Google Re-directing virus and performance issues

Posted 10/6/2010 1:47 AM
#89288
User avatar

brifye24 Valued member

Date Joined Nov 2016
Total Posts: 18
So I have been having Computer issues and a nasty redirecting virus on Google links. My computer has been running extremely slow as well and when I restart the PC I get RunDll errors. Was unable to run mbam and update but I changed the name of the exe and mbam worked and updated fine. I found 18 Infections and here is the log for that


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4748

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

10/5/2010 9:23:13 PM
mbam-log-2010-10-05 (21-23-13).txt

Scan type: Full scan (C:\|)
Objects scanned: 216636
Time elapsed: 3 hour(s), 0 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 10
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\wvtrsr.dll (Trojan.Hiloti.Gen) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rqpnmnsys (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wvvtsqaudio (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ssqqnoaudio (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mlmjkksys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iihhfgaudio (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\awttrpaudio (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hgfeefsys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cbxvttaudio (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hgfeefsys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cbxvttaudio (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\wvtrsr.dll (Trojan.Hiloti.Gen) -> Delete on reboot.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rqrqqn.dll.vir (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wvtrsr.dll.vir (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6434DEA7-AC5C-4AC7-B49E-FAD7041686AB}\RP967\A0372434.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6434DEA7-AC5C-4AC7-B49E-FAD7041686AB}\RP967\A0372435.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6434DEA7-AC5C-4AC7-B49E-FAD7041686AB}\RP967\A0372448.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6434DEA7-AC5C-4AC7-B49E-FAD7041686AB}\RP967\A0372449.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.

trying to add dds log as an attachment BUT NOT WORKING here is the log!



DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 14:55:56.95 on Tue 10/05/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.77 [GMT -4:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: F-Secure Anti-Virus 2008 8.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [rqpnmnsys] rundll32.exe "wvtrsr.dll",s
uRun: [wvvtsqaudio] rundll32.exe "rqrqqn.dll",s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
mRun: [mlmjkksys] rundll32.exe "wvtrsr.dll",s
mRun: [iihhfgaudio] rundll32.exe "rqrqqn.dll",s
dRun: [hgfeefsys] rundll32.exe "wvtrsr.dll",s
dRun: [cbxvttaudio] rundll32.exe "rqrqqn.dll",s
IE: Add to Media Manager... - c:\program files\mp3 player utilities 4.15\mediamanager\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 wvtrsr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\yf8lhc9y.default\
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-1-21 20744]
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs_x32.sys [2010-7-27 146904]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-9-26 475736]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-1-17 33824]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe [2010-7-1 352976]
R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [2010-3-15 5152]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 portio32;portio32;c:\windows\system32\drivers\portio32.sys [2010-2-25 2048]
S0 CFRMD;CFRMD;c:\windows\system32\drivers\cfrmd.sys --> c:\windows\system32\drivers\CFRMD.sys [?]
S3 0d6A;0d6A;c:\windows\system32\0d6A.sys [2010-4-20 54624]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-1-21 26248]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2001-1-3 19677]

=============== Created Last 30 ================

2010-10-01 18:43:29 0 ---ha-w- c:\windows\system32\rqrqqn.dll
2010-10-01 18:38:14 87040 ---ha-w- c:\windows\system32\wvtrsr.dll
2010-09-27 19:36:23 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-27 04:26:22 0 d-----w- c:\program files\Windows Media Connect 2
2010-09-26 16:38:02 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-09-26 16:38:01 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-09-26 16:35:38 0 d-----w- c:\program files\Kaspersky Lab
2010-09-26 16:35:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2010-09-26 16:31:22 0 d-----w- c:\docume~1\owner\applic~1\ComodoGroup
2010-09-26 16:22:53 0 d-----w- c:\documents and settings\owner\Application DataComodoGroup
2010-09-26 16:21:01 0 d-----w- c:\program files\COMODO
2010-09-26 15:26:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files

==================== Find3M ====================

2010-09-26 17:19:17 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 13:17:06 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 15:49:15 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-03-25 20:03:19 1613477 ----a-w- c:\program files\WinRAR.rar
2010-03-25 20:01:45 716444 ----a-w- c:\program files\Free Music Zilla.rar
2008-07-22 08:34:07 23 --sha-w- c:\windows\system32\ecabe1_z.dll
2008-12-12 01:57:28 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008121120081212\index.dat

============= FINISH: 14:57:45.45 ===============

I did also use combofix but didnt fix anything here is the log

ComboFix 10-10-04.01 - Owner 10/05/2010 0:00.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.272 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: F-Secure Anti-Virus 2008 8.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\rqrqqn.dll
c:\windows\system32\wvtrsr.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-05 to 2010-10-05 )))))))))))))))))))))))))))))))
.

2010-10-01 18:43 . 2010-10-05 08:27 0 ---ha-w- c:\windows\system32\rqrqqn.dll
2010-10-01 18:38 . 2010-10-05 08:27 87040 ---ha-w- c:\windows\system32\wvtrsr.dll
2010-10-01 18:29 . 2010-10-01 18:30 247120 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\uds\uds.dll
2010-10-01 18:29 . 2010-10-01 18:29 132432 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\dnscln\dns_client.dll
2010-09-27 19:36 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-27 19:05 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-09-27 09:38 . 2010-09-27 09:38 1049936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\sw2\klavasyswatch.dll
2010-09-27 04:26 . 2010-10-04 20:56 -------- d-----w- c:\program files\Windows Media Connect 2
2010-09-26 17:02 . 2010-09-26 17:02 989880 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\updater.dll
2010-09-26 17:02 . 2010-09-26 17:02 146104 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\threatsmanager.dll
2010-09-26 17:02 . 2010-09-26 17:02 84664 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\libola.dll
2010-09-26 17:02 . 2010-09-26 17:02 391864 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\klifpp.dll
2010-09-26 17:02 . 2010-09-26 17:02 117432 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\dumpwriter.dll
2010-09-26 17:02 . 2010-09-26 17:02 357096 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\avp.exe
2010-09-26 17:02 . 2010-09-26 17:02 482392 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\sys\i386\5.1\klif.sys
2010-09-26 16:31 . 2010-09-26 16:31 -------- d-----w- c:\documents and settings\Owner\Application Data\ComodoGroup
2010-09-26 16:22 . 2010-09-26 16:22 -------- d-----w- c:\documents and settings\Owner\Application DataComodoGroup
2010-09-26 16:21 . 2010-09-26 16:21 -------- d-----w- c:\program files\COMODO
2010-09-26 15:26 . 2010-09-26 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 08:28 . 2010-09-26 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-10-05 00:13 . 2008-10-21 02:23 -------- d-----w- c:\program files\Viewpoint
2010-10-02 06:01 . 2008-10-02 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-10-01 18:32 . 2010-06-30 22:43 247120 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\uds.dll
2010-10-01 18:30 . 2010-08-17 21:50 288080 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\avengine.dll
2010-10-01 18:30 . 2010-06-30 22:42 132432 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\dns_client.dll
2010-10-01 18:27 . 2010-09-26 16:59 288080 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\av\kdb\i386\win\avengine.dll
2010-09-27 20:43 . 2010-02-26 03:22 -------- d-----w- c:\documents and settings\Owner\Application Data\mIRC
2010-09-27 20:41 . 2010-02-26 03:22 -------- d-----w- c:\program files\mIRC
2010-09-27 19:07 . 2008-04-29 05:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso
2010-09-27 09:38 . 2010-06-30 22:43 1049936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\klavasyswatch.dll
2010-09-26 17:19 . 2003-07-16 20:24 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-09-26 17:02 . 2010-09-26 17:02 989880 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\updater.dll
2010-09-26 17:02 . 2010-09-26 17:02 146104 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\threatsmanager.dll
2010-09-26 17:02 . 2010-09-26 17:02 84664 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\libola.dll
2010-09-26 17:02 . 2010-09-26 17:02 395960 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\klifpp.dll
2010-09-26 17:02 . 2010-09-26 17:02 117432 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\dumpwriter.dll
2010-09-26 17:01 . 2010-09-26 17:01 352976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\avp.exe
2010-09-26 17:01 . 2010-09-26 17:01 475736 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\sys\i386\5.1\klif.sys
2010-09-26 16:38 . 2010-09-26 16:38 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-09-26 16:38 . 2010-09-26 16:38 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-09-26 16:35 . 2010-09-26 16:35 -------- d-----w- c:\program files\Kaspersky Lab
2010-09-26 16:24 . 2008-11-12 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-09-26 16:05 . 2008-07-31 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-09-26 16:05 . 2008-07-22 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-09-26 16:03 . 2008-07-31 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-09-26 15:01 . 2010-02-16 15:08 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-09-23 01:53 . 2009-04-10 02:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Media Player Classic
2010-09-23 01:53 . 2009-03-22 17:45 -------- d-----w- c:\program files\CCleaner
2010-08-27 12:02 . 2010-08-27 12:02 92816 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2011 11.0.1.400\English\setup.exe
2010-08-25 02:26 . 2009-04-10 00:56 -------- d-----w- c:\program files\Free Music Zilla
2010-08-18 18:16 . 2010-08-18 18:16 271696 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\sys_critical_obj.dll
2010-08-17 13:17 . 2003-07-16 20:46 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-09 14:15 . 2010-08-09 14:15 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-37cd5378-n\msvcp71.dll
2010-08-09 14:15 . 2010-08-09 14:15 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-37cd5378-n\jmc.dll
2010-08-09 14:15 . 2010-08-09 14:15 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-37cd5378-n\msvcr71.dll
2010-08-09 14:13 . 2010-08-09 14:13 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3e06d4b8-n\decora-sse.dll
2010-08-09 14:13 . 2010-08-09 14:13 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3e06d4b8-n\decora-d3d.dll
2010-07-22 15:49 . 2002-11-07 21:47 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-16 14:06 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-03-25 20:03 . 2010-03-25 20:03 1613477 ----a-w- c:\program files\WinRAR.rar
2010-03-25 20:01 . 2010-03-25 20:01 716444 ----a-w- c:\program files\Free Music Zilla.rar
2008-07-22 08:34 . 2008-07-22 08:34 23 --sha-w- c:\windows\system32\ecabe1_z.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rqpnmnsys"="wvtrsr.dll" [2010-10-05 87040]
"wvvtsqaudio"="rqrqqn.dll" [2010-10-05 0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-05 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-09-26 352976]
"mlmjkksys"="wvtrsr.dll" [2010-10-05 87040]
"iihhfgaudio"="rqrqqn.dll" [2010-10-05 0]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"hgfeefsys"="wvtrsr.dll" [2010-10-05 87040]
"cbxvttaudio"="rqrqqn.dll" [2010-10-05 0]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvtrsr.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2007-05-17 18:45 279912 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-07-28 14:18 413696 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2007-04-10 18:46 709992 ----a-w- c:\windows\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [1/21/2008 8:28 PM 20744]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs_x32.sys [7/27/2010 11:34 AM 146904]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 5:43 PM 11352]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [1/17/2010 8:16 PM 33824]
R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [3/15/2010 3:11 PM 5152]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/7/2010 12:06 PM 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 8:27 PM 19472]
R3 portio32;portio32;c:\windows\system32\drivers\portio32.sys [2/25/2010 5:34 PM 2048]
S0 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys --> c:\windows\system32\drivers\CFRMD.sys [?]
S3 0d6A;0d6A;c:\windows\system32\0d6A.sys [4/20/2010 6:35 PM 54624]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/7/2008 1:44 PM 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [1/21/2008 8:28 PM 26248]
.
Contents of the 'Scheduled Tasks' folder

2010-10-04 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-03-09 19:41]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.15\MediaManager\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1482476501-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A713ECC3-4DD3-48A5-E256-A22F2C88BCD5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\rqrqqn.dll
c:\windows\system32\wvtrsr.dll

- - - - - - - > 'explorer.exe'(2600)
c:\windows\system32\WININET.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Completion time: 2010-10-05 04:33:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-05 08:33
ComboFix2.txt 2010-04-20 05:00
ComboFix3.txt 2010-04-20 02:15

Pre-Run: 30,428,659,712 bytes free
Post-Run: 30,251,073,536 bytes free

Current=1 Default=1 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - AAA6149746FD9D959229F5386BE5AD0A
Posted 10/6/2010 6:55 AM
#89293
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello :smile:





Open notepad and copy/paste the text in the codebox below into it:

Name the file as CFScript
and Save it on the desktop






[code]
Snapshot::
Rootkit::
c:\windows\system32\rqrqqn.dll
c:\windows\system32\wvtrsr.dll
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rqpnmnsys"=-
"wvvtsqaudio”=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mlmjkksys"=-
"iihhfgaudio"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"hgfeefsys"=-
"cbxvttaudio"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
[/code]



User image



Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.



Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/6/2010 3:00 PM
#89300
User avatar

brifye24 Valued member

Date Joined Nov 2016
Total Posts: 18
Ok I Dragged the txt file to Combofix.exe, I just want to note something It says that avg internet security is running but I cannot even find it in the add/remove programs or even when I run revo Uninstaller. I did a search of all AVG files in windows I tried to delete them but I got the access denied Write protection error. At any rate here is my log and thank you for your time.

ComboFix 10-10-05.05 - Owner 10/06/2010 10:29:05.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.237 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: F-Secure Anti-Virus 2008 8.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\rqrqqn.dll
c:\windows\system32\yaaaax.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-06 to 2010-10-06 )))))))))))))))))))))))))))))))
.

2010-10-05 19:33 . 2010-10-06 14:44 114688 ---ha-w- c:\windows\system32\yaaaax.dll
2010-10-01 18:29 . 2010-10-01 18:30 247120 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\uds\uds.dll
2010-10-01 18:29 . 2010-10-01 18:29 132432 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\dnscln\dns_client.dll
2010-09-27 19:36 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-27 19:05 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-09-27 09:38 . 2010-09-27 09:38 1049936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\sw2\klavasyswatch.dll
2010-09-27 04:26 . 2010-10-04 20:56 -------- d-----w- c:\program files\Windows Media Connect 2
2010-09-26 17:02 . 2010-09-26 17:02 989880 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\updater.dll
2010-09-26 17:02 . 2010-09-26 17:02 146104 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\threatsmanager.dll
2010-09-26 17:02 . 2010-09-26 17:02 84664 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\libola.dll
2010-09-26 17:02 . 2010-09-26 17:02 391864 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\klifpp.dll
2010-09-26 17:02 . 2010-09-26 17:02 117432 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\dumpwriter.dll
2010-09-26 17:02 . 2010-09-26 17:02 357096 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\avp.exe
2010-09-26 17:02 . 2010-09-26 17:02 482392 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\sys\i386\5.1\klif.sys
2010-09-26 16:31 . 2010-09-26 16:31 -------- d-----w- c:\documents and settings\Owner\Application Data\ComodoGroup
2010-09-26 16:22 . 2010-09-26 16:22 -------- d-----w- c:\documents and settings\Owner\Application DataComodoGroup
2010-09-26 16:21 . 2010-09-26 16:21 -------- d-----w- c:\program files\COMODO
2010-09-26 15:26 . 2010-09-26 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-06 14:44 . 2010-09-26 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-10-05 19:40 . 2009-12-30 22:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-05 19:09 . 2010-06-10 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-10-05 19:09 . 2008-10-21 02:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Aim
2010-10-05 19:08 . 2010-06-10 03:39 -------- d-----w- c:\program files\Common Files\AOL
2010-10-05 19:07 . 2008-05-08 02:09 -------- d-----w- c:\program files\Java
2010-10-05 19:03 . 2008-05-08 02:09 -------- d-----w- c:\program files\Common Files\Java
2010-10-05 18:53 . 2009-03-22 17:45 -------- d-----w- c:\program files\CCleaner
2010-10-05 00:13 . 2008-10-21 02:23 -------- d-----w- c:\program files\Viewpoint
2010-10-02 06:01 . 2008-10-02 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-10-01 18:32 . 2010-06-30 22:43 247120 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\uds.dll
2010-10-01 18:30 . 2010-08-17 21:50 288080 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\avengine.dll
2010-10-01 18:30 . 2010-06-30 22:42 132432 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\dns_client.dll
2010-10-01 18:27 . 2010-09-26 16:59 288080 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\av\kdb\i386\win\avengine.dll
2010-09-27 20:43 . 2010-02-26 03:22 -------- d-----w- c:\documents and settings\Owner\Application Data\mIRC
2010-09-27 20:41 . 2010-02-26 03:22 -------- d-----w- c:\program files\mIRC
2010-09-27 19:07 . 2008-04-29 05:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso
2010-09-27 09:38 . 2010-06-30 22:43 1049936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\klavasyswatch.dll
2010-09-26 17:19 . 2003-07-16 20:24 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-09-26 17:02 . 2010-09-26 17:02 989880 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\updater.dll
2010-09-26 17:02 . 2010-09-26 17:02 146104 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\threatsmanager.dll
2010-09-26 17:02 . 2010-09-26 17:02 84664 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\libola.dll
2010-09-26 17:02 . 2010-09-26 17:02 395960 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\klifpp.dll
2010-09-26 17:02 . 2010-09-26 17:02 117432 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\dumpwriter.dll
2010-09-26 17:01 . 2010-09-26 17:01 352976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\avp.exe
2010-09-26 17:01 . 2010-09-26 17:01 475736 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\sys\i386\5.1\klif.sys
2010-09-26 16:38 . 2010-09-26 16:38 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-09-26 16:38 . 2010-09-26 16:38 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-09-26 16:35 . 2010-09-26 16:35 -------- d-----w- c:\program files\Kaspersky Lab
2010-09-26 16:24 . 2008-11-12 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-09-26 16:05 . 2008-07-31 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-09-26 16:05 . 2008-07-22 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-09-26 16:03 . 2008-07-31 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-09-26 15:01 . 2010-02-16 15:08 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-09-23 01:53 . 2009-04-10 02:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Media Player Classic
2010-08-27 12:02 . 2010-08-27 12:02 92816 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2011 11.0.1.400\English\setup.exe
2010-08-25 02:26 . 2009-04-10 00:56 -------- d-----w- c:\program files\Free Music Zilla
2010-08-18 18:16 . 2010-08-18 18:16 271696 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\sys_critical_obj.dll
2010-08-17 13:17 . 2003-07-16 20:46 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-09 14:15 . 2010-08-09 14:15 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-37cd5378-n\msvcp71.dll
2010-08-09 14:15 . 2010-08-09 14:15 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-37cd5378-n\jmc.dll
2010-08-09 14:15 . 2010-08-09 14:15 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-37cd5378-n\msvcr71.dll
2010-08-09 14:13 . 2010-08-09 14:13 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3e06d4b8-n\decora-sse.dll
2010-08-09 14:13 . 2010-08-09 14:13 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3e06d4b8-n\decora-d3d.dll
2010-07-22 15:49 . 2002-11-07 21:47 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-16 14:06 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 09:00 . 2010-04-16 15:35 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-25 20:03 . 2010-03-25 20:03 1613477 ----a-w- c:\program files\WinRAR.rar
2010-03-25 20:01 . 2010-03-25 20:01 716444 ----a-w- c:\program files\Free Music Zilla.rar
2008-07-22 08:34 . 2008-07-22 08:34 23 --sha-w- c:\windows\system32\ecabe1_z.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pmlihgaudio"="yaaaax.dll" [2010-10-06 114688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-05 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-09-26 352976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ssrrqnaudio"="yaaaax.dll" [2010-10-06 114688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"jkkhfgaudio"="yaaaax.dll" [2010-10-06 114688]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2007-05-17 18:45 279912 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-07-28 14:18 413696 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2007-04-10 18:46 709992 ----a-w- c:\windows\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [1/21/2008 8:28 PM 20744]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs_x32.sys [7/27/2010 11:34 AM 146904]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 5:43 PM 11352]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [1/17/2010 8:16 PM 33824]
R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [3/15/2010 3:11 PM 5152]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/7/2010 12:06 PM 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 8:27 PM 19472]
R3 portio32;portio32;c:\windows\system32\drivers\portio32.sys [2/25/2010 5:34 PM 2048]
S0 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys --> c:\windows\system32\drivers\CFRMD.sys [?]
S3 0d6A;0d6A;c:\windows\system32\0d6A.sys [4/20/2010 6:35 PM 54624]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/7/2008 1:44 PM 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [1/21/2008 8:28 PM 26248]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [1/3/2001 12:53 AM 19677]
.
Contents of the 'Scheduled Tasks' folder

2010-10-05 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-03-09 19:41]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.15\MediaManager\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-tutuvvsys - wvtrsr.dll
HKU-Default-Run-cbyayysys - wvtrsr.dll


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1482476501-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A713ECC3-4DD3-48A5-E256-A22F2C88BCD5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\yaaaax.dll

- - - - - - - > 'explorer.exe'(3272)
c:\windows\system32\WININET.dll
c:\windows\system32\yaaaax.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\rundll32.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Completion time: 2010-10-06 10:49:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-06 14:49
ComboFix2.txt 2010-10-05 08:33
ComboFix3.txt 2010-04-20 05:00
ComboFix4.txt 2010-04-20 02:15

Pre-Run: 30,260,445,184 bytes free
Post-Run: 30,248,218,624 bytes free

Current=1 Default=1 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - E1915CB0B0679C4B2AAF62BF23995BC3
Posted 10/7/2010 2:55 AM
#89320
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hmm, it seems to be stubborn :rolleyes:





Please run: [color=#222222][3]https://www.superantispyware.com/onlinescan.html[/3][/color]

Follow the instructions on the site. When downloaded, click on – Check for updates – Button.

Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining.
Ignore System Restore/Volume Information on ME and XP
Please leave the others unchecked.

On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click
NO.



When the scan have finished ->

Click Preferences . Click the Statistics/Logs tab .
Under Scanner Logs , double-click SUPERAntiSpyware Scan Log .
It will open in your default text editor (such as Notepad/Wordpad).

· Save the logfile to desktop

· Click close and close again to exit the program.

Reboot, if needed.

Post Superantispyware log in next reply.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/7/2010 4:49 PM
#89325
User avatar

brifye24 Valued member

Date Joined Nov 2016
Total Posts: 18
Okay Ran the program and oh boy was there alot of junk it found. Here is the log



SUPERAntiSpyware Scan Log
https://www.superantispyware.com

Generated 10/07/2010 at 12:31 PM

Application Version : 4.44.1000

Core Rules Database Version : 5648
Trace Rules Database Version: 3460

Scan type : Complete Scan
Total Scan Time : 01:17:44

Memory items scanned : 446
Memory threats detected : 0
Registry items scanned : 7493
Registry threats detected : 32
File items scanned : 74213
File threats detected : 292

Application.Oreans32
HKLM\System\ControlSet001\Services\oreans32
C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_oreans32
HKLM\System\ControlSet005\Services\oreans32
HKLM\System\ControlSet005\Enum\Root\LEGACY_oreans32
HKLM\System\CurrentControlSet\Services\oreans32
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_oreans32

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cdn.at.atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt
C:\Documents and Settings\Owner\Cookies\owner@at.atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ar.atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
media.scanscout.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\PA7MDUF8 ]
counter.surfcounters.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.xiti.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
clicktorrent.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
clicktorrent.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
clicktorrent.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
clicktorrent.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
clicktorrent.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
clicktorrent.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
adserver.adreactor.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
clicktorrent.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
clicktorrent.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
clicktorrent.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
clicktorrent.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
clicktorrent.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
clicktorrent.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
clicktorrent.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
ads.bootcampmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
ads.bootcampmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
ads.bootcampmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
clicktorrent.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
clicktorrent.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.slaysbanner691.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
clicktorrent.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
clicktorrent.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
clicktorrent.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
clicktorrent.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
clicktorrent.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
clicktorrent.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
clicktorrent.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
clicktorrent.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
clicktorrent.info [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.chitika.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
.smartadserver.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
ext-us.bestofmedia.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tis7hpkx.default\cookies.sqlite ]
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@at.atwola[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@collective-media[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@content.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@insightexpressai[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pointroll[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@redorbit[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[2].txt
ia.media-imdb.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\KPVSUQK3 ]
media1.shufuni.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\KPVSUQK3 ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.advertise.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
gr.burstnet.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.www.burstnet.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
www.burstnet.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
www.burstbeacon.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.burstbeacon.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.adlegend.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.adlegend.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.mediabrandsww.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.adecn.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.yieldmanager.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.intermundomedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.intermundomedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
ads.bridgetrack.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
ads.bridgetrack.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
ads.bridgetrack.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.pornhub.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.pornhub.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.pornhub.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.pornhub.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.delivery.trafficjunky.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.pornhublive.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
www.pornhublive.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.247realmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.oasn04.247realmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.a1.interclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.microsoftwga.112.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
user.lucidmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.avgtechnologies.112.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.lucidmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.videoegg.adbureau.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.medhelpinternational.112.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.media.medhelp.org [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.shopica.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.pornhub.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.pornhub.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
www.pornhub.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
1.l.w.cltomedia.info [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.cltomedia.info [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
cltomedia.info [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.pornhubpremium.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.pornhubpremium.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.pornhubpremium.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
googleads.g.doubleclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.clickfuse.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
dc.tremormedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.cunttt.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.cunttt.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
sexier.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
sexier.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
sexier.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.ero-advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.cunttt.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.pornhub.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\cookies.sqlite ]

