144d99406a 893 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1145191951-4028459055-153634962-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1145191951-4028459055-153634962-500\f0fd6cf4-d03a-4922-a312-00c22ddd2c10 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1145191951-4028459055-153634962-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-769316030-3331706265-430942577-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-769316030-3331706265-430942577-500\ed7c78c0-3f76-40a7-92ba-ab8c4ba80187 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-769316030-3331706265-430942577-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Kate 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3489753496-2937959677-369318739-1006 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3489753496-2937959677-369318739-1006\6b29ae44e85efac3c72ff4d1865d73f1_eb368bab-7b7f-4a7b-b473-65144d99406a 53 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3489753496-2937959677-369318739-1006\83aa4cc77f591dfc2374580bbd95f6ba_eb368bab-7b7f-4a7b-b473-65144d99406a 45 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Protect\S-1-5-21-1145191951-4028459055-153634962-500 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Protect\S-1-5-21-1145191951-4028459055-153634962-500\f0fd6cf4-d03a-4922-a312-00c22ddd2c10 388 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Protect\S-1-5-21-1145191951-4028459055-153634962-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Protect\S-1-5-21-3489753496-2937959677-369318739-1006 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Protect\S-1-5-21-3489753496-2937959677-369318739-1006\d4f478fb-2593-4f00-857d-221b30ed0f79 388 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Protect\S-1-5-21-3489753496-2937959677-369318739-1006\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Protect\S-1-5-21-769316030-3331706265-430942577-500 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Protect\S-1-5-21-769316030-3331706265-430942577-500\ed7c78c0-3f76-40a7-92ba-ab8c4ba80187 388 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\Protect\S-1-5-21-769316030-3331706265-430942577-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Kate\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Nick 0 bytes

