Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #16  
Old December 21st, 2011, 06:27 PM
XKOOTX XKOOTX is offline
Member
 
Join Date: Apr 2004
O/S: Windows 7 64-bit
Posts: 45
This is as far as it goes in GMER. 1st
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-21 12:23:31
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DK02
Running: h81cww1n.exe; Driver: C:\Users\Jim\AppData\Local\Temp\kxtdypow.sys

---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x91F5228A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x91F6C342]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x91F6C678]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x91F6C9EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x91F52D04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x91F6C02A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x91F53276]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x91F53164]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x91F6C4E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x91F52046]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x91F5338E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x91F528BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x91F52A2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x91F534A6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x91F6C5B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x91F5374E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x91F52D46]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x91F54750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x91F53840]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x91F53DAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwNotifyChangeKey [0x91F6A840]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x91F53308]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x91F531F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x91F524C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x91F53B90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x91F53420]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x91F523B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x91F5355C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryObject [0x91F6AA38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x91F540D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x91F539E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x91F6C7DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x91F6C72A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x91F6C848]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x91F545F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x91F6C1B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x91F52BA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x91F535FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x91F54222]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x91F54316]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x91F54450]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x91F53670]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x91F52664]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x91F525BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x91F53F8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x91F52750]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13D1 82E83369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EBCD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82EC3D8C 4 Bytes [8A, 22, F5, 91] {MOV AH, [EDX]; CMC ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82EC3DB4 8 Bytes [42, C3, F6, 91, 78, C6, F6, ...] {INC EDX; RET ; NOT BYTE [ECX-0x6e093988]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 82EC3DF8 4 Bytes [EE, C9, F6, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 82EC3E24 4 Bytes [04, 2D, F5, 91] {ADD AL, 0x2d; CMC ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82EC3E48 4 Bytes [2A, C0, F6, 91]
.text ...
---- User code sections - GMER 1.0.15 ----
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] ntdll.dll!NtProtectVirtualMemory 77305F18 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] USER32.dll!NotifyWinEvent + 6AE 7577D66C 4 Bytes [E0, 13, 54, 67]
.text C:\Program Files\Internet Explorer\iexplore.exe[4556] USER32.dll!CreateWindowExW 7576EC7C 5 Bytes JMP 6DA83894 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4556] USER32.dll!DialogBoxParamW 75783B9B 5 Bytes JMP 6D9B7F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4556] USER32.dll!DialogBoxIndirectParamW 75793B7F 5 Bytes JMP 6DBBDF28 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4556] USER32.dll!DialogBoxParamA 757ACF42 5 Bytes JMP 6DBBDEC5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4556] USER32.dll!DialogBoxIndirectParamA 757AD274 5 Bytes JMP 6DBBDF8B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4556] USER32.dll!MessageBoxIndirectA 757BE869 5 Bytes JMP 6DBBDE5A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4556] USER32.dll!MessageBoxIndirectW 757BE963 5 Bytes JMP 6DBBDDEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4556] USER32.dll!MessageBoxExA 757BE9C9 5 Bytes JMP 6DBBDD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4556] USER32.dll!MessageBoxExW 757BE9ED 5 Bytes JMP 6DBBDD2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!EnableWindow 75768D02 5 Bytes JMP 6D9AA83D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!GetAsyncKeyState 7576A256 5 Bytes JMP 6D9AB1EE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!CallNextHookEx 7576ABE1 5 Bytes JMP 6D9F3CA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 6DAAD90F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 6DA47DD1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!CreateWindowExW 7576EC7C 5 Bytes JMP 6DA83894 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!GetKeyState 75772B4D 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!GetKeyState 75772B4D 5 Bytes JMP 6D9B0F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!IsDialogMessageW 75774104 