2 Bronze

Redirected searches

Google search shows multiple hits and clicking on a particular hit will more often than not be redirected to some random site, sometimes ask.com but not always. The redirects will happen for a period of time, several hours, then for some reason will not happen for several hours then all of a sudden reappear. The url link can be copied to the address bar and this almost always goes to the correct link. I am running xp-pro SP3 with the latest updates on a Dell T7400 and IE6. Kaspersky Internet security with latest database and with the filters set to max. I started experencing this problem about 60 days ago and have been trying to get rid of it. 3 weeks ago unloaded KAS according to directions from KAS service tech. Downloaded MalwareBytes and ran without KAS loaded, MB found two trojans Trojan.agent and Trojan.Fake Alert. which were sucessfully quanantined and deleted. Also downloaded and ran superantispyware which ran to completion and found nothing. KAS was reinstalled and full system scan run with no problems. This was done several weeks ago and the system appeared to be fine. Also cleaned disk and deleted all previous restore files. Over the last week the redirects have reappeared. I have rerun MB and superantispyware as well as full scans with KAS with no anomalies found. The T7400 is on a network with 2 other machines connected to the internet with a cable modem. All of the other machines are running KAS with latest updates. MB and Superantispyware were also run on these machines and on one KAS was unloaded as described above. Neither of these machines are seeing a redirect problem.

I restarted the T7400 and generated the hijackThis log below; Thanks for your assistance in resolving this. Not sure if word wrap is on or off or where to set this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:24 AM, on 6/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\WhiteCanyon\SecureClean 4\scregmanager4.exe
C:\Program Files\WhiteCanyon\SecureClean 4\sctray4.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Sentinel Web\Sentinel.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Sentinel Web\OPTISAFE_Service.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe
C:\Sentinel Web\UPSInt.exe
C:\Program Files\Silicon Image\3124-W-I32-R SATARAID5\SATARaid5ConfigService.exe
C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080311
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080311
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080...
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Popup] "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04e\BrStDvPt.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SecureClean4RegManager] "C:\Program Files\WhiteCanyon\SecureClean 4\scregmanager4.exe"
O4 - HKLM\..\Run: [SecureClean4Tray] "C:\Program Files\WhiteCanyon\SecureClean 4\sctray4.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UPSMON] C:\Sentinel Web\Sentinel.exe
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SATARaid5Manager.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\DOCUME~1\ALLUSE~1\AVP9\mzvkbd3.dll,C:\DOCUME~1\ALLUSE~1\AVP9\kloehk.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OPTISAFEService - Unknown owner - C:\Sentinel Web\OPTISAFE_Service.Exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe
O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.6\rthlpsvc.exe
O23 - Service: SATARaid5 Configuration Service (SATARaid5 Config Service) - Unknown owner - C:\Program Files\Silicon Image\3124-W-I32-R SATARAID5\SATARaid5ConfigService.exe
O23 - Service: SCWatch 4.0 - WhiteCanyon Inc. - C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 10507 bytes

 

 

0 Kudos
45 Replies
4 Germanium

Re: Redirected searches

Hi boka1,

Welcome to the Dell Community Malware Removal Forum.

Sorry for the delay in getting to your log.

If you still require assistance, please reply to this topic with a fresh HJT log and what symptoms you are having so I can get an update on your system and can begin the cleanup procedure.

Thanks

K27

Malware Removal Staff at SpywareHammer

The Internet is the New Age Battle of the Old Age Clash Between Good and Evil

0 Kudos
2 Bronze

Re: Redirected searches

Thanks for responding K27, looking forward to resolving this.  Google search shows multiple hits and clicking on a particular hit will more often than not will be redirected to some random site, sometimes ask.com but not always. The redirects will happen for a period of time, several hours, then for some reason will not happen for several hours then all of a sudden reappear. Also it takes 18-20 seconds from clicking the IE6 icon to actually getting to google, way longer than it used to which was 2-3 seconds. The url link can be copied to the address bar and this almost always goes to the correct link. I am running xp-pro SP3 with the latest updates on a Dell T7400 and IE6. Kaspersky Internet security with latest database and with the filters set to max. I started experencing this problem about 60 days ago and have been trying to get rid of it. 3 weeks ago unloaded KAS according to directions from KAS service tech. Downloaded MalwareBytes and ran without KAS loaded, MB found two trojans Trojan.agent and Trojan.Fake Alert. which were sucessfully quanantined and deleted. Also downloaded and ran superantispyware which ran to completion and found nothing. KAS was reinstalled and full system scan run with no problems. This was done several weeks ago and the system appeared to be fine. Also cleaned disk and deleted all previous restore files. Over the last week the redirects have reappeared. I have rerun MB and superantispyware as well as full scans with KAS with no anomalies found. The T7400 is on a network with 2 other machines connected to the internet with a cable modem. All of the other machines are running KAS with latest updates. MB and Superantispyware were also run on these machines and on one KAS was unloaded as described above. Neither of these machines are seeing a redirect problem.