File C:\RRbackups\Documents and Settings\Nick\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3489753496-2937959677-369318739-1005 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3489753496-2937959677-369318739-1005\6b29ae44e85efac3c72ff4d1865d73f1_eb368bab-7b7f-4a7b-b473-65144d99406a 53 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3489753496-2937959677-369318739-1005\83aa4cc77f591dfc2374580bbd95f6ba_eb368bab-7b7f-4a7b-b473-65144d99406a 45 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3489753496-2937959677-369318739-1005\8f71098770f72c7a67cd8f1151619865_eb368bab-7b7f-4a7b-b473-65144d99406a 54 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Protect\CREDHIST 160 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Protect\S-1-5-21-1145191951-4028459055-153634962-500 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Protect\S-1-5-21-1145191951-4028459055-153634962-500\f0fd6cf4-d03a-4922-a312-00c22ddd2c10 388 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Protect\S-1-5-21-1145191951-4028459055-153634962-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Protect\S-1-5-21-3489753496-2937959677-369318739-1005 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Protect\S-1-5-21-3489753496-2937959677-369318739-1005\12e430e6-3184-4d7a-a5d4-fc83b288950e 388 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Protect\S-1-5-21-3489753496-2937959677-369318739-1005\9bb115ac-6b0c-423a-b67b-7f813a9662e6 388 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Protect\S-1-5-21-3489753496-2937959677-369318739-1005\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Protect\S-1-5-21-769316030-3331706265-430942577-500 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Protect\S-1-5-21-769316030-3331706265-430942577-500\ed7c78c0-3f76-40a7-92ba-ab8c4ba80187 388 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\Protect\S-1-5-21-769316030-3331706265-430942577-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Nick\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\FR 0 bytes
File C:\RRbackups\FR\KernelFileDigest.dat 17562 bytes
File C:\RRbackups\FR\UF 0 bytes
File C:\RRbackups\FR\UF\boot.ini 211 bytes
File C:\RRbackups\FR\UF\documents and settings 0 bytes
File C:\RRbackups\FR\UF\documents and settings\default user 0 bytes
File C:\RRbackups\FR\UF\documents and settings\default user\ntuser.dat 1048576 bytes
File C:\RRbackups\FR\UF\NTDETECT.COM 47564 bytes
File C:\RRbackups\FR\UF\NTLDR 250048 bytes
File C:\RRbackups\FR\UF\Windows 0 bytes
File C:\RRbackups\FR\UF\Windows\explorer.exe 1033728 bytes executable
File C:\RRbackups\FR\UF\Windows\Fonts 0 bytes
File C:\RRbackups\FR\UF\Windows\Fonts\mangal.ttf 143864 bytes
File C:\RRbackups\FR\UF\Windows\Fonts\marlett.ttf 24124 bytes
File C:\RRbackups\FR\UF\Windows\Fonts\micross.ttf 461672 bytes
File C:\RRbackups\FR\UF\Windows\Fonts\mvboli.ttf 40500 bytes
File C:\RRbackups\FR\UF\Windows\Fonts\vgaoem.fon 5168 bytes
File C:\RRbackups\FR\UF\Windows\system32 0 bytes
File C:\RRbackups\FR\UF\Windows\system32\advapi32.dll 617472 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\advpack.dll 128512 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\authz.dll 62464 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\autochk.exe 588800 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\basesrv.dll 52736 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\bootvid.dll 12288 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\browseui.dll 1025024 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\chkdsk.exe 11776 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\cmd.exe 389120 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\comctl32.dll 617472 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\comdlg32.dll 276992 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\config 0 bytes
File C:\RRbackups\FR\UF\Windows\system32\config\default 262144 bytes
File C:\RRbackups\FR\UF\Windows\system32\config\SAM 262144 bytes
File C:\RRbackups\FR\UF\Windows\system32\config\SECURITY 262144 bytes
File C:\RRbackups\FR\UF\Windows\system32\config\software 24117248 bytes
File C:\RRbackups\FR\UF\Windows\system32\config\system 5767168 bytes
File C:\RRbackups\FR\UF\Windows\system32\config\userdiff 262144 bytes
File C:\RRbackups\FR\UF\Windows\system32\crypt32.dll 599040 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\cryptdll.dll 33280 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\cryptui.dll 512512 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\cscdll.dll 101888 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\csrsrv.dll 33280 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\csrss.exe 6144 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\c_1252.nls 66082 bytes
File C:\RRbackups\FR\UF\Windows\system32\c_936.nls 196642 bytes
File C:\RRbackups\FR\UF\Windows\system32\dnsapi.dll 149504 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\doskey.exe 10752 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\dpcdll.dll 102912 bytes
File C:\RRbackups\FR\UF\Windows\system32\drivers 0 bytes
File C:\RRbackups\FR\UF\Windows\system32\drivers\acpi.sys 187776 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\acpiec.sys 11648 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\afd.sys 138496 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\amdk6.sys 37376 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\amdk7.sys 37760 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\arp1394.sys 60800 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\asyncmac.sys 14336 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\atapi.sys 96512 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\atmarpc.sys 59904 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\atmepvc.sys 31360 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\atmlane.sys 55808 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\atmuni.sys 352256 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\audstub.sys 3072 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\beep.sys 4224 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\bridge.sys 71552 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\cbidf2k.sys 13952 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\cdaudio.sys 18688 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\cdfs.sys 63744 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\cdrom.sys 62976 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\classpnp.sys 49536 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\cpqdap01.sys 11776 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\crusoe.sys 36736 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\disk.sys 36352 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\diskdump.sys 14208 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\dmboot.sys 799744 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\dmio.sys 153344 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\dmload.sys 5888 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\dxapi.sys 10496 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\dxg.sys 71168 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\dxgthk.sys 3328 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\fastfat.sys 143744 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\fdc.sys 27392 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\fips.sys 44544 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\flpydisk.sys 20480 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\fltMgr.sys 129792 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\fsvga.sys 12160 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\fs_rec.sys 7936 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ftdisk.sys 125056 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\hidclass.sys 36864 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\hidparse.sys 24960 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\hidusb.sys 10368 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\http.sys 265728 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\i8042prt.sys 52480 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\imapi.sys 42112 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\intelppm.sys 36352 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ip6fw.sys 36608 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ipfltdrv.sys 32896 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ipinip.sys 20864 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ipnat.sys 152832 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ipsec.sys 75264 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\irenum.sys 11264 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\isapnp.sys 37248 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\kbdclass.sys 24576 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ks.sys 141056 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ksecdd.sys 92928 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mcd.sys 7680 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mnmdd.sys 4224 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\modem.sys 30080 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mouclass.sys 23040 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mouhid.sys 12160 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mountmgr.sys 42368 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mrxdav.sys 180608 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mrxsmb.sys 456320 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\msfs.sys 19072 