5 Bytes JMP 6D9AAD96 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!CreateDialogParamA 75781F42 5 Bytes JMP 6DBBEB9C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!IsDialogMessage 75782019 5 Bytes JMP 6DBBE3D6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!DialogBoxParamW 75783B9B 5 Bytes JMP 6D9B7F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!CreateDialogIndirectParamA 7578721D 5 Bytes JMP 6DBBEC0A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!CreateDialogIndirectParamW 7578EA10 5 Bytes JMP 6DBBEC41 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!DialogBoxIndirectParamW 75793B7F 5 Bytes JMP 6DBBDF28 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!EndDialog 75793BA3 5 Bytes JMP 6D9AAFEC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!CreateDialogParamW 75795630 5 Bytes JMP 6DBBEBD3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!SetKeyboardState 7579695A 5 Bytes JMP 6DBBE73B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!SendInput 75797019 5 Bytes JMP 6DBBF360 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!SetCursorPos 757AC1B0 5 Bytes JMP 6DBBF3B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!DialogBoxParamA 757ACF42 5 Bytes JMP 6DBBDEC5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!DialogBoxIndirectParamA 757AD274 5 Bytes JMP 6DBBDF8B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!MessageBoxIndirectA 757BE869 5 Bytes JMP 6DBBDE5A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!MessageBoxIndirectW 757BE963 5 Bytes JMP 6DBBDDEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!MessageBoxExA 757BE9C9 5 Bytes JMP 6DBBDD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!MessageBoxExW 757BE9ED 5 Bytes JMP 6DBBDD2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!keybd_event 757BEC3B 5 Bytes JMP 6DBBF6EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] SHELL32.dll!RealDriveType + 173D 7670FDD0 4 Bytes [A5, 35, 11, 68]
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] SHELL32.dll!RealDriveType + 1745 7670FDD8 8 Bytes [F3, 34, 11, 68, 17, 73, 10, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] ole32.dll!OleLoadFromStream 758D6143 5 Bytes JMP 6DBBE27B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4604] ole32.dll!CoCreateInstance 75919D0B 5 Bytes JMP 6DA83422 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] ntdll.dll!NtProtectVirtualMemory 77305F18 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] USER32.dll!NotifyWinEvent + 6AE 7577D66C 4 Bytes [E0, 13, 54, 67]
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!EnableWindow 75768D02 5 Bytes JMP 6D9AA83D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!GetAsyncKeyState 7576A256 5 Bytes JMP 6D9AB1EE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!CallNextHookEx 7576ABE1 5 Bytes JMP 6D9F3CA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!UnhookWindowsHookEx 7576ADF9 5 Bytes JMP 6DAAD90F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!SetWindowsHookExW 7576E30C 5 Bytes JMP 6DA47DD1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!CreateWindowExW 7576EC7C 5 Bytes JMP 6DA83894 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!GetKeyState 75772B4D 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!GetKeyState 75772B4D 5 Bytes JMP 6D9B0F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!IsDialogMessageW 75774104 5 Bytes JMP 6D9AAD96 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!CreateDialogParamA 75781F42 5 Bytes JMP 6DBBEB9C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!IsDialogMessage 75782019 5 Bytes JMP 6DBBE3D6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!DialogBoxParamW 75783B9B 5 Bytes JMP 6D9B7F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!CreateDialogIndirectParamA 7578721D 5 Bytes JMP 6DBBEC0A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!CreateDialogIndirectParamW 7578EA10 5 Bytes JMP 6DBBEC41 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!DialogBoxIndirectParamW 75793B7F 5 Bytes JMP 6DBBDF28 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!EndDialog 75793BA3 5 Bytes JMP 6D9AAFEC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!CreateDialogParamW 75795630 5 Bytes JMP 6DBBEBD3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!SetKeyboardState 7579695A 5 Bytes JMP 6DBBE73B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!SendInput 75797019 5 Bytes JMP 6DBBF360 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!SetCursorPos 757AC1B0 5 Bytes JMP 6DBBF3B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!DialogBoxParamA 757ACF42 5 Bytes JMP 6DBBDEC5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!DialogBoxIndirectParamA 757AD274 5 Bytes JMP 6DBBDF8B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!MessageBoxIndirectA 757BE869 5 Bytes JMP 6DBBDE5A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!MessageBoxIndirectW 757BE963 5 Bytes JMP 6DBBDDEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!MessageBoxExA 757BE9C9 5 Bytes JMP 6DBBDD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!MessageBoxExW 757BE9ED 5 Bytes JMP 6DBBDD2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] USER32.dll!keybd_event 757BEC3B 5 Bytes JMP 6DBBF6EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] SHELL32.dll!RealDriveType + 173D 7670FDD0 4 Bytes [A5, 35, 11, 68]
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] SHELL32.dll!RealDriveType + 1745 7670FDD8 8 Bytes [F3, 34, 11, 68, 17, 73, 10, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] ole32.dll!OleLoadFromStream 758D6143 5 Bytes JMP 6DBBE27B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8004] ole32.dll!CoCreateInstance 75919D0B 5 Bytes JMP 6DA83422 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
Reply With Quote
  #17  
Old December 21st, 2011, 06:54 PM
XKOOTX XKOOTX is offline
Member
 
Join Date: Apr 2004
O/S: Windows 7 64-bit
Posts: 45
Sorry Jintan but I have to redo the GMER log.
Jim
Reply With Quote
  #18  
Old December 21st, 2011, 08:18 PM
XKOOTX XKOOTX is offline
Member
 