Unclassified.Oreans32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#ActiveService
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance

Trojan.Agent/Gen-Alureon
HKU\S-1-5-19\Software\h8srt
HKU\S-1-5-20\Software\h8srt

Trojan.Agent/Gen-Keygen
C:\PROGRAM FILES\BITLORD\DOWNLOADS\CONVERTX TO DVD 3.6.13.187 AND KEYGEN\KEYGEN.EXE
Posted 10/7/2010 4:51 PM
#89326
User avatar

brifye24 Valued member

Date Joined Nov 2016
Total Posts: 18
Just to note I'm still getting redirected when I click on a link from google to an advertising site. So annoying!
Posted 10/8/2010 5:02 AM
#89331
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Open notepad and copy/paste the text in the codebox below into it:

Name the file as CFScript
and Save it on the desktop



Code:
[color=#0000ff>

[code]
https://forum.bullguard.com/forum/10/Google-Re-directing-virus-and-_89288.html]Snapshot::
Driver::
0d6A
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pmlihgaudio"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ssrrqnaudio”=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"jkkhfgaudio"=-

Collect::
c:\windows\system32\yaaaax.dll
c:\windows\system32\0d6A.sys
[/code]
[/color][/url]


User image



Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.



When ComboFix has finished its scan / cleaning opens a ComboFix log along with a small message box. Now click OK in the message box to upload the compiled files for further analysis (you must have an Internet connection to upload files).



Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/8/2010 2:54 PM
#89346
User avatar

brifye24 Valued member

Date Joined Nov 2016
Total Posts: 18
Ok ran Combofix Here is the log but first I want to thank you for taking the time to help it's very appreciated.



ComboFix 10-10-07.02 - Owner 10/08/2010 10:22:54.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.289 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: F-Secure Anti-Virus 2008 8.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

file zipped: c:\windows\system32\0d6A.sys
file zipped: c:\windows\system32\yaaaax.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\0d6A.sys
c:\windows\system32\yaaaax.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_0D6A
-------\Service_0d6A


((((((((((((((((((((((((( Files Created from 2010-09-08 to 2010-10-08 )))))))))))))))))))))))))))))))
.

2010-10-07 15:06 . 2010-10-07 15:06 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-10-07 15:06 . 2010-10-07 15:06 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-10-07 15:06 . 2010-10-07 15:06 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-10-07 15:05 . 2010-10-07 15:05 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-10-07 15:05 . 2010-10-07 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-07 15:05 . 2010-10-07 15:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-05 19:33 . 2010-10-08 14:39 114688 ---ha-w- c:\windows\system32\yaaaax.dll
2010-10-01 18:29 . 2010-10-01 18:30 247120 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\uds\uds.dll
2010-10-01 18:29 . 2010-10-01 18:29 132432 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\dnscln\dns_client.dll
2010-09-27 19:36 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-27 19:05 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-09-27 09:38 . 2010-09-27 09:38 1049936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\sw2\klavasyswatch.dll
2010-09-27 04:26 . 2010-10-04 20:56 -------- d-----w- c:\program files\Windows Media Connect 2
2010-09-26 17:02 . 2010-09-26 17:02 989880 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\updater.dll
2010-09-26 17:02 . 2010-09-26 17:02 146104 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\threatsmanager.dll
2010-09-26 17:02 . 2010-09-26 17:02 84664 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\libola.dll
2010-09-26 17:02 . 2010-09-26 17:02 391864 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\klifpp.dll
2010-09-26 17:02 . 2010-09-26 17:02 117432 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\dumpwriter.dll
2010-09-26 17:02 . 2010-09-26 17:02 357096 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\avp.exe
2010-09-26 17:02 . 2010-09-26 17:02 482392 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\sys\i386\5.1\klif.sys
2010-09-26 16:31 . 2010-09-26 16:31 -------- d-----w- c:\documents and settings\Owner\Application Data\ComodoGroup
2010-09-26 16:22 . 2010-09-26 16:22 -------- d-----w- c:\documents and settings\Owner\Application DataComodoGroup
2010-09-26 16:21 . 2010-09-26 16:21 -------- d-----w- c:\program files\COMODO
2010-09-26 15:26 . 2010-09-26 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-08 14:39 . 2010-09-26 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-10-07 05:25 . 2008-10-21 02:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Aim
2010-10-05 19:40 . 2009-12-30 22:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-05 19:09 . 2010-06-10 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-10-05 19:08 . 2010-06-10 03:39 -------- d-----w- c:\program files\Common Files\AOL
2010-10-05 19:07 . 2008-05-08 02:09 -------- d-----w- c:\program files\Java
2010-10-05 19:03 . 2008-05-08 02:09 -------- d-----w- c:\program files\Common Files\Java
2010-10-05 18:53 . 2009-03-22 17:45 -------- d-----w- c:\program files\CCleaner
2010-10-05 00:13 . 2008-10-21 02:23 -------- d-----w- c:\program files\Viewpoint
2010-10-02 06:01 . 2008-10-02 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-10-01 18:32 . 2010-06-30 22:43 247120 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\uds.dll
2010-10-01 18:30 . 2010-08-17 21:50 288080 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\avengine.dll
2010-10-01 18:30 . 2010-06-30 22:42 132432 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\dns_client.dll
2010-10-01 18:27 . 2010-09-26 16:59 288080 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\av\kdb\i386\win\avengine.dll
2010-09-27 20:43 . 2010-02-26 03:22 -------- d-----w- c:\documents and settings\Owner\Application Data\mIRC
2010-09-27 20:41 . 2010-02-26 03:22 -------- d-----w- c:\program files\mIRC
2010-09-27 19:07 . 2008-04-29 05:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso
2010-09-27 09:38 . 2010-06-30 22:43 1049936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\klavasyswatch.dll
2010-09-26 17:19 . 2003-07-16 20:24 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-09-26 17:02 . 2010-09-26 17:02 989880 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\updater.dll
2010-09-26 17:02 . 2010-09-26 17:02 146104 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\threatsmanager.dll
2010-09-26 17:02 . 2010-09-26 17:02 84664 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\libola.dll
2010-09-26 17:02 . 2010-09-26 17:02 395960 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\klifpp.dll
2010-09-26 17:02 . 2010-09-26 17:02 117432 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\dumpwriter.dll
2010-09-26 17:01 . 2010-09-26 17:01 352976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\avp.exe
2010-09-26 17:01 . 2010-09-26 17:01 475736 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\sys\i386\5.1\klif.sys
2010-09-26 16:38 . 2010-09-26 16:38 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-09-26 16:38 . 2010-09-26 16:38 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-09-26 16:35 . 2010-09-26 16:35 -------- d-----w- c:\program files\Kaspersky Lab
2010-09-26 16:24 . 2008-11-12 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-09-26 16:05 . 2008-07-31 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-09-26 16:05 . 2008-07-22 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-09-26 16:03 . 2008-07-31 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-09-26 15:01 . 2010-02-16 15:08 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-09-23 01:53 . 2009-04-10 02:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Media Player Classic
2010-08-27 12:02 . 2010-08-27 12:02 92816 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2011 11.0.1.400\English\setup.exe
2010-08-25 02:26 . 2009-04-10 00:56 -------- d-----w- c:\program files\Free Music Zilla
2010-08-18 18:16 . 2010-08-18 18:16 271696 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\sys_critical_obj.dll
2010-08-17 13:17 . 2003-07-16 20:46 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-09 14:15 . 2010-08-09 14:15 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-37cd5378-n\msvcp71.dll
2010-08-09 14:15 . 2010-08-09 14:15 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-37cd5378-n\jmc.dll
2010-08-09 14:15 . 2010-08-09 14:15 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-37cd5378-n\msvcr71.dll
2010-08-09 14:13 . 2010-08-09 14:13 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3e06d4b8-n\decora-sse.dll
2010-08-09 14:13 . 2010-08-09 14:13 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3e06d4b8-n\decora-d3d.dll
2010-07-22 15:49 . 2002-11-07 21:47 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-16 14:06 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 09:00 . 2010-04-16 15:35 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-25 20:03 . 2010-03-25 20:03 1613477 ----a-w- c:\program files\WinRAR.rar
2010-03-25 20:01 . 2010-03-25 20:01 716444 ----a-w- c:\program files\Free Music Zilla.rar
2008-07-22 08:34 . 2008-07-22 08:34 23 --sha-w- c:\windows\system32\ecabe1_z.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iiijifaudio"="yaaaax.dll" [2010-10-08 114688]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-05 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-09-26 352976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ddayxuaudio"="yaaaax.dll" [2010-10-08 114688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"mlihghaudio"="yaaaax.dll" [2010-10-08 114688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2007-05-17 18:45 279912 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-07-28 14:18 413696 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2007-04-10 18:46 709992 ----a-w- c:\windows\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [1/21/2008 8:28 PM 20744]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs_x32.sys [7/27/2010 11:34 AM 146904]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 5:43 PM 11352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [3/15/2010 3:11 PM 5152]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/7/2010 12:06 PM 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 8:27 PM 19472]
R3 portio32;portio32;c:\windows\system32\drivers\portio32.sys [2/25/2010 5:34 PM 2048]
S0 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys --> c:\windows\system32\drivers\CFRMD.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/7/2008 1:44 PM 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [1/21/2008 8:28 PM 26248]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [1/3/2001 12:53 AM 19677]
.
Contents of the 'Scheduled Tasks' folder

2010-10-07 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-03-09 19:41]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.15\MediaManager\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1482476501-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A713ECC3-4DD3-48A5-E256-A22F2C88BCD5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(956)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\yaaaax.dll

- - - - - - - > 'explorer.exe'(2460)
c:\windows\system32\WININET.dll
c:\windows\system32\yaaaax.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\dfshim.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\rundll32.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Completion time: 2010-10-08 10:45:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-08 14:45
ComboFix2.txt 2010-10-06 14:49
ComboFix3.txt 2010-10-05 08:33
ComboFix4.txt 2010-04-20 05:00
ComboFix5.txt 2010-10-08 14:19

Pre-Run: 28,399,755,264 bytes free
Post-Run: 28,381,704,192 bytes free

Current=1 Default=1 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 2B84693898981CEAE7FBD900312843CD
Upload was successful
Posted 10/8/2010 4:39 PM
#89350
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
I have some suspicions that this could be a rootkit we are dealing with.



[3][color=#0000ff>https://support.kaspersky.com/downloads/utils/tdsskiller.zip[/3][/color]

[color=#0000ff>https://ad13.geekstogo.com/MBRCheck.exe[/3][/color][/color]
to download AD13's MBRCheck.exe. Then right click that file, and select "Run as administrator". Follow the prompts, and post back here the log it should have created on your desktop

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/9/2010 3:55 AM
#89354
User avatar

brifye24 Valued member

Date Joined Nov 2016
Total Posts: 18
Ok I ran both In TDSSKiller there wasn't any threats found here is the log.