I restarted the T7400 and generated this new  hijackThis log below; Thanks for your assistance in resolving this. Not sure if word wrap is on or off or where to set this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:54 AM, on 6/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe
C:\Sentinel Web\Sentinel.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Sentinel Web\OPTISAFE_Service.Exe
C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe
C:\Program Files\Silicon Image\3124-W-I32-R SATARAID5\SATARaid5ConfigService.exe
C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Sentinel Web\UPSInt.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080311
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080311
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080...
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Popup] "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe"
O4 - HKLM\..\Run: [UPSMON] C:\Sentinel Web\Sentinel.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: SATARaid5Manager.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\DOCUME~1\ALLUSE~1\AVP9\mzvkbd3.dll,C:\DOCUME~1\ALLUSE~1\AVP9\kloehk.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OPTISAFEService - Unknown owner - C:\Sentinel Web\OPTISAFE_Service.Exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe
O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.6\rthlpsvc.exe
O23 - Service: SATARaid5 Configuration Service (SATARaid5 Config Service) - Unknown owner - C:\Program Files\Silicon Image\3124-W-I32-R SATARAID5\SATARaid5ConfigService.exe
O23 - Service: SCWatch 4.0 - WhiteCanyon Inc. - C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 8413 bytes

 

 

0 Kudos
4 Germanium

Re: Redirected searches

Hi boka1,

 

Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.

Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.

Please DO NOT use this system for anything apart from visiting this forum and other sites I direct you too, as this will only make the cleanup process all the more diffecult.

The first thing to do is to disconnect this from the network. the last thing we want is to be going around in circles chasing our tails and having to clean all the machines because the infection has spread.

All of the tools I ask you to run can be moved from one machine to another on any removable media such as a USB drive or blank CD/DVD, you you need instructions on any of this, please ask.


I know you have already run MBAM, but please follow these instructions.

  • Double click your Malwarebytes desktop icon
  • Click the UPDATE tab at the top
  • Scan for and install any updates it finds
  • Then choose the SCANNER tab and run a FULL SCAN
  • Once finished if MBAM found anything please click Show Results
  • Make sure EVERYTHING has a check in the box next to it and then click Remove Selected
  • Post the MBAM log results back to this thread


YOU MUST DISABLE ALL REAL TIME PROTECTION BEFORE RUNNING THE NEXT TOOL,

Next, download this Antirootkit Program to a folder that you create such as C:\ARK, by choosing the "Download EXE" button on the webpage.

Disable the active protection component of your antivirus and antispyware programs by following the directions that apply here:

Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)

 

  • Double-click the randomly name EXE located in the C:\ARK folder that you just downloaded to launch it
  • When the program opens, it will automatically initiate a very fast scan of common rootkit hiding places.
  • When the "quick" scan is finished (a few seconds), click the Rootkit/Malware tab,and then select the Scan button.
  • Leave your system completely idle while this longer scan is in progress.
  • When the scan is done, save the scan log to the Windows clipboard
  • Open Notepad or a similar text editor
  • Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
  • Exit the Program
  • Save the Scan log as ARK.txt and post it in your next reply.
  • Now, re-enable the active protection component of any antivirus/antimalware programs you disabled before performing the scan.


If the ARK tool crashes your machine or causes a Blue Screen error, please post the log results from the first inital quick scan,this can be saved in the same way as the full scan in the above instructions.

 

Please post the MBAM log and the ARK log back to this thread.

Thanks,
K27.

Malware Removal Staff at SpywareHammer

The Internet is the New Age Battle of the Old Age Clash Between Good and Evil

0 Kudos
2 Bronze

Re: Redirected searches

K27 no problem with most of your request. I assume it may take a couple of days to do this and this is a machine I use for business and have several applications (that do not depend on an internet connection) that I must continue to use every day while running down and eliminating this problem. If it is absolutely necessary I can attempt to move this software and reconfigure the attached hardware (3 monitors and multiple esata drives) to use another machine.