Join Date: Apr 2004
O/S: Windows 7 64-bit
Posts: 45
Gmer 1

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-21 14:12:47
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DK02
Running: h81cww1n.exe; Driver: C:\Users\Jim\AppData\Local\Temp\kxtdypow.sys

---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x91F5228A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x91F6C342]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x91F6C678]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x91F6C9EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x91F52D04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x91F6C02A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x91F53276]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x91F53164]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x91F6C4E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x91F52046]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x91F5338E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x91F528BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x91F52A2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x91F534A6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x91F6C5B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x91F5374E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x91F52D46]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x91F54750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x91F53840]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x91F53DAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwNotifyChangeKey [0x91F6A840]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x91F53308]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x91F531F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x91F524C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x91F53B90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x91F53420]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x91F523B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x91F5355C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryObject [0x91F6AA38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x91F540D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x91F539E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x91F6C7DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x91F6C72A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x91F6C848]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x91F545F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x91F6C1B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x91F52BA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x91F535FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x91F54222]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x91F54316]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x91F54450]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x91F53670]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x91F52664]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x91F525BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x91F53F8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x91F52750]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13D1 82E83369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EBCD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82EC3D8C 4 Bytes [8A, 22, F5, 91] {MOV AH, [EDX]; CMC ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82EC3DB4 8 Bytes [42, C3, F6, 91, 78, C6, F6, ...] {INC EDX; RET ; NOT BYTE [ECX-0x6e093988]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 82EC3DF8 4 Bytes [EE, C9, F6, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 82EC3E24 4 Bytes [04, 2D, F5, 91] {ADD AL, 0x2d; CMC ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82EC3E48 4 Bytes [2A, C0, F6, 91]
.text ...
---- User code sections - GMER 1.0.15 ----
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] ntdll.dll!NtProtectVirtualMemory 77305F18 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] USER32.dll!NotifyWinEvent + 6AE 7577D66C 4 Bytes [E0, 13, 54, 67]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] ntdll.dll!NtProtectVirtualMemory 77305F18 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] USER32.dll!NotifyWinEvent + 6AE 7577D66C 4 Bytes [E0, 13, 54, 67]
Reply With Quote
  #19  
Old December 21st, 2011, 08:19 PM
XKOOTX XKOOTX is offline
Member
 
Join Date: Apr 2004
O/S: Windows 7 64-bit
Posts: 45
Gmer 2

---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF05F8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF0664
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF06D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF073C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 7DFF03DC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFE01C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFE01C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 7DFE01C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2016] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C
IAT C:\Windows\Explorer.EXE[2072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [741B2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74195600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741956BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [741B24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [741A8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741A4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [741A506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [741A5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [741A6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741A826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [741A87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [741A901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [741AE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2072] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741A4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE[2348] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7534FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE[2348] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7534FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE[2348] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7534FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE[2348] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7534FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE[2348] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7534FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE[2348] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7534FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Webroot\Washer\WasherSvc.exe[3716] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] [0008EDA8] C:\Program Files\Webroot\Washer\WasherSvc.exe (Window Washer Engine/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\Washer\WasherSvc.exe[3716] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0008EDA8] C:\Program Files\Webroot\Washer\WasherSvc.exe (Window Washer Engine/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\Washer\WasherSvc.exe[3716] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0008EFAC] C:\Program Files\Webroot\Washer\WasherSvc.exe (Window Washer Engine/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\Washer\WasherSvc.exe[3716] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!QueueUserWorkItem] [0008EFAC] C:\Program Files\Webroot\Washer\WasherSvc.exe (Window Washer Engine/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\Washer\WasherSvc.exe[3716] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread] [0008EDA8] C:\Program Files\Webroot\Washer\WasherSvc.exe (Window Washer Engine/Webroot Software, Inc.)
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF05F8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF0664
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF06D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF073C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 7DFF03DC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFE01C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFE01C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 7DFE01C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!HeapFree] 7DFF058C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE022C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] 7DFF0448
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7DFE0154
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7DFE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 7DFE007C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 7DFE00E8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4924] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
IAT C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[5096] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7534FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[5096] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7534FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[5096] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7534FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[5096] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7534FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[5096] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7534FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[5096] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7534FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
Reply With Quote
  #20  
Old December 21st, 2011, 08:21 PM
XKOOTX XKOOTX is offline
Member
 
Join Date: Apr 2004
O/S: Windows 7 64-bit
Posts: 45
GMER 3 last page

---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
Device \Driver\ACPI_HAL \Device\00000057 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
---- EOF - GMER 1.0.15 ----
Reply With Quote
  #21  
Old December 21st, 2011, 08:39 PM
XKOOTX XKOOTX is offline
Member
 