2010/10/08 23:43:50.0140 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/08 23:43:50.0140 ================================================================================
2010/10/08 23:43:50.0140 SystemInfo:
2010/10/08 23:43:50.0140
2010/10/08 23:43:50.0140 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/08 23:43:50.0140 Product type: Workstation
2010/10/08 23:43:50.0140 ComputerName: BRIAN
2010/10/08 23:43:50.0140 UserName: Owner
2010/10/08 23:43:50.0140 Windows directory: C:\WINDOWS
2010/10/08 23:43:50.0140 System windows directory: C:\WINDOWS
2010/10/08 23:43:50.0140 Processor architecture: Intel x86
2010/10/08 23:43:50.0140 Number of processors: 1
2010/10/08 23:43:50.0140 Page size: 0x1000
2010/10/08 23:43:50.0140 Boot type: Normal boot
2010/10/08 23:43:50.0140 ================================================================================
2010/10/08 23:43:52.0390 Initialize success
2010/10/08 23:43:59.0468 ================================================================================
2010/10/08 23:43:59.0468 Scan started
2010/10/08 23:43:59.0468 Mode: Manual;
2010/10/08 23:43:59.0468 ================================================================================
2010/10/08 23:44:02.0921 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/08 23:44:03.0078 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/08 23:44:03.0437 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/08 23:44:03.0625 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/08 23:44:04.0312 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2010/10/08 23:44:04.0531 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/08 23:44:04.0671 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/08 23:44:04.0937 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/08 23:44:05.0156 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/08 23:44:05.0281 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/08 23:44:05.0468 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/10/08 23:44:05.0609 BtHidBus (ce441ccd98c5ecb10cb12fcaf97322ec) C:\WINDOWS\system32\Drivers\BtHidBus.sys
2010/10/08 23:44:05.0828 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2010/10/08 23:44:05.0953 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/10/08 23:44:06.0171 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/10/08 23:44:06.0375 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/10/08 23:44:06.0546 btnetBUs (d3c277a51ef9e2ec972d6221f99c0b6d) C:\WINDOWS\system32\Drivers\btnetBus.sys
2010/10/08 23:44:06.0828 CbFs (a743ae6f67fe1250019222afe3310d2b) C:\WINDOWS\system32\drivers\cbfs_x32.sys
2010/10/08 23:44:07.0062 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/08 23:44:07.0250 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/08 23:44:07.0484 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/08 23:44:07.0625 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/08 23:44:07.0828 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/08 23:44:08.0406 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/08 23:44:08.0625 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/08 23:44:08.0828 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/08 23:44:08.0968 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/08 23:44:09.0250 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/08 23:44:09.0437 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/08 23:44:09.0546 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/10/08 23:44:09.0765 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/08 23:44:09.0968 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/10/08 23:44:10.0093 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/08 23:44:10.0203 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/08 23:44:10.0515 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/08 23:44:10.0906 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/08 23:44:11.0031 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\WINDOWS\system32\drivers\ftdibus.sys
2010/10/08 23:44:11.0234 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/08 23:44:11.0437 FTSER2K (596d31583ce332b5514520d74837f434) C:\WINDOWS\system32\drivers\ftser2k.sys
2010/10/08 23:44:11.0671 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/08 23:44:11.0796 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2010/10/08 23:44:12.0046 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/08 23:44:12.0234 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/08 23:44:12.0546 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/08 23:44:12.0671 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/10/08 23:44:12.0984 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/08 23:44:13.0203 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/08 23:44:13.0421 io.sys (5e333b8c20fb4a48c8ca3cf3489cd235) C:\WINDOWS\system32\drivers\io.sys
2010/10/08 23:44:13.0531 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/08 23:44:13.0718 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/08 23:44:13.0828 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/08 23:44:13.0937 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/08 23:44:14.0156 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/08 23:44:14.0328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/08 23:44:14.0578 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/08 23:44:14.0703 IvtBtBUs (71e1fc547cc488d5cd7bf0860c96f5af) C:\WINDOWS\system32\Drivers\IvtBtBus.sys
2010/10/08 23:44:14.0921 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/08 23:44:15.0046 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/08 23:44:15.0171 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\WINDOWS\system32\DRIVERS\kl1.sys
2010/10/08 23:44:15.0328 kl2 (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys
2010/10/08 23:44:15.0468 KLIF (395a295fd9ea657b4a3621e402cc56c5) C:\WINDOWS\system32\DRIVERS\klif.sys
2010/10/08 23:44:15.0671 klim5 (8d6e11bfa9927978d25b1b8029554f07) C:\WINDOWS\system32\DRIVERS\klim5.sys
2010/10/08 23:44:15.0828 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2010/10/08 23:44:16.0062 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/08 23:44:16.0234 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/08 23:44:16.0578 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/08 23:44:16.0687 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/08 23:44:16.0796 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/10/08 23:44:16.0921 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/08 23:44:17.0125 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/08 23:44:17.0265 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/08 23:44:17.0500 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/08 23:44:17.0656 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/08 23:44:17.0875 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/08 23:44:18.0046 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/08 23:44:18.0171 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/08 23:44:18.0312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/08 23:44:18.0531 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/08 23:44:18.0656 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/08 23:44:18.0843 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/08 23:44:18.0937 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/08 23:44:19.0156 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/08 23:44:19.0250 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/08 23:44:19.0359 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/08 23:44:19.0515 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/08 23:44:19.0718 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/08 23:44:19.0890 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/08 23:44:20.0046 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/08 23:44:20.0203 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/08 23:44:20.0843 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/08 23:44:20.0984 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/08 23:44:21.0187 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/08 23:44:21.0421 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/08 23:44:21.0578 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/08 23:44:21.0859 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2010/10/08 23:44:22.0031 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2010/10/08 23:44:22.0203 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2010/10/08 23:44:22.0468 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/08 23:44:22.0562 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/08 23:44:22.0656 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/08 23:44:22.0906 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/08 23:44:23.0015 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/08 23:44:23.0156 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/08 23:44:23.0406 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/10/08 23:44:23.0937 portio32 (09687a361c9f1418973a4ae17d2f52cc) C:\WINDOWS\system32\drivers\portio32.sys
2010/10/08 23:44:24.0109 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/08 23:44:24.0359 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/08 23:44:24.0500 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/08 23:44:24.0750 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/08 23:44:25.0109 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/08 23:44:25.0359 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/08 23:44:25.0515 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/08 23:44:25.0656 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/08 23:44:25.0859 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/08 23:44:26.0062 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/08 23:44:26.0203 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/08 23:44:26.0421 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/08 23:44:26.0546 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/10/08 23:44:26.0750 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/10/08 23:44:27.0000 SAMFILT (2e4164df4c460edf11232d893f3ce007) C:\WINDOWS\system32\drivers\samfilt.sys
2010/10/08 23:44:27.0156 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/10/08 23:44:27.0218 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/10/08 23:44:27.0468 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/08 23:44:27.0640 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2010/10/08 23:44:27.0921 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/08 23:44:28.0046 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/08 23:44:28.0281 SetupSys (edbecd7f71e40521c8685f0b1f96d3a0) C:\WINDOWS\system32\drivers\SetupSys.sys
2010/10/08 23:44:28.0406 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/08 23:44:28.0687 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/08 23:44:28.0843 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
2010/10/08 23:44:28.0968 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/10/08 23:44:29.0234 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/08 23:44:29.0421 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2010/10/08 23:44:29.0640 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/08 23:44:29.0890 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/08 23:44:30.0156 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/08 23:44:30.0265 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/08 23:44:30.0468 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/08 23:44:30.0921 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/08 23:44:31.0171 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/08 23:44:31.0312 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/08 23:44:31.0453 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/08 23:44:31.0640 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/08 23:44:31.0953 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/08 23:44:32.0093 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/08 23:44:32.0375 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/10/08 23:44:32.0468 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/08 23:44:32.0671 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/08 23:44:32.0828 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/08 23:44:33.0031 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/08 23:44:33.0140 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/08 23:44:33.0359 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/08 23:44:33.0484 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/10/08 23:44:33.0671 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2010/10/08 23:44:33.0843 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/08 23:44:34.0203 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/08 23:44:34.0468 VX3000 (13acfed0e6adca97440169dfd127ebcf) C:\WINDOWS\system32\DRIVERS\VX3000.sys
2010/10/08 23:44:34.0718 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/08 23:44:34.0906 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2010/10/08 23:44:35.0046 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/08 23:44:35.0375 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/10/08 23:44:35.0500 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/08 23:44:35.0703 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/08 23:44:35.0828 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/08 23:44:36.0031 xbreader (05a74d2be6f493c65d7221d1d0e8a23c) C:\WINDOWS\system32\Drivers\xbreader.sys
2010/10/08 23:44:36.0375 ================================================================================
2010/10/08 23:44:36.0375 Scan finished
2010/10/08 23:44:36.0375 ================================================================================
2010/10/08 23:45:23.0156 ================================================================================
2010/10/08 23:45:23.0156 Scan started
2010/10/08 23:45:23.0156 Mode: Manual;
2010/10/08 23:45:23.0156 ================================================================================
2010/10/08 23:45:31.0734 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/08 23:45:32.0359 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/08 23:45:33.0296 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/08 23:45:34.0250 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/08 23:45:38.0515 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2010/10/08 23:45:39.0078 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/08 23:45:39.0406 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/08 23:45:40.0437 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/08 23:45:40.0953 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/08 23:45:41.0765 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/08 23:45:42.0765 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/10/08 23:45:43.0265 BtHidBus (ce441ccd98c5ecb10cb12fcaf97322ec) C:\WINDOWS\system32\Drivers\BtHidBus.sys
2010/10/08 23:45:43.0781 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2010/10/08 23:45:44.0390 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/10/08 23:45:45.0140 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/10/08 23:45:45.0703 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/10/08 23:45:46.0234 btnetBUs (d3c277a51ef9e2ec972d6221f99c0b6d) C:\WINDOWS\system32\Drivers\btnetBus.sys
2010/10/08 23:45:47.0421 CbFs (a743ae6f67fe1250019222afe3310d2b) C:\WINDOWS\system32\drivers\cbfs_x32.sys
2010/10/08 23:45:48.0203 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/08 23:45:51.0812 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/08 23:45:52.0546 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/08 23:45:54.0437 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/08 23:45:54.0921 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/08 23:45:57.0515 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/08 23:45:58.0515 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/08 23:45:59.0359 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/08 23:45:59.0984 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/08 23:46:01.0625 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/08 23:46:02.0500 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/08 23:46:02.0859 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/10/08 23:46:04.0312 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/08 23:46:05.0796 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/10/08 23:46:06.0000 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/08 23:46:06.0296 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/08 23:46:06.0625 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/08 23:46:06.0921 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/08 23:46:07.0203 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\WINDOWS\system32\drivers\ftdibus.sys
2010/10/08 23:46:08.0140 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/08 23:46:08.0437 FTSER2K (596d31583ce332b5514520d74837f434) C:\WINDOWS\system32\drivers\ftser2k.sys
2010/10/08 23:46:08.0953 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/08 23:46:09.0218 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2010/10/08 23:46:09.0984 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/08 23:46:10.0312 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/08 23:46:10.0656 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/08 23:46:10.0890 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/10/08 23:46:11.0515 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/08 23:46:11.0937 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/08 23:46:12.0218 io.sys (5e333b8c20fb4a48c8ca3cf3489cd235) C:\WINDOWS\system32\drivers\io.sys
2010/10/08 23:46:12.0359 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/08 23:46:12.0484 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/08 23:46:13.0125 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/08 23:46:13.0218 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/08 23:46:13.0671 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/08 23:46:14.0015 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/08 23:46:14.0500 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/08 23:46:14.0656 IvtBtBUs (71e1fc547cc488d5cd7bf0860c96f5af) C:\WINDOWS\system32\Drivers\IvtBtBus.sys
2010/10/08 23:46:14.0984 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/08 23:46:15.0109 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/08 23:46:15.0359 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\WINDOWS\system32\DRIVERS\kl1.sys
2010/10/08 23:46:15.0453 kl2 (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys
2010/10/08 23:46:15.0562 KLIF (395a295fd9ea657b4a3621e402cc56c5) C:\WINDOWS\system32\DRIVERS\klif.sys
2010/10/08 23:46:15.0890 klim5 (8d6e11bfa9927978d25b1b8029554f07) C:\WINDOWS\system32\DRIVERS\klim5.sys
2010/10/08 23:46:16.0140 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2010/10/08 23:46:16.0375 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/08 23:46:16.0515 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/08 23:46:16.0875 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/08 23:46:17.0015 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/08 23:46:17.0265 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/10/08 23:46:17.0546 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/08 23:46:17.0750 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/08 23:46:18.0015 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/08 23:46:18.0218 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/08 23:46:18.0406 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/08 23:46:18.0671 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/08 23:46:18.0875 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/08 23:46:19.0000 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/08 23:46:19.0203 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/08 23:46:19.0312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/08 23:46:19.0531 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/08 23:46:19.0640 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/08 23:46:19.0859 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/08 23:46:19.0984 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/08 23:46:20.0218 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/08 23:46:20.0515 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/08 23:46:20.0875 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/08 23:46:20.0968 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/08 23:46:21.0156 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/08 23:46:21.0390 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/08 23:46:21.0609 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/08 23:46:21.0921 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/08 23:46:22.0031 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/08 23:46:22.0250 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/08 23:46:22.0453 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/08 23:46:22.0656 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/08 23:46:22.0875 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2010/10/08 23:46:23.0046 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2010/10/08 23:46:23.0312 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2010/10/08 23:46:23.0640 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/08 23:46:23.0734 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/08 23:46:23.0843 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/08 23:46:24.0250 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/08 23:46:24.0671 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/08 23:46:24.0828 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/08 23:46:24.0984 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/10/08 23:46:25.0843 portio32 (09687a361c9f1418973a4ae17d2f52cc) C:\WINDOWS\system32\drivers\portio32.sys
2010/10/08 23:46:26.0015 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/08 23:46:26.0187 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/08 23:46:26.0328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/08 23:46:26.0421 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/08 23:46:27.0000 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/08 23:46:27.0296 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/08 23:46:27.0390 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/08 23:46:27.0625 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/08 23:46:27.0796 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/08 23:46:28.0046 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/08 23:46:28.0265 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/08 23:46:28.0468 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/08 23:46:28.0796 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/10/08 23:46:29.0093 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/10/08 23:46:29.0250 SAMFILT (2e4164df4c460edf11232d893f3ce007) C:\WINDOWS\system32\drivers\samfilt.sys
2010/10/08 23:46:29.0500 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/10/08 23:46:29.0625 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/10/08 23:46:30.0015 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/08 23:46:30.0468 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2010/10/08 23:46:30.0656 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/08 23:46:30.0859 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/08 23:46:31.0015 SetupSys (edbecd7f71e40521c8685f0b1f96d3a0) C:\WINDOWS\system32\drivers\SetupSys.sys
2010/10/08 23:46:31.0296 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/08 23:46:31.0531 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/08 23:46:31.0703 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
2010/10/08 23:46:31.0906 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/10/08 23:46:32.0218 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/08 23:46:32.0406 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2010/10/08 23:46:32.0765 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/08 23:46:32.0906 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/08 23:46:33.0234 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/08 23:46:33.0375 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/08 23:46:33.0640 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/08 23:46:34.0140 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/08 23:46:34.0296 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/08 23:46:34.0578 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/08 23:46:34.0859 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/08 23:46:35.0000 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/08 23:46:35.0703 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/08 23:46:35.0875 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/08 23:46:36.0187 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/10/08 23:46:36.0468 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/08 23:46:36.0609 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/08 23:46:36.0781 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/08 23:46:36.0984 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/08 23:46:37.0406 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/08 23:46:37.0531 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/08 23:46:37.0734 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/10/08 23:46:37.0859 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2010/10/08 23:46:38.0218 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/08 23:46:38.0656 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/08 23:46:38.0921 VX3000 (13acfed0e6adca97440169dfd127ebcf) C:\WINDOWS\system32\DRIVERS\VX3000.sys
2010/10/08 23:46:39.0437 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/08 23:46:39.0546 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2010/10/08 23:46:39.0890 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/08 23:46:40.0125 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/10/08 23:46:40.0609 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/08 23:46:40.0843 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/08 23:46:40.0968 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/08 23:46:41.0187 xbreader (05a74d2be6f493c65d7221d1d0e8a23c) C:\WINDOWS\system32\Drivers\xbreader.sys
2010/10/08 23:46:41.0500 ================================================================================
2010/10/08 23:46:41.0500 Scan finished
2010/10/08 23:46:41.0500 ================================================================================

I also ran MBRCheck here is the log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 127):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8C69000 \WINDOWS\system32\KDCOM.DLL
0xF8B79000 \WINDOWS\system32\BOOTVID.dll
0xF871A000 ACPI.sys
0xF8C6B000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF8709000 pci.sys
0xF8769000 isapnp.sys
0xF8D31000 pciide.sys
0xF89E9000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8779000 MountMgr.sys
0xF86EA000 ftdisk.sys
0xF89F1000 PartMgr.sys
0xF8789000 VolSnap.sys
0xF86D2000 atapi.sys
0xF8799000 disk.sys
0xF87A9000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF86B2000 fltmgr.sys
0xF86A0000 sr.sys
0xF8689000 KSecDD.sys
0xF85FC000 Ntfs.sys
0xF85CF000 NDIS.sys
0xF85B5000 Mup.sys
0xF8093000 kl1.sys
0xF8B7D000 BtHidBus.sys
0xF87F9000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF704F000 \SystemRoot\System32\DRIVERS\ialmnt5.sys
0xF703B000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF8AD1000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF7017000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF8AD9000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF6FF1000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF8809000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF8819000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0xF8AF1000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF8829000 \SystemRoot\System32\DRIVERS\serial.sys
0xF8C41000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF6FDD000 \SystemRoot\System32\DRIVERS\parport.sys
0xF8839000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF8849000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8859000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF6FBA000 \SystemRoot\System32\DRIVERS\ks.sys
0xF6F7A000 \SystemRoot\system32\drivers\smwdm.sys
0xF6F56000 \SystemRoot\system32\drivers\portcls.sys
0xF8869000 \SystemRoot\system32\drivers\drmk.sys
0xF6EA3000 \SystemRoot\system32\drivers\senfilt.sys
0xF8879000 \SystemRoot\system32\DRIVERS\klim5.sys
0xF7E60000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8889000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8C61000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF6E8C000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8899000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF88A9000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF8B29000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF6E7B000 \SystemRoot\System32\DRIVERS\psched.sys
0xF88B9000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF8B39000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF8B49000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF88C9000 \SystemRoot\System32\Drivers\pcouffin.sys
0xF88D9000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8B51000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF8CA1000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF6D7D000 \SystemRoot\System32\DRIVERS\update.sys
0xF8052000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7E50000 \SystemRoot\system32\drivers\portio32.sys
0xF88F9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8919000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8CA9000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xEEC56000 \SystemRoot\system32\DRIVERS\klif.sys
0xF8CB1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8EA1000 \SystemRoot\System32\Drivers\Null.SYS
0xF8CB5000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8A31000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF8A39000 \SystemRoot\System32\drivers\vga.sys
0xF8CB9000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8CBD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8A49000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8A59000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8C25000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF8A61000 \SystemRoot\system32\DRIVERS\kl2.sys
0xEEBFB000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xEEBA2000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xEEB7A000 \SystemRoot\System32\DRIVERS\netbt.sys
0xEEB54000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF8056000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xEEB0A000 \SystemRoot\System32\drivers\afd.sys
0xF8939000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF8949000 \SystemRoot\System32\DRIVERS\netbios.sys
0xEEAE8000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF8A81000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xEEABD000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xEEA4D000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xEECED000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xF8969000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF8979000 \SystemRoot\System32\Drivers\Fips.SYS
0xEEA2B000 \??\C:\WINDOWS\system32\drivers\cbfs_x32.sys
0xEECDD000 \SystemRoot\System32\DRIVERS\kbdhid.sys
0xF8999000 \SystemRoot\SYSTEM32\drivers\samfilt.sys
0xF89A9000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEEA13000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8CCB000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEEC26000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8AA1000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8D73000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF040000 \SystemRoot\System32\ialmdev5.DLL
0xBF070000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEE7CD000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xF6E2B000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xEE8EB000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xEE99B000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xEE5C0000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8D2D000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEE8BF000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xF8DBB000 \??\C:\WINDOWS\system32\drivers\io.sys
0xEE429000 \SystemRoot\System32\DRIVERS\srv.sys
0xEE0CC000 \SystemRoot\system32\drivers\wdmaud.sys
0xEE121000 \SystemRoot\system32\drivers\sysaudio.sys
0xF8A11000 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys
0xEDB73000 \SystemRoot\System32\Drivers\HTTP.sys
0xF8C75000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xED6B1000 \SystemRoot\system32\drivers\klmd.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 44):
0 System Idle Process
4 System
876 C:\WINDOWS\system32\smss.exe
932 csrss.exe
956 C:\WINDOWS\system32\winlogon.exe
1000 C:\WINDOWS\system32\services.exe
1012 C:\WINDOWS\system32\lsass.exe
1184 C:\WINDOWS\system32\svchost.exe
1272 svchost.exe
1416 C:\WINDOWS\system32\svchost.exe
1644 svchost.exe
1856 svchost.exe
2000 C:\WINDOWS\system32\spoolsv.exe
636 svchost.exe
668 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
684 svchost.exe
716 C:\Program Files\Java\jre6\bin\jqs.exe
768 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
900 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
928 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
1340 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
1488 C:\WINDOWS\system32\svchost.exe
708 alg.exe
2548 C:\WINDOWS\system32\hkcmd.exe
2564 C:\WINDOWS\system32\igfxpers.exe
2576 C:\Program Files\Analog Devices\Core\smax4pnp.exe
2668 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2712 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
2752 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2792 C:\WINDOWS\system32\rundll32.exe
2860 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
3040 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3644 C:\Program Files\Microsoft ActiveSync\rapimgr.exe
3072 C:\WINDOWS\system32\wuauclt.exe
3304 C:\WINDOWS\system32\ctfmon.exe
2460 C:\WINDOWS\explorer.exe
3204 C:\WINDOWS\system32\notepad.exe
1928 C:\Program Files\Mozilla Firefox\firefox.exe
856 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe
2096 C:\Program Files\Mozilla Firefox\plugin-container.exe
1864 C:\Program Files\WinRAR\WinRAR.exe
584 C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
2064 C:\WINDOWS\system32\notepad.exe
2364 C:\Documents and Settings\Owner\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: Maxtor6L160P0, Rev: BAH41G10

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
Posted 10/9/2010 7:11 AM
#89358
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Using Internet Explorer or Firefox, visit: https://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Click Accept, when prompted to download and install the program files and database of malware definitions.



To optimize scanning time and produce a more sensible report for review:



Close any open programs



Click Run at the Security prompt.



The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.



Once the update is complete, click on Settings.

Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, adware, dialers, and other riskware

Archives

E-mail databases
·



Click on My Computer under the green Scan bar to the left to start the scan.

· Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. I only require a report from it.

· Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

Click View report... at the bottom.

Click the Save report... button.








Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
Please post kaspersky log your next post:


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/9/2010 3:07 PM
#89370
User avatar

brifye24 Valued member

Date Joined Nov 2016
Total Posts: 18
OK I went to that link and at first it would not let me even update because I have Kaspersky 2010 trial running so I uninstalled Kaspersky rebooted my machine I went to the link you provided and it started to run the update it says it finished 100% and now it and it is not letting me run the scan. It will finish the update but it will not let me continue. I wont even let me click a link on the page.

At any rate I was able to run GMER and I do have a log for that.