0 Kudos
4 Germanium

Re: Redirected searches

Hi,

I understand your predicament, but I strongly advise that you DO NOT move anything from the infected machine to any other machine apart from the logs I request that will be in notepad format. There is a high chance that you will infect your other machine;'s and be back to square one.

The quicker you get me the logs, the quicker this can be cleaned. If you really can't live without the software for a few days then so be it, but please try to use the system as little as possible at least until we know what we are dealing with.

Thanks,
K27.

Malware Removal Staff at SpywareHammer

The Internet is the New Age Battle of the Old Age Clash Between Good and Evil

0 Kudos
2 Bronze

Re: Redirected searches

understood

0 Kudos
2 Bronze

Re: Redirected searches

I re-ran the hijackthis and the log is below

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:18 PM, on 6/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Sentinel Web\OPTISAFE_Service.Exe
C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe
C:\Program Files\Silicon Image\3124-W-I32-R SATARAID5\SATARaid5ConfigService.exe
C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Sentinel Web\UPSInt.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe
C:\Sentinel Web\Sentinel.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080311
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080311
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080...
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Popup] "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe"
O4 - HKLM\..\Run: [UPSMON] C:\Sentinel Web\Sentinel.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: SATARaid5Manager.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\DOCUME~1\ALLUSE~1\AVP9\mzvkbd3.dll,C:\DOCUME~1\ALLUSE~1\AVP9\kloehk.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OPTISAFEService - Unknown owner - C:\Sentinel Web\OPTISAFE_Service.Exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe
O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.6\rthlpsvc.exe
O23 - Service: SATARaid5 Configuration Service (SATARaid5 Config Service) - Unknown owner - C:\Program Files\Silicon Image\3124-W-I32-R SATARAID5\SATARaid5ConfigService.exe
O23 - Service: SCWatch 4.0 - WhiteCanyon Inc. - C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 8445 bytes

MALWARE BYTES LOG

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4184

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

6/9/2010 7:30:51 PM
mbam-log-2010-06-09 (19-30-51).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|H:\|J:\|)
Objects scanned: 315033
Time elapsed: 1 hour(s), 30 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

COULD NOT FIND SHOW RESULTS TAB, Assume that it is only available if something is found

Below is the GMER fast log followed by the long log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-09 19:57:51
Windows 5.1.2600 Service Pack 3
Running: m0e7ozt2.exe; Driver: C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\fxtdipog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwEnumerateKey [0xB4629ECA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwEnumerateValueKey [0xB4629F74]

Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  FsRtlCheckLockForReadAccess
Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  IoIsOperationSynchronous

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                 SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice  \FileSystem\Fastfat \Fat                                                               SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice  \FileSystem\Fastfat \Fat                                                               fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                               kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                              kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                              kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                            kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- EOF - GMER 1.0.15 ----

 

GMER Full log, it appeared to finish ie no scanning activity at the bottom. I closed out of GMER and it is taking  a very long time for the machine to

shut down. Default was C only and I did not modify that, there are 3 other large disk. Kaspersky was turned off an the internet/network cable was disconnected.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-09 20:34:24
Windows 5.1.2600 Service Pack 3
Running: m0e7ozt2.exe; Driver: C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\fxtdipog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwAdjustPrivilegesToken [0xB462A58C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwClose [0xB462AE0C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwConnectPort [0xB462B922]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwCreateEvent [0xB462BE94]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwCreateFile [0xB462B0EE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwCreateKey [0xB4629436]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwCreateMutant [0xB462BD6C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwCreateNamedPipeFile [0xB462A192]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwCreatePort [0xB462BC28]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwCreateSection [0xB462A34E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwCreateSemaphore [0xB462BFC6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwCreateSymbolicLinkObject [0xB462DC08]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwCreateThread [0xB462AAAA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwCreateWaitablePort [0xB462BCCA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwDebugActiveProcess [0xB462D5FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwDeleteKey [0xB46299FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwDeleteValueKey [0xB4629D88]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwDeviceIoControlFile [0xB462B576]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwDuplicateObject [0xB462E5CA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwEnumerateKey [0xB4629ECA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwEnumerateValueKey [0xB4629F74]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwFsControlFile [0xB462B382]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwLoadDriver [0xB462D68C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwLoadKey [0xB4629412]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwLoadKey2 [0xB4629424]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwMapViewOfSection [0xB462DCBC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwNotifyChangeKey [0xB462A0C0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwOpenEvent [0xB462BF36]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwOpenFile [0xB462AE8E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwOpenKey [0xB46295DC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwOpenMutant [0xB462BE04]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwOpenProcess [0xB462A792]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwOpenSection [0xB462DC32]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwOpenSemaphore [0xB462C068]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwOpenThread [0xB462A6B6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwQueryKey [0xB462A01E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwQueryMultipleValueKey [0xB4629C46]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwQuerySection [0xB462DFD4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwQueryValueKey [0xB4629896]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwQueueApcThread [0xB462D922]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwRenameKey [0xB4629B0E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwReplaceKey [0xB46292B0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwReplyPort [0xB462C3F2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwReplyWaitReceivePort [0xB462C2B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwRequestWaitReplyPort [0xB462D39A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwRestoreKey [0xB4630E2C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwResumeThread [0xB462E4AC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwSaveKey [0xB4629248]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwSecureConnectPort [0xB462B65C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwSetContextThread [0xB462ACC8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwSetInformationToken [0xB462CC4A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwSetSecurityObject [0xB462D786]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwSetSystemInformation [0xB462E114]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwSetValueKey [0xB462971E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwSuspendProcess [0xB462E1F8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwSuspendThread [0xB462E320]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwSystemDebugControl [0xB462D526]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwTerminateProcess [0xB462A90A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwTerminateThread [0xB462A860]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwUnmapViewOfSection [0xB462DE8A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        ZwWriteVirtualMemory [0xB462A9EA]

Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        FsRtlCheckLockForReadAccess
Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                        IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!FsRtlCheckLockForReadAccess                                                                                                                     804EAF84 5 Bytes  JMP B461F4DC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text           ntkrnlpa.exe!IoIsOperationSynchronous                                                                                                                        804EF912 5 Bytes  JMP B461F8B6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text           ntkrnlpa.exe!ZwCallbackReturn + 2C74                                                                                                                         80504510 2 Bytes  [36, 94]
.text           ntkrnlpa.exe!ZwCallbackReturn + 2C98                                                                                                                         80504534 16 Bytes  [4E, A3, 62, B4, C6, BF, 62, ...]
.text           ntkrnlpa.exe!ZwCallbackReturn + 2CCC                                                                                                                         80504568 2 Bytes  [FA, 99] {CLI ; CDQ }
.text           ntkrnlpa.exe!ZwCallbackReturn + 2CD4                                                                                                                         80504570 2 Bytes  [88, 9D]
.text           ntkrnlpa.exe!ZwCallbackReturn + 2CD7                                                                                                                         80504573 5 Bytes  [B4, 76, B5, 62, B4]
.text           ...                                                                                                                                                         
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                                                     section is writeable [0xB8B26360, 0x3475F7, 0xE8000020]
init            C:\WINDOWS\system32\drivers\Senfilt.sys                                                                                                                      entry point in "init" section [0xB46B3A00]