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\msgpc.sys 35072 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mssmbios.sys 15488 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\mup.sys 105472 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ndis.sys 182656 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ndistapi.sys 10496 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ndisuio.sys 14592 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ndiswan.sys 91520 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ndproxy.sys 40960 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\netbios.sys 34688 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\netbt.sys 162816 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\nikedrv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\nmnt.sys 40320 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\npfs.sys 30848 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ntfs.sys 574976 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\null.sys 2944 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\nwlnkflt.sys 12416 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\nwlnkfwd.sys 32512 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\nwlnkipx.sys 88320 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\nwlnknb.sys 63232 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\nwlnkspx.sys 55936 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\oprghdlr.sys 3456 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\p3.sys 42752 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\parport.sys 80128 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\partmgr.sys 19712 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\parvdm.sys 6784 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\pci.sys 68224 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\pciide.sys 3328 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\pciidex.sys 24960 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\processr.sys 35840 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\psched.sys 69120 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ptilink.sys 17792 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rasacd.sys 8832 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rasl2tp.sys 51328 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\raspppoe.sys 41472 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\raspptp.sys 48384 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\raspti.sys 16512 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rawwan.sys 34432 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rdbss.sys 175744 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rdpcdd.sys 4224 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rdpdr.sys 196224 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rdpwd.sys 139656 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\redbook.sys 57600 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rio8drv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\riodrv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\RMCast.sys 203136 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rndismp.sys 30592 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\rootmdm.sys 5888 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\cinemst2.sys 262528 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\gm.dls 3440660 bytes
File C:\RRbackups\FR\UF\Windows\system32\drivers\mf.sys 63744 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\nic1394.sys 61824 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\pcmcia.sys 120192 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\scsiport.sys 96384 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tdtcp.sys 21896 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\sdbus.sys 79232 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\secdrv.sys 20480 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\serenum.sys 15744 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\serial.sys 64512 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\sffdisk.sys 11904 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\sffp_sd.sys 11008 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\sfloppy.sys 11392 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\smclib.sys 14592 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\sonydcam.sys 25344 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\sr.sys 73472 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\srv.sys 357888 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\stream.sys 49408 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\swenum.sys 4352 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\syntp.sys 177664 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tape.sys 14976 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tcpip.sys 361600 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tcpip6.sys 226880 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tdi.sys 19072 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tdpipe.sys 12040 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\termdd.sys 40840 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tosdvd.sys 51712 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tsbvcap.sys 21376 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\tunmp.sys 12288 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\udfs.sys 66048 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\update.sys 384768 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usb8023.sys 12800 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbcamd.sys 25600 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbcamd2.sys 25728 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbd.sys 4736 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbehci.sys 30208 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbhub.sys 59520 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbintel.sys 15872 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbport.sys 143872 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbstor.sys 26368 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\usbuhci.sys 20608 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\vdmindvd.sys 58112 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\vga.sys 20992 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\videoprt.sys 81664 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\volsnap.sys 52352 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\wanarp.sys 34560 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\wmilib.sys 4352 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\drivers\ws2ifsl.sys 12032 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\duser.dll 304128 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\eventlog.dll 56320 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\faultrep.dll 80384 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\feclient.dll 21504 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\filemgmt.dll 337920 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\fldrclnr.dll 87552 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\fltlib.dll 16896 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\fmifs.dll 16384 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\fontext.dll 382976 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\fontsub.dll 81920 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\framebuf.dll 9344 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\fsusd.dll 81408 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\fwcfg.dll 60416 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\gdi32.dll 286720 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\hal.dll 134400 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\imagehlp.dll 144384 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\imm32.dll 110080 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\iphlpapi.dll 94720 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\kdcom.dll 7040 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\kernel32.dll 989696 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\licdll.dll 423936 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\locale.nls 265948 bytes
File C:\RRbackups\FR\UF\Windows\system32\logonui.exe 514560 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\lsasrv.dll 730112 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\lsass.exe 13312 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\lz32.dll 2560 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\l_intl.nls 7046 bytes
File C:\RRbackups\FR\UF\Windows\system32\mfc42.dll 978944 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\mfc42u.dll 974848 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\mmc.exe 1414656 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\mobsync.dll 207360 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\msasn1.dll 58880 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\msgina.dll 997376 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\msimg32.dll 4608 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\msprivs.dll 48128 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\msv1_0.dll 136192 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\msvcp60.dll 413696 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\msvcrt.dll 343040 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\ncobjapi.dll 36352 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\nddeapi.dll 17920 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\netapi32.dll 337408 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\netrap.dll 11776 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\notepad.exe 69120 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\ntdll.dll 718336 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\ntdsapi.dll 67072 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\ntoskrnl.exe 2148864 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\ntsdexts.dll 36864 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\odbc32.dll 249856 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\odbcint.dll 94208 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\oembios.dat 4547 bytes