Join Date: Apr 2004
O/S: Windows 7 64-bit
Posts: 45
dpart

============================================
.
.
.
.
============================================
Checking Primary Partitions on Disks
============================================
This is all that comes up in the Notepad: final.txt when i run dpart.bat
Reply With Quote
  #22  
Old December 21st, 2011, 08:59 PM
XKOOTX XKOOTX is offline
Member
 
Join Date: Apr 2004
O/S: Windows 7 64-bit
Posts: 45
dpart

On computer: JIM-PC
Disk 0 is now the selected disk.
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 9 GB 1024 KB
Partition 2 Primary 95 GB 9 GB
Partition 3 Primary 81 GB 105 GB
Leaving DiskPart...
.
.
.
.
============================================
Checking Primary Partitions on Disks
============================================
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: JIM-PC
Disk 0 is now the selected disk.
Partition 2 is now the selected partition.
Partition 2
Type : 07
Hidden: No
Active: Yes
Offset in Bytes: 10486808576
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C ACER NTFS Partition 95 GB Healthy System
Partition 3 is now the selected partition.
Partition 3
Type : 07
Hidden: No
Active: No
Offset in Bytes: 112780640256
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 81 GB Healthy
Leaving DiskPart...
Reply With Quote
  #23  
Old December 22nd, 2011, 12:05 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Sure not looking like a malware problem. Check if security software is the issue.

At startup tap the F8 key about once per half-second, then select Safe Mode with Networking from the menu that will appear.

Then try System Restore. Please don't actually do a Restore, but see if you can now access it.
Reply With Quote
  #24  
Old December 22nd, 2011, 12:07 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
FYI - Safe Mode does eliminate many startups, including a good bit of security software startups.
Reply With Quote
  #25  
Old December 22nd, 2011, 02:42 AM
XKOOTX XKOOTX is offline
Member
 
Join Date: Apr 2004
O/S: Windows 7 64-bit
Posts: 45
Safe mode startup/network

Hello Jintan,
System restore was available & the two old(2009) points were gone. The oldest point now is from ComboFix that I ran on 19 Dec 2011.
I believe the problem has been resolved.

Jintan, Did you notice if anything else needed an adjustment? Like a MS Win 7 issue or a conflict caused by the upgrade from Vista that was done 2009?
Otherwise I will run with what I have.

I have a question about my HD. It is partitioned C & D. Before January 2011 when I restored a backup, it contained a hidden restore and a PQ Service area. I seemed to have lost that (not concerned) and I have a duplicate on some of the Windows systems as well as some other items. I’m concerned that those items in D drive may be slowing the computer and when I do my Acronis True image Backup, I may be carrying those problems forward into the backup. Since I’m no longer relying on the D drive for a restore partition, would it be safe to format the D drive?
Once again, Thanks.
Jim
Reply With Quote
  #26  
Old December 22nd, 2011, 02:48 AM
XKOOTX XKOOTX is offline
Member
 
Join Date: Apr 2004
O/S: Windows 7 64-bit
Posts: 45
Downloaded fixes

Jintan, Would it be safe to remove the downloads that were used to trouble shoot my computer problems? I have one file named Qoobx that contains some quarintined items. That file was one of the 1st that showed up. I believe it came from the ComboFix.
Jim
Reply With Quote
  #27  
Old December 22nd, 2011, 02:59 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
We will close out our work here with cleaning up what our work added to your system. Please check here (scroll down half-page - Elisabeth Gordo's comment) and here for some other indications Kaspersky apparently is blocking, or deleting, Restore points. Looks like they do have a problem. I would suggest you contact them (usually the program itself has a means for that) to see what they say about it.

Seems you could just use some third party drive management software and lose that partition, and then just expand an existing partition to absorb the drive space, but best to ask the CTH Hardware forum folks before doing that.

I don't have a solution to this Kaspersky System Restore issue, so if you plan to keep it, hopefully, they do. Before I suggest opening that CTH Hardware thread on this partition issue, anything else I can assist with before we just do that clean-up?
Reply With Quote
  #28  
Old December 22nd, 2011, 03:09 AM
XKOOTX XKOOTX is offline
Member
 
Join Date: Apr 2004
O/S: Windows 7 64-bit
Posts: 45
Closeout

Thanks Jintan. I will follow up on the Kaspersky problem.
Jim
Reply With Quote
  #29  
Old December 22nd, 2011, 03:11 AM
XKOOTX XKOOTX is offline
Member
 
Join Date: Apr 2004
O/S: Windows 7 64-bit
Posts: 45
Cleanup

Jintan,
I'm good to go and ready to clean-up.
Thanks,
Jim
Reply With Quote
  #30  
Old December 22nd, 2011, 03:45 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
then