---- User code sections - GMER 1.0.15 ----

?               C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] C:\WINDOWS\system32\ntdll.dll                                                   time/date stamp mismatch;
?               C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] C:\WINDOWS\system32\kernel32.dll                                                time/date stamp mismatch;
.text           C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] USER32.dll!AlignRects + FFFA5598                                                7E412A78 4 Bytes  [70, 11, 33, 6D]
?               C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] C:\WINDOWS\system32\ntdll.dll                                                  time/date stamp mismatch;
?               C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] C:\WINDOWS\system32\kernel32.dll                                               time/date stamp mismatch;
.text           C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] USER32.dll!AlignRects + FFFA5598                                               7E412A78 4 Bytes  [70, 11, 33, 6D]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject]                                                                                      [B40DECC0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT             \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject]                                                                                      [B40DECC0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap]                  00370240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap]                      003702B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap]                      00370320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap]                00370390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA]              00A60860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                    00A608D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]                    00A60940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]                  00A609B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary]                     00A60A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     00A60A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread]                    00370630
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc]                    003706A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree]                     00370710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap]                        00370780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap]                    003707F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode]                  00A60B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]                00A60B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW]            00A60BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread]                  00370860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   00A60C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]                  00A60CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary]                   00A60D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                  00A60DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                00A60E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc]                  003709B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree]                   00370A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap]                      00370A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap]                  00370B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap]                00370B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    00A60E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]                   00A60EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW]                   00A60F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW]             7D1F0550
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]                 7D1F05C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary]                    7D1F0630
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap]                       00370BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap]                   00370C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                  7D1F06A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread]                    00370CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW]                  7D1F0710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA]              7D1F0780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]                    7D1F07F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     7D1F0860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                  7D1F08D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                    7D1F0940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary]                     7D1F09B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW]              7D1F0A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap]                    00370EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap]                        00370F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]      7D1F0A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                   7D1F0B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                     7D1F0B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary]                      7D1F0BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                   7D1F0C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                     7D1F0CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap]                     7D1E0390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap]                         7D1E0400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode]                    00A70240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     00A702B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]                  00A70320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]                    00A70390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary]                     00A70400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA]                  00A70470
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW]                  00A704E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA]              00A70550
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy]                     7D1E0940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree]                     7D1E09B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc]                    7D1E0A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread]                    7D1E0B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW]              00A705C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc]                   7D1E0CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree]                    7D1E0D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy]                    7D1E0EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    00A70710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                   00A70780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW]                 00A707F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW]             00A70860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode]                   00A708D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                   00A70940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                 00A709B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread]                   7D1E0F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]                 00A70A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary]                    00A70A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA]                 00A70B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap]                       00380010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    00A70B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode]                   00A70BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW]             00A70C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]                 00A70CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                 00A70D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                   00A70DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA]                 00A70E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW]                 00A70E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary]                    00A70EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                   00380080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy]                    003800F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                   00A70F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                 00A80010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA]             00A80080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress]                   00A800F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                     00A80160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary]                      00A801D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                     00A80240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW]               00A802B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread]                     00380390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]                   00A80320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA]                   00A80390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW]                   00A80400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc]                     00380400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]      00A80470
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap]                         00380470
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA]                     00A90240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary]                      00A902B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress]                   00A90320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter]      00A90390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode]                   00A90780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW]                   00A907F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA]                 00A90860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread]                   7D1E01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW]                 00A908D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW]             00A90940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress]                 00A909B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary]                    00A90A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA]                   00A90A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    00A90B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap]                       7D1E0080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW]                  7D1F0400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   7D1F04E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA]                  7D1F02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary]                   7D1F00F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress]                7D1F0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA]            7D1F0160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread]                  7D1E01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap]                  7D1E0010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap]                      7D1E0080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy]                     7D1E0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress]                  7D1F0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA]              7D1F0160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]                    7D1F02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread]                    7D1E01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary]                     7D1F00F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     7D1F04E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary]                    7D1F00F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    7D1F04E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA]                   7D1F02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA]             7D1F0160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread]                   7D1E01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress]                 7D1F0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   7D1F04E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary]                   7D1F00F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapDestroy]                   7D1E0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress]                7D1F0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA]                  7D1F02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap]                      7D1E0080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap]                  7D1E0010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary]                    7D1F00F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                 7D1F0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]                   7D1F02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    7D1F04E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA]                 7D1F0320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW]                 7D1F0390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread]                   7D1E01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW]             7D1F01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameA]             7D1F0160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     7D1F04E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualFree]                     7D1E0320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualAlloc]                    7D1E02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread]                   7D1E01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode]                   7D1F0470
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    7D1F04E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA]             7D1F0160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA]                 7D1F0320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW]                   7D1F0400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                 7D1F0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA]                   7D1F02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[844] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary]                    7D1F00F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap]                 00030240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap]                     000302B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap]                     00030320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap]               00030390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA]             00C80860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                   00C808D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]                   00C80940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]                 00C809B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary]                    00C80A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    00C80A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread]                   00030630
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc]                   000306A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree]                    00030710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap]                       00030780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap]                   000307F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode]                 00C80B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]               00C80B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW]           00C80BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread]                 00030860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  00C80C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]                 00C80CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary]                  00C80D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                 00C80DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]               00C80E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc]                 000309B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree]                  00030A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap]                     00030A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap]                 00030B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap]               00030B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   00C80E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]                  00C80EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW]                  00C80F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW]            7D1F0550
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]                7D1F05C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary]                   7D1F0630
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap]                      00030BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap]                  00030C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                 7D1F06A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread]                   00030CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW]                 7D1F0710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA]             7D1F0780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]                   7D1F07F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    7D1F0860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                 7D1F08D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                   7D1F0940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary]                    7D1F09B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW]             7D1F0A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap]                   00030EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap]                       00030F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     7D1F0A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                  7D1F0B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                    7D1F0B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary]                     7D1F0BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                  7D1F0C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                    7D1F0CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap]                    7D1E0390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap]                        7D1E0400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode]                   00C90240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    00C902B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]                 00C90320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]                   00C90390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary]                    00C90400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA]                 00C90470
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW]                 00C904E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA]             00C90550
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy]                    7D1E0940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree]                    7D1E09B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc]                   7D1E0A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread]                   7D1E0B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW]             00C905C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc]                  7D1E0CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree]                   7D1E0D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy]                   7D1E0EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   00C90710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                  00C90780
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW]                00C907F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW]            00C90860
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode]                  00C908D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                  00C90940
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                00C909B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread]                  7D1E0F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]                00C90A20
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary]                   00C90A90
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA]                00C90B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap]                      00380010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   00C90B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode]                  00C90BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW]            00C90C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]                00C90CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                00C90D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                  00C90DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA]                00C90E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW]                00C90E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary]                   00C90EF0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                  00380080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy]                   003800F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                  00C90F60
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                00CA0010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA]            00CA0080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress]                  00CA00F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                    00CA0160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary]                     00CA01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                    00CA0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW]              00CA02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread]                    00380390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]                  00CA0320
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA]                  00CA0390
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW]                  00CA0400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc]                    00380400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     00CA0470
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap]                        00380470
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA]                    00CB05C0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary]                     00CB0630
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress]                  00CB06A0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter]     00CB0710
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode]                  00CB0B00
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW]                  00CB0B70
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA]                00CB0BE0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread]                  7D1E01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW]                00CB0C50
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW]            00CB0CC0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress]                00CB0D30
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary]                   00CB0DA0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA]                  00CB0E10
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   00CB0E80
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap]                      7D1E0080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW]                 7D1F0400
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  7D1F04E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA]                 7D1F02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary]                  7D1F00F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress]               7D1F0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA]           7D1F0160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread]                 7D1E01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap]                 7D1E0010
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap]                     7D1E0080
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy]                    7D1E0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress]                 7D1F0240
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA]             7D1F0160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]                   7D1F02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread]                   7D1E01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary]                    7D1F00F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    7D1F04E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary]                   7D1F00F0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   7D1F04E0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA]                  7D1F02B0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA]            7D1F0160
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread]                  7D1E01D0
IAT             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2980] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress]                7D1F0240