File C:\RRbackups\FR\UF\Windows\system32\oembios.sig 7208 bytes
File C:\RRbackups\FR\UF\Windows\system32\ole32.dll 1288704 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\oleacc.dll 220160 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\oleaccrc.dll 20480 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\oleaut32.dll 551936 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\profmap.dll 27648 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\psapi.dll 23040 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\regapi.dll 49664 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\rpcrt4.dll 590848 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\rpcss.dll 401408 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\rsaenh.dll 208384 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\rundll32.exe 33280 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\samlib.dll 64000 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\samsrv.dll 415744 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\scesrv.dll 314880 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\secupd.dat 4569 bytes
File C:\RRbackups\FR\UF\Windows\system32\secupd.sig 7208 bytes
File C:\RRbackups\FR\UF\Windows\system32\services.exe 110592 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\setupapi.dll 985088 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\sfc.dll 5120 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\sfc_os.dll 140288 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\shdocvw.dll 1499136 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\shell32.dll 8462336 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\shfolder.dll 25088 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\shgina.dll 68096 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\shlwapi.dll 474112 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\shsvcs.dll 135168 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\smss.exe 50688 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\sortkey.nls 262148 bytes
File C:\RRbackups\FR\UF\Windows\system32\sorttbls.nls 23044 bytes
File C:\RRbackups\FR\UF\Windows\system32\svchost.exe 14336 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\sxs.dll 713216 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\umpnpmgr.dll 123392 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\unicode.nls 89588 bytes
File C:\RRbackups\FR\UF\Windows\system32\usbmon.dll 16896 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\ctype.nls 8386 bytes
File C:\RRbackups\FR\UF\Windows\system32\ftsrch.dll 176128 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\mpr.dll 59904 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\oembios.bin 13107200 bytes
File C:\RRbackups\FR\UF\Windows\system32\secur32.dll 56832 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\usbui.dll 74240 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\user32.dll 578560 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\userenv.dll 727040 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\userinit.exe 26112 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\uxtheme.dll 218624 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\version.dll 18944 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\vga.dll 9344 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\vga.drv 2176 bytes
File C:\RRbackups\FR\UF\Windows\system32\watchdog.sys 17664 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\win32k.sys 1859584 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\wininet.dll 916992 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\winlogon.exe 507904 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\winmm.dll 176128 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\winspool.drv 146432 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\winspool.exe 2112 bytes
File C:\RRbackups\FR\UF\Windows\system32\winsrv.dll 293376 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\winsta.dll 53760 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\winstrm.dll 18944 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\wintrust.dll 177664 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\wldap32.dll 172032 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\ws2help.dll 19968 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\ws2_32.dll 82432 bytes executable
File C:\RRbackups\FR\UF\Windows\system32\wsock32.dll 22528 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.cat 7232 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.Manifest 1819 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.cat 7238 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.Manifest 1784 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.cat 7433 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest 1862 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.Manifest 494 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.cat 7433 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.Manifest 500 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.cat 7236 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.Manifest 391 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.cat 7431 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.Manifest 397 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.cat 10678 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.cat 10678 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.Manifest 1187 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.cat 7236 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.Manifest 640 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.cat 10680 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.Manifest 1237 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.cat 7238 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.Manifest 1883 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.cat 7431 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.Policy 605 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.cat 10680 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.Policy 625 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.cat 10678 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.Policy 641 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.cat 10678 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.Policy 641 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.cat 7429 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy 621 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.cat 7433 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.Policy 623 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll 74802 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42.dll 995383 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42u.dll 995384 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\msvcp60.dll 401462 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 921088 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 1050624 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll 50688 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll 54784 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll 343040 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll 1700352 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll 1712128 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll 853504 bytes executable
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95 0 bytes
File C:\RRbackups\FR\UF\Windows\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll 991232 bytes executable
File C:\RRbackups\FR\UpdatingFiles.dat 17 bytes
File C:\WINDOWS\$NtUninstallKB5536$\1584299710 0 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380 0 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\bckfg.tmp 863 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\cfg.ini 198 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\keywords 169 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\L 0 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\L\hvmonmrs 52480 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\U 0 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\U\80000000.@ 11264 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB5536$\2563542380\U\80000032.@ 77312 bytes

---- EOF - GMER 1.0.15 ----

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:12 PM

Posted 06 January 2012 - 08:46 PM

You'll need more advanced help.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 WhyDoComputersSuck

WhyDoComputersSuck
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 07 January 2012 - 10:41 AM

Thanks for the help!

The new thread is here: http://www.bleepingcomputer.com/forums/topic436777.html

Edited by WhyDoComputersSuck, 07 January 2012 - 10:41 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users