GMER 1.0.15.15281 - https://www.gmer.net
Rootkit scan 2010-10-09 09:19:05
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\axtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xEEC82558]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xEEC82E5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xEEC83C90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xEEC841DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xEEC83138]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xEEC813C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xEEC840C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xEEC82146]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xEEC83F94]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xEEC822EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xEEC842FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xEEC82AE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xEEC8402A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xEEC859E2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xEEC819D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xEEC81D86]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xEEC835BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xEEC86BEE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xEEC81ED2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xEEC81F6A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xEEC833C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xEEC85AD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xEEC813A4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xEEC813B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xEEC8623C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xEEC82096]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xEEC84270]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xEEC82EDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xEEC81588]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xEEC84150]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xEEC82794]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xEEC85FD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xEEC84390]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xEEC82686]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xEEC82002]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xEEC81C3A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xEEC86576]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xEEC81864]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xEEC85E68]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xEEC81AF4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xEEC80DDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xEEC846F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xEEC845BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xEEC8577C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xEEC81156]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xEEC86A90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xEEC80D76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xEEC839D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xEEC82D00]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xEEC8501C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xEEC85C72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xEEC866C6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xEEC816DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xEEC867B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xEEC868F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xEEC85906]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEEAF2620]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xEEC82890]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xEEC8641A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xEEC82A1A]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 1D0 804E283C 12 Bytes [D4, 5A, C8, EE, A4, 13, C8, ...]
.text ntoskrnl.exe!_abnormal_termination + 34C 804E29B8 16 Bytes [F4, 1A, C8, EE, DE, 0D, C8, ...]
.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [B8, 67, C8, EE, F2, 68, C8, ...]
.text ntoskrnl.exe!IoIsOperationSynchronous 804E876A 5 Bytes JMP EEC753C2 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80512959 5 Bytes JMP EEC74FE6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF6F27F80]
init C:\WINDOWS\SYSTEM32\drivers\samfilt.sys entry point in "init" section [0xF899FD00]
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [E0, 13, 46, 6C] {LOOPNZ 0x15; INC ESI; INSB }
.text C:\Program Files\Mozilla Firefox\firefox.exe[1928] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [E0, 13, 46, 6C] {LOOPNZ 0x15; INC ESI; INSB }

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoCreateDevice] [F80D5C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] [F80D5C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F80D5D50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] [F80D5C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F80D5D50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] [F80D5C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\drivers\ws2ifsl.sys[ntoskrnl.exe!IoCreateDevice] [F80D5C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] [F80D5C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] [F80D5C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] [F80D5C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] [F80D5C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] [F80D5C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\HIDCLASS.SYS[ntoskrnl.exe!IoCreateDevice] [F80D5C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] [F80D5C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\kbdhid.sys[ntoskrnl.exe!IoCreateDevice] [F80D5C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] [F80D5C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[ntoskrnl.exe!IoCreateDevice] [F80D5C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[TDI.SYS!TdiRegisterDeviceObject] [F80D5D50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\nwlnknb.sys[ntoskrnl.exe!IoCreateDevice] [F80D5C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\nwlnknb.sys[TDI.SYS!TdiRegisterDeviceObject] [F80D5D50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice] [F80D5C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\nwlnkspx.sys[ntoskrnl.exe!IoCreateDevice] [F80D5C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\nwlnkspx.sys[TDI.SYS!TdiRegisterDeviceObject] [F80D5D50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice] [F80D5C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\Drivers\ParVdm.SYS[ntoskrnl.exe!IoCreateDevice] [F80D5C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] [F80D5C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] [F80D5C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] [F80D5C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] [F80D5C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 006C0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 006C02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 006C0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 006C0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 009909B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00990A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00990A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00990B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00990B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 00990BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 00990C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 00990CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 00990D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 006C0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 006C09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 006C0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 006C0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 006C0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 00990DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00990EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00990F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 006C0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7D1F06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 7D1F07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7D1F0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 7D1F08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7D1F0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] 006C0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 006C0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 006C0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7D1E0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 7D1F0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 7D1F0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7D1F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7D1F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7D1E05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7D1F0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 7D1E0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 7D1E06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7D1E0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7D1E0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7D1F0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7D1F0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7D1F0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7D1E07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 7D1E08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 009A0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7D1E0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 7D1E09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7D1E0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 009A0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 009A00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 009A0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 009A01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 009A0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 009A02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 009A0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 009A0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7D1E0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 009A0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 009A0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] 009A04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7D1E0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 009A0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 009A05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 009A0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 009A06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 009A0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 009A0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7D1E0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 009A07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 009A0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7D1E0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 009A08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 009A0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 009A09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 009A0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 009A0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 009A0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 009A0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 009A0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 009A0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 006D0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 006D0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 009A0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 009A0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 009A0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 009A0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 009A0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 009A0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 009A0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 009B0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 009B0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 009B00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 009B0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 006D00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 006D0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 006D0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 009B01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 009B0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 009B02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 009B0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 009B0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 009B0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 009B0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 009B04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 009B0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 006D0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 009B05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 009B0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 009B06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 006D04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 009B0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 006D0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 009C0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 009C0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 009C0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 009D0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 009D08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 009D0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] 009D09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 009D0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 009D0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 009D0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 009D0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 009D0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 009D0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7D1F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7D1E0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7D1E02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7D1F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 7D1F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7D1F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapCreate] 7D1E0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapDestroy] 7D1E02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7D1F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 7D1F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7D1E0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7D1F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 7D1F0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 7D1F0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 7D1F0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 7D1F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 7D1F0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7D1F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 7D1F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualFree] 7D1E0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[668] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualAlloc] 7D1E0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00990240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 009902B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 00990320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00990390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 00B709B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B70A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00B70A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00B70B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00B70B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 00B70BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 00B70C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 00B70CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 00B70D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 00990940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 009909B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 00990A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 00990A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 00990B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 00B70DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00B70EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00B70F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 00990D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7D1F06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 7D1F07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7D1F0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 7D1F08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7D1F0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] 00990E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00990EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 00990F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7D1E0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 7D1F0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 7D1F0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7D1F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7D1F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7D1E05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7D1F0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 7D1E0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 7D1E06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7D1E0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7D1E0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7D1F0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7D1F0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7D1F0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7D1E07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 7D1E08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 00B80010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7D1E0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 7D1E09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7D1E0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B80080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00B800F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00B80160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 00B801D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 00B80240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00B802B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00B80320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00B80390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7D1E0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00B80400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00B80470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] 00B804E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7D1E0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B80550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 00B805C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 00B80630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 00B806A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 00B80710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 00B80780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7D1E0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 00B807F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00B80860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7D1E0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00B808D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00B80940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 00B809B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 00B80A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B80A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 00B80B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 00B80B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 00B80BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 00B80C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 009A0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 009A0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B80CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00B80D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00B80DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 00B80E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 00B80E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 00B80EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00B80F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00B90010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 00B90080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 00B900F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00B90160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 009A00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 009A0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 009A0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00B901D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00B90240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00B902B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00B90320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00B90390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00B90400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00B90470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 00B904E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 00B90550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 009A0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00B905C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00B90630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 00B906A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 009A04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B90710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 009A0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 00BA0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BA0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 00BA0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 00BB0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 00BB0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 00BB00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 00BB0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 00BB07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 00BB0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 00BB08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 00BC01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 00BC0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] 00BC02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 00BC0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 00BC0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 00BC0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 00BC0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 00BC04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BC0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7D1E0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7D1E02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7D1F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 7D1F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7D1F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 7D1F0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 7D1F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 7D1F0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7D1F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 7D1F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7D1F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 7D1F0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 7D1F0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a745a3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a745a3@0025671b7775 0x08 0xA0 0x26 0x5A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a745a3@00265fd7f63d 0xBF 0x3D 0x6C 0x4C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x14 0xE3 0xEB 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAC 0xE1 0x65 0xC8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x05 0xD1 0xC4 0x74 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x06 0xBA 0xFD 0x71 ...
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTbpiudaugfd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTbpiudaugfd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTctlptgtkqe.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTrbqrsslxow.dat
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTulwakqipxc.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTldfexefqve.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x10 0xD1 0x22 0x29 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAC 0xE1 0x65 0xC8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x05 0xD1 0xC4 0x74 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x06 0xBA 0xFD 0x71 ...
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxrsbvpyavbrwbqmkpyyqxtimototrqfam.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxrsbvpyavbrwbqmkpyyqxtimototrqfam.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxtkiqboauacxduoridwkteoawryvehkxf.dll
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxrsbvpyavbrwbqmkpyyqxtimototrqfam.sys
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxrsbvpyavbrwbqmkpyyqxtimototrqfam.sys
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxtkiqboauacxduoridwkteoawryvehkxf.dll
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\000272a745a3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\000272a745a3@0025671b7775 0x08 0xA0 0x26 0x5A ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\000272a745a3@00265fd7f63d 0xBF 0x3D 0x6C 0x4C ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x14 0xE3 0xEB 0x6B ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAC 0xE1 0x65 0xC8 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x05 0xD1 0xC4 0x74 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x06 0xBA 0xFD 0x71 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A713ECC3-4DD3-48A5-E256-A22F2C88BCD5}

---- EOF - GMER 1.0.15 ----


[4]Update! [/4]

I was able to run Kaspersky online scanner and here is the log report.


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, October 9, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, October 09, 2010 11:46:01
Records in database: 4222985
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 74927
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 02:26:22


File name / Threat / Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
C:\Program Files\mIRC\mirc.exe.BAK Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

Selected area has been scanned.
Posted 10/10/2010 5:47 AM
#89386
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Good. However, you have some nasty rootkits in Gmer log.


Delete the vesion of combofix you have, then download newest version:


[color=#0000ff>Here[/url]

Save it to Desktop.






Open notepad and copy/paste the bolded text, including the link in the codebox below into it:

Name the file as CFScript
and Save it on the desktop


Code:


https://forum.bullguard.com/forum/10/Google-Re-directing-virus-and-_89288.html[/color][/b][/url]

[color=black>Snapshot::[/b]

Driver::[/color]


[color=black>Gaopdxserv[/b]

H8SRTd[/color]

[color=black>Collect::[/b]

c:\windows\system32\drivers\gaopdxrsbvpyavbrwbqmkpyyqxtimototrqfam.sys[/color]

[color=black>c:\windows\system32\gaopdxtkiqboauacxduoridwkteoawryvehkxf.dll[/b]

c:\windows\system32\drivers\H8SRTbpiudaugfd.sys[/color]


[color=black>c:\windows\system32\H8SRTctlptgtkqe.dll[/b]

c:\windows\system32\H8SRTrbqrsslxow.dat[/color]


[color=black>c:\windows\system32\H8SRTulwakqipxc.dll[/b]

c:\windows\system32\H8SRTldfexefqve.dll[/color]








Once saved, drag CFScript.txt into ComboFix.exe.



When ComboFix has finished its scan / cleaning opens a ComboFix log along with a small message box. Now click OK in the message box to upload the compiled files for further analysis (you must have an Internet connection to upload files).





Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/10/2010 7:03 AM
#89391
User avatar

brifye24 Valued member

Date Joined Nov 2016
Total Posts: 18
Here is the log

ComboFix 10-10-09.04 - Owner 10/10/2010 2:40.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.102 [GMT -4:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: F-Secure Anti-Virus 2008 8.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\yaaaax.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-10 to 2010-10-10 )))))))))))))))))))))))))))))))
.

2010-10-09 23:47 . 2010-10-09 23:47 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-09 23:45 . 2010-10-10 06:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-10-09 23:45 . 2010-10-09 23:45 -------- d-----w- c:\program files\Kaspersky Lab
2010-10-09 23:45 . 2010-10-09 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-10-09 22:51 . 2010-10-09 22:51 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-10-09 22:51 . 2010-10-09 22:51 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-10-09 13:39 . 2010-07-02 01:35 228024 ----a-w- c:\windows\system32\klogon.dll
2010-10-07 15:05 . 2010-10-07 15:05 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-10-07 15:05 . 2010-10-07 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-07 15:05 . 2010-10-07 15:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-05 19:33 . 2010-10-10 06:54 114688 ---ha-w- c:\windows\system32\yaaaax.dll
2010-10-05 19:02 . 2010-07-17 06:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-27 19:36 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-27 19:05 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-09-27 04:26 . 2010-10-04 20:56 -------- d-----w- c:\program files\Windows Media Connect 2
2010-09-26 16:31 . 2010-09-26 16:31 -------- d-----w- c:\documents and settings\Owner\Application Data\ComodoGroup
2010-09-26 16:22 . 2010-09-26 16:22 -------- d-----w- c:\documents and settings\Owner\Application DataComodoGroup
2010-09-26 16:21 . 2010-09-26 16:21 -------- d-----w- c:\program files\COMODO
2010-09-12 16:01 . 2010-09-23 20:22 14808 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-09-12 16:01 . 2010-09-23 20:22 718296 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iiijifaudio"="yaaaax.dll" [2010-10-10 114688]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-05 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-09-26 352976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ddayxuaudio"="yaaaax.dll" [2010-10-10 114688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"mlihghaudio"="yaaaax.dll" [2010-10-10 114688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2007-05-17 18:45 279912 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-07-28 14:18 413696 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2007-04-10 18:46 709992 ----a-w- c:\windows\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [1/21/2008 8:28 PM 20744]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs_x32.sys [7/27/2010 11:34 AM 146904]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 5:43 PM 11352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [3/15/2010 3:11 PM 5152]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/7/2010 12:06 PM 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 8:27 PM 19472]
R3 portio32;portio32;c:\windows\system32\drivers\portio32.sys [2/25/2010 5:34 PM 2048]
S0 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys --> c:\windows\system32\drivers\CFRMD.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/7/2008 1:44 PM 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [1/21/2008 8:28 PM 26248]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [1/3/2001 12:53 AM 19677]
.
Contents of the 'Scheduled Tasks' folder

2010-10-09 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-03-09 19:41]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.15\MediaManager\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\yf8lhc9y.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1482476501-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A713ECC3-4DD3-48A5-E256-A22F2C88BCD5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(956)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\yaaaax.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Completion time: 2010-10-10 02:59:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-10 06:59
ComboFix2.txt 2010-10-08 14:48
ComboFix3.txt 2010-10-06 14:49
ComboFix4.txt 2010-10-05 08:33
ComboFix5.txt 2010-10-10 06:35

Pre-Run: 30,444,445,696 bytes free
Post-Run: 31,022,125,056 bytes free

Current=1 Default=1 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - CE1FD1DD9D3F75EDEBD3B9CE9314C276
Posted 10/10/2010 8:36 AM
#89398
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hmm :rolleyes:




Please run new Gmer scan, and post the log it produce.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/10/2010 4:42 PM
#89401
User avatar

brifye24 Valued member

Date Joined Nov 2016
Total Posts: 18
Here is the GMER log.
GMER 1.0.15.14944 - https://www.gmer.net
Rootkit scan 2010-10-10 12:34:30
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xEE46B558]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xEE46BE5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xEE46CC90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xEE46D1DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xEE46C138]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xEE46A3C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xEE46D0C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xEE46B146]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xEE46CF94]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xEE46B2EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xEE46D2FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xEE46BAE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xEE46D02A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xEE46E9E2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xEE46A9D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xEE46AD86]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xEE46C5BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xEE46FBEE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xEE46AED2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xEE46AF6A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xEE46C3C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xEE46EAD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xEE46A3A4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xEE46A3B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xEE46F23C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xEE46B096]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xEE46D270]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xEE46BEDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xEE46A588]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xEE46D150]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xEE46B794]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xEE46EFD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xEE46D390]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xEE46B686]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xEE46B002]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xEE46AC3A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xEE46F576]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xEE46A864]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xEE46EE68]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xEE46AAF4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xEE469DDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xEE46D6F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xEE46D5BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xEE46E77C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xEE46A156]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xEE46FA90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xEE469D76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xEE46C9D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xEE46BD00]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xEE46E01C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xEE46EC72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xEE46F6C6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xEE46A6DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xEE46F7B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xEE46F8F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xEE46E906]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEE2B1620]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xEE46B890]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xEE46F41A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xEE46BA1A]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 1D0 804E283C 12 Bytes JMP A3A4EE46
.text ntoskrnl.exe!_abnormal_termination + 34C 804E29B8 16 Bytes [F4, AA, 46, EE, DE, 9D, 46, ...]
.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [B8, F7, 46, EE, F2, F8, 46, ...]
.text ntoskrnl.exe!IoIsOperationSynchronous 804E876A 5 Bytes JMP EE45E3C2 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80512959 5 Bytes JMP EE45DFE6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
? Combo-Fix.sys The system cannot find the file specified. !
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3428] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoCreateDevice] [F80A3C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] [F80A3C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F80A3D50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] [F80A3C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F80A3D50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\drivers\ws2ifsl.sys[ntoskrnl.exe!IoCreateDevice] [F80A3C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] [F80A3C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] [F80A3C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] [F80A3C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] [F80A3C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] [F80A3C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] [F80A3C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] [F80A3C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\kbdhid.sys[ntoskrnl.exe!IoCreateDevice] [F80A3C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] [F80A3C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[ntoskrnl.exe!IoCreateDevice] [F80A3C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[TDI.SYS!TdiRegisterDeviceObject] [F80A3D50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\nwlnknb.sys[ntoskrnl.exe!IoCreateDevice] [F80A3C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\nwlnknb.sys[TDI.SYS!TdiRegisterDeviceObject] [F80A3D50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice] [F80A3C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\nwlnkspx.sys[ntoskrnl.exe!IoCreateDevice] [F80A3C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\nwlnkspx.sys[TDI.SYS!TdiRegisterDeviceObject] [F80A3D50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice] [F80A3C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\Drivers\ParVdm.SYS[ntoskrnl.exe!IoCreateDevice] [F80A3C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] [F80A3C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] [F80A3C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] [F80A3C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] [F80A3C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a745a3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a745a3@0025671b7775 0x08 0xA0 0x26 0x5A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a745a3@00265fd7f63d 0xBF 0x3D 0x6C 0x4C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x14 0xE3 0xEB 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAC 0xE1 0x65 0xC8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x05 0xD1 0xC4 0x74 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x06 0xBA 0xFD 0x71 ...
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTbpiudaugfd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTbpiudaugfd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTctlptgtkqe.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTrbqrsslxow.dat
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTulwakqipxc.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTldfexefqve.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x10 0xD1 0x22 0x29 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAC 0xE1 0x65 0xC8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x05 0xD1 0xC4 0x74 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x06 0xBA 0xFD 0x71 ...
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxrsbvpyavbrwbqmkpyyqxtimototrqfam.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxrsbvpyavbrwbqmkpyyqxtimototrqfam.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxtkiqboauacxduoridwkteoawryvehkxf.dll
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxrsbvpyavbrwbqmkpyyqxtimototrqfam.sys
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxrsbvpyavbrwbqmkpyyqxtimototrqfam.sys
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxtkiqboauacxduoridwkteoawryvehkxf.dll
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\000272a745a3
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\000272a745a3@0025671b7775 0x08 0xA0 0x26 0x5A ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\000272a745a3@00265fd7f63d 0xBF 0x3D 0x6C 0x4C ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x14 0xE3 0xEB 0x6B ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAC 0xE1 0x65 0xC8 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x05 0xD1 0xC4 0x74 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x06 0xBA 0xFD 0x71 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.tlb 4096
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.tlb 4096
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.tlb 4096
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.tlb 4096
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.tlb 4096
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.tlb 4096
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.tlb 4096
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.tlb 4096
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscoree.tlb 4096
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.tlb 4096
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.tlb 4096
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.tlb 4096
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb 4096
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb 4096
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb 4096
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.tlb 4096
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb 4096
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.tlb 4096
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\VDT\vdt80.dll 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\VDT\vdt80p.dll 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Microsoft Visual Studio\COMMON\IDE\IDE98\ASP.TLB 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A713ECC3-4DD3-48A5-E256-A22F2C88BCD5}

---- EOF - GMER 1.0.15 ----
Posted 10/11/2010 2:58 AM
#89413
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Please download https://swandog46.geekstogo.com/avenger2/download.php





by Swandog46 to your Desktop.

Click on Avenger.zip to open the file

Extract avenger2.exe to your desktop



Start Avenger




[code]
Begin copying here:

Files to delete:
c:\windows\system32\drivers\gaopdxrsbvpyavbrwbqmkpyyqxtimototrqfam.sys
c:\windows\system32\gaopdxtkiqboauacxduoridwkteoawryvehkxf.dll
c:\windows\system32\drivers\H8SRTbpiudaugfd.sys
c:\windows\system32\H8SRTctlptgtkqe.dll
c:\windows\system32\H8SRTrbqrsslxow.dat
c:\windows\system32\H8SRTulwakqipxc.dll
c:\windows\system32\H8SRTldfexefqve.dll
c:\windows\system32\yaaaax.dll
Drivers to delete:
Gaopdxserv
H8SRTd
[/code]




Copy/Paste all the text in the above codebox into the main window

Click Execute



The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)



On reboot, it will briefly open a black command window on your desktop, this is normal.

After the restart, it creates a log file that should open with the results of Avenger’s actions.



This log file will be located at C:\avenger.txt



Post C:\avenger.txt in next reply






[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/11/2010 4:55 PM
#89434
User avatar

brifye24 Valued member

Date Joined Nov 2016
Total Posts: 18
So I ran Avenger and here is the log.


Logfile of The Avenger Version 2.0, (c) by Swandog46
https://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\windows\system32\drivers\gaopdxrsbvpyavbrwbqmkpyyqxtimototrqfam.sys" not found!
Deletion of file "c:\windows\system32\drivers\gaopdxrsbvpyavbrwbqmkpyyqxtimototrqfam.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\gaopdxtkiqboauacxduoridwkteoawryvehkxf.dll" not found!
Deletion of file "c:\windows\system32\gaopdxtkiqboauacxduoridwkteoawryvehkxf.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\drivers\H8SRTbpiudaugfd.sys" not found!
Deletion of file "c:\windows\system32\drivers\H8SRTbpiudaugfd.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\H8SRTctlptgtkqe.dll" not found!
Deletion of file "c:\windows\system32\H8SRTctlptgtkqe.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\H8SRTrbqrsslxow.dat" not found!
Deletion of file "c:\windows\system32\H8SRTrbqrsslxow.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\H8SRTulwakqipxc.dll" not found!
Deletion of file "c:\windows\system32\H8SRTulwakqipxc.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\H8SRTldfexefqve.dll" not found!
Deletion of file "c:\windows\system32\H8SRTldfexefqve.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\yaaaax.dll" not found!
Deletion of file "c:\windows\system32\yaaaax.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\Gaopdxserv" not found!
Deletion of driver "Gaopdxserv" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\H8SRTd" not found!
Deletion of driver "H8SRTd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.
Posted 10/12/2010 7:41 AM
#89450
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
[3]Download to your desktop the stand alone [/3][color=#0000ff][3]https://www.avira.com/en/support-download-avira-antirootkit-tool[/3][/color]





Unpack, and run it. It will produce a log, please post the contents in next reply.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/13/2010 2:53 AM
#89481
User avatar

brifye24 Valued member

Date Joined Nov 2016
Total Posts: 18
I tried to use the Link and I downloaded the tool and it will not let me run the program. It has an integrity Check error.

I was able to run Antivir Premium Scan and here is the Report Log




Avira AntiVir Premium
Report file date: Tuesday, October 12, 2010 23:16

Scanning for 2925284 virus strains and unwanted programs.

The program is running as a fully functional evaluation version.
Online services are available:

Licensee : John Smith
Serial number : 2210638412-PEPWE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : John

Version information:
BUILD.DAT : 10.0.0.603 36207 Bytes 4/19/2010 15:03:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 10/13/2010 02:16:41
AVSCAN.DLL : 10.0.3.0 46440 Bytes 10/13/2010 02:16:31
LUKE.DLL : 10.0.2.3 104296 Bytes 10/13/2010 02:20:39
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/13/2010 02:20:40
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 01:53:04
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:54:15
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 01:56:22
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 01:57:13
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 01:58:34
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 02:00:11
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 02:02:49
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 02:08:22
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 02:11:52
VBASE009.VDF : 7.10.11.134 2048 Bytes 9/13/2010 02:11:52
VBASE010.VDF : 7.10.11.135 2048 Bytes 9/13/2010 02:11:53
VBASE011.VDF : 7.10.11.136 2048 Bytes 9/13/2010 02:11:53
VBASE012.VDF : 7.10.11.137 2048 Bytes 9/13/2010 02:11:53
VBASE013.VDF : 7.10.11.165 172032 Bytes 9/15/2010 02:12:02
VBASE014.VDF : 7.10.11.202 144384 Bytes 9/18/2010 02:12:05
VBASE015.VDF : 7.10.11.231 129024 Bytes 9/21/2010 02:12:07
VBASE016.VDF : 7.10.12.4 126464 Bytes 9/23/2010 02:12:11
VBASE017.VDF : 7.10.12.38 146944 Bytes 9/27/2010 02:12:22
VBASE018.VDF : 7.10.12.64 133120 Bytes 9/29/2010 02:12:28
VBASE019.VDF : 7.10.12.99 134144 Bytes 10/1/2010 02:12:32
VBASE020.VDF : 7.10.12.122 131584 Bytes 10/5/2010 02:12:35
VBASE021.VDF : 7.10.12.148 119296 Bytes 10/7/2010 02:12:38
VBASE022.VDF : 7.10.12.175 142848 Bytes 10/11/2010 02:12:44
VBASE023.VDF : 7.10.12.176 2048 Bytes 10/11/2010 02:12:44
VBASE024.VDF : 7.10.12.177 2048 Bytes 10/11/2010 02:12:44
VBASE025.VDF : 7.10.12.178 2048 Bytes 10/11/2010 02:12:45
VBASE026.VDF : 7.10.12.179 2048 Bytes 10/11/2010 02:12:45
VBASE027.VDF : 7.10.12.180 2048 Bytes 10/11/2010 02:12:45
VBASE028.VDF : 7.10.12.181 2048 Bytes 10/11/2010 02:12:46
VBASE029.VDF : 7.10.12.182 2048 Bytes 10/11/2010 02:12:46
VBASE030.VDF : 7.10.12.183 2048 Bytes 10/11/2010 02:12:47
VBASE031.VDF : 7.10.12.193 93184 Bytes 10/12/2010 02:12:52
Engineversion : 8.2.4.78
AEVDF.DLL : 8.1.2.1 106868 Bytes 10/13/2010 02:15:00
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 10/13/2010 02:14:58
AESCN.DLL : 8.1.6.1 127347 Bytes 10/13/2010 02:14:41
AESBX.DLL : 8.1.3.1 254324 Bytes 10/13/2010 02:15:05
AERDL.DLL : 8.1.9.2 635252 Bytes 10/13/2010 02:14:39
AEPACK.DLL : 8.2.3.11 471416 Bytes 10/13/2010 02:14:22
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 10/13/2010 02:14:12
AEHEUR.DLL : 8.1.2.33 2949496 Bytes 10/13/2010 02:14:06
AEHELP.DLL : 8.1.14.0 246134 Bytes 10/13/2010 02:13:18
AEGEN.DLL : 8.1.3.23 401779 Bytes 10/13/2010 02:13:14
AEEMU.DLL : 8.1.2.0 393588 Bytes 10/13/2010 02:13:09
AECORE.DLL : 8.1.17.0 196982 Bytes 10/13/2010 02:13:06
AEBB.DLL : 8.1.1.0 53618 Bytes 10/13/2010 02:13:03
AVWINLL.DLL : 10.0.0.0 19304 Bytes 10/13/2010 01:32:31
AVPREF.DLL : 10.0.0.0 44904 Bytes 10/13/2010 02:16:31
AVREP.DLL : 10.0.0.8 62209 Bytes 10/13/2010 02:25:25
AVREG.DLL : 10.0.3.0 53096 Bytes 10/13/2010 02:25:24
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 10/13/2010 02:25:28
AVARKT.DLL : 10.0.0.14 227176 Bytes 10/13/2010 02:15:16
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 10/13/2010 02:15:48
SQLITE3.DLL : 3.6.19.0 355688 Bytes 10/13/2010 02:21:24
AVSMTP.DLL : 10.0.0.17 63848 Bytes 10/13/2010 02:17:04
NETNT.DLL : 10.0.0.0 11624 Bytes 10/13/2010 02:20:46
RCIMAGE.DLL : 10.0.0.32 2631528 Bytes 10/13/2010 01:33:55
RCTEXT.DLL : 10.0.53.0 97128 Bytes 10/13/2010 01:33:59