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                                       SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                                     kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                                    kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                                                                                       snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                                                                                       timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                                                                                       snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                                                                                       timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume3                                                                                                                       snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume3                                                                                                                       timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume4                                                                                                                       snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume4                                                                                                                       timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume5                                                                                                                       snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume5                                                                                                                       timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume6                                                                                                                       snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume6                                                                                                                       timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume7                                                                                                                       snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume7                                                                                                                       timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume8                                                                                                                       snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume8                                                                                                                       timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                                    kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                                  kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                                     SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                                     fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \FileSystem\Cdfs \Cdfs                                                                                                                                       DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- EOF - GMER 1.0.15 ----

 

 

0 Kudos
4 Germanium

Re: Redirected searches

Hi,

 

PLEASE BE SURE TO DISABLE ALL PROTECTIVE SOFTWARE THAT IS RUNNING ON YOUR MACHINE BEFORE RUNNING COMBO-FIX, SO THAT COMBO-FIX IS NOT HINDERED IN ITS REMOVAL PROCESS

Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)

 

Please download ComboFix.exe. Please visit THIS webpage for download links, and instructions for running the tool:

Combo-fix MUST be save to your desktop before running the tool

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

When prompted to install the recovery console please make sure to do so as the is a VERY IMPORTANT backup of Combo-fix XP only

You will need to be conected to the net to install the recovery console, if you can not install it DO NOT run Combo-Fix,
Post back and we will install it manually.

DO NOT mouse click when Combo-Fix is running as this will cause Combo-Fix to Stall and it will not work as it should

Please include the C:\ComboFix.txt in your next reply for further review.

Thanks,
K27.

Malware Removal Staff at SpywareHammer

The Internet is the New Age Battle of the Old Age Clash Between Good and Evil

0 Kudos
2 Bronze

Re: Redirected searches

downloading and preparing to run combofix, were there any obvious threats in the previous post?

0 Kudos