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, October 12, 2010 23:16

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Services\H8SRTd.sys\modules
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Services\H8SRTd.sys\start
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Services\H8SRTd.sys\type
[NOTE] The registry entry is invisible.
\systemroot\system32\drivers\H8SRTbpiudaugfd.sys
C:\WINDOWS\system32\drivers\H8SRTbpiudaugfd.sys
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Services\H8SRTd.sys\group
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Services\H8SRTd.sys\group
HKEY_LOCAL_MACHINE\System\ControlSet002\Services\H8SRTd.sys\group
HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gaopdxserv.sys\modules
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gaopdxserv.sys\start
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gaopdxserv.sys\type
[NOTE] The registry entry is invisible.
\systemroot\system32\drivers\gaopdxrsbvpyavbrwbqmkpyyqxtimototrqfam.sys
C:\WINDOWS\system32\drivers\gaopdxrsbvpyavbrwbqmkpyyqxtimototrqfam.sys
[NOTE] The registry entry is invisible.
\systemroot\system32\drivers\gaopdxrsbvpyavbrwbqmkpyyqxtimototrqfam.sys
HKEY_LOCAL_MACHINE\System\ControlSet004\Services\gaopdxserv.sys\modules
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet004\Services\gaopdxserv.sys\start
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet004\Services\gaopdxserv.sys\type
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'rsmsink.exe' - '30' Module(s) have been scanned
Scan process 'msdtc.exe' - '42' Module(s) have been scanned
Scan process 'dllhost.exe' - '63' Module(s) have been scanned
Scan process 'dllhost.exe' - '47' Module(s) have been scanned
Scan process 'vssvc.exe' - '50' Module(s) have been scanned
Scan process 'avscan.exe' - '69' Module(s) have been scanned
Scan process 'avcenter.exe' - '87' Module(s) have been scanned
Scan process 'plugin-container.exe' - '61' Module(s) have been scanned
Scan process 'firefox.exe' - '124' Module(s) have been scanned
Scan process 'rapimgr.exe' - '47' Module(s) have been scanned
Scan process 'ctfmon.exe' - '27' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '62' Module(s) have been scanned
Scan process 'wcescomm.exe' - '48' Module(s) have been scanned
Scan process 'avgnt.exe' - '62' Module(s) have been scanned
Scan process 'jusched.exe' - '22' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '39' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '38' Module(s) have been scanned
Scan process 'igfxpers.exe' - '25' Module(s) have been scanned
Scan process 'hkcmd.exe' - '23' Module(s) have been scanned
Scan process 'wuauclt.exe' - '40' Module(s) have been scanned
Scan process 'Explorer.EXE' - '128' Module(s) have been scanned
Scan process 'alg.exe' - '37' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '39' Module(s) have been scanned
Scan process 'avmailc.exe' - '32' Module(s) have been scanned
Scan process 'avshadow.exe' - '28' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '34' Module(s) have been scanned
Scan process 'NBService.exe' - '46' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '22' Module(s) have been scanned
Scan process 'MDM.EXE' - '25' Module(s) have been scanned
Scan process 'jqs.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'avguard.exe' - '76' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'sched.exe' - '49' Module(s) have been scanned
Scan process 'spoolsv.exe' - '60' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '170' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '61' Module(s) have been scanned
Scan process 'services.exe' - '38' Module(s) have been scanned
Scan process 'winlogon.exe' - '76' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '450' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\52\2a6458b4-4196a72d
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.HN Java virus
--> bpac/a.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.HN Java virus
C:\Qoobox\Quarantine\C\WINDOWS\system32\0d6A.sys.vir
[DETECTION] Contains recognition pattern of the RKIT/Agent.pri root kit
C:\Qoobox\Quarantine\C\WINDOWS\system32\yaaaax.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{6434DEA7-AC5C-4AC7-B49E-FAD7041686AB}\RP971\A0372794.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{6434DEA7-AC5C-4AC7-B49E-FAD7041686AB}\RP973\A0373334.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.pri root kit
C:\System Volume Information\_restore{6434DEA7-AC5C-4AC7-B49E-FAD7041686AB}\RP980\A0380473.dll
[DETECTION] Is the TR/Trash.Gen Trojan

Beginning disinfection:
C:\System Volume Information\_restore{6434DEA7-AC5C-4AC7-B49E-FAD7041686AB}\RP980\A0380473.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '46709614.qua'.
C:\System Volume Information\_restore{6434DEA7-AC5C-4AC7-B49E-FAD7041686AB}\RP973\A0373334.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.pri root kit
[NOTE] The file was moved to the quarantine directory under the name '5ee7b9b3.qua'.
C:\System Volume Information\_restore{6434DEA7-AC5C-4AC7-B49E-FAD7041686AB}\RP971\A0372794.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0cb8e35b.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yaaaax.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6b71acae.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\0d6A.sys.vir
[DETECTION] Contains recognition pattern of the RKIT/Agent.pri root kit
[NOTE] The file was moved to the quarantine directory under the name '2f088193.qua'.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\52\2a6458b4-4196a72d
[DETECTION] Contains recognition pattern of the JAVA/Agent.HN Java virus
[NOTE] The file was moved to the quarantine directory under the name '5013b3f1.qua'.


End of the scan: Wednesday, October 13, 2010 00:15
Used time: 57:42 Minute(s)

The scan has been done completely.

9404 Scanned directories
188350 Files were scanned
6 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
6 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
188344 Files not concerned
2327 Archives were scanned
0 Warnings
6 Notes
545607 Objects were scanned with rootkit scan
16 Hidden objects were found
Posted 10/13/2010 4:34 AM
#89482
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Download and run RootRepeal(hidden file scan option only)
https://rootrepeal.googlepages.com/





Look for any .sys/dll/bat listed by hidden file with the following prefix's

TDSS
UACs
GAOPDX
Seneka

Highlight relevent entry line and right click on it then select wipe file with Rootrepeal.
Reboot the computer and then run scan quick scan with an updated MBAM





Please post malwarebyte, along with new Gmer log.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/13/2010 4:51 AM
#89484
User avatar

brifye24 Valued member

Date Joined Nov 2016
Total Posts: 18
Are you referring to the hidden services tab to run the scan on?
Posted 10/13/2010 5:22 AM
#89485
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Yes. If you are unsure what to delete, if it find suspicios files. Then click on Report tab, click Scan button, check hidden services, save the report and post it here

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/13/2010 8:22 AM
#89486
User avatar

brifye24 Valued member

Date Joined Nov 2016
Total Posts: 18
The hidden Services did not pull up anything during the scan so here is the MBAM LOG and GMER LOG


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4807

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

10/13/2010 4:19:04 AM
mbam-log-2010-10-13 (04-19-04).txt

Scan type: Full scan (C:\|)
Objects scanned: 218530
Time elapsed: 2 hour(s), 48 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{6434DEA7-AC5C-4AC7-B49E-FAD7041686AB}\RP981\A0380558.exe (Trojan.Zapchast)




GMER 1.0.15.14944 - https://www.gmer.net
Rootkit scan 2010-10-13 04:18:13
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT F8E00386 ZwCreateKey
SSDT F8E0037C ZwCreateThread
SSDT F8E0038B ZwDeleteKey
SSDT F8E00395 ZwDeleteValueKey
SSDT F8E003B3 ZwLoadDriver
SSDT F8E0039A ZwLoadKey
SSDT F8E00368 ZwOpenProcess
SSDT F8E0036D ZwOpenThread
SSDT F8E003A4 ZwReplaceKey
SSDT F8E0039F ZwRestoreKey
SSDT F8E003B8 ZwSetSystemInformation
SSDT F8E00390 ZwSetValueKey
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEE590620]
SSDT F8E00372 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\rootrepeal.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs ED336400

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a745a3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a745a3@0025671b7775 0x08 0xA0 0x26 0x5A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a745a3@00265fd7f63d 0xBF 0x3D 0x6C 0x4C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x14 0xE3 0xEB 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAC 0xE1 0x65 0xC8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x05 0xD1 0xC4 0x74 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x06 0xBA 0xFD 0x71 ...
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTbpiudaugfd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTbpiudaugfd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTctlptgtkqe.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTrbqrsslxow.dat
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTulwakqipxc.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTldfexefqve.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x10 0xD1 0x22 0x29 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAC 0xE1 0x65 0xC8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x05 0xD1 0xC4 0x74 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x06 0xBA 0xFD 0x71 ...
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxrsbvpyavbrwbqmkpyyqxtimototrqfam.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxrsbvpyavbrwbqmkpyyqxtimototrqfam.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxtkiqboauacxduoridwkteoawryvehkxf.dll
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxrsbvpyavbrwbqmkpyyqxtimototrqfam.sys
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxrsbvpyavbrwbqmkpyyqxtimototrqfam.sys
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxtkiqboauacxduoridwkteoawryvehkxf.dll
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\000272a745a3
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\000272a745a3@0025671b7775 0x08 0xA0 0x26 0x5A ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\000272a745a3@00265fd7f63d 0xBF 0x3D 0x6C 0x4C ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x14 0xE3 0xEB 0x6B ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAC 0xE1 0x65 0xC8 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x05 0xD1 0xC4 0x74 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x06 0xBA 0xFD 0x71 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A713ECC3-4DD3-48A5-E256-A22F2C88BCD5}

---- EOF - GMER 1.0.15 ----
Posted 10/13/2010 9:40 AM
#89491
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Start Avenger



Registry keys to delete:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\H8SRTd

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\gaopdxserv

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\gaopdxserv.sys






Copy/Paste all the text in bold above into the main window

Click Execute



The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)



On reboot, it will briefly open a black command window on your desktop, this is normal.

After the restart, it creates a log file that should open with the results of Avenger’s actions.



This log file will be located at C:\avenger.txt



Post C:\avenger.txt in next reply

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Wednesday, June 16, 2021, 10:57 PM (GMT +2)
There are a total of 61,903 posts in 13,672 threads.
In the last 3 days there were 0 new threads and 1 reply posts.

Who's online

This forum has 38,627 registered members. Please welcome our newest member, ryancarter.
There are currently no users on-line.
×

Just a minute

Privacy has never been so important.

Nearly 50% of online users are now using a VPN to protect their privacy.

Find out why

…and if it grabs you bag yourself a VPN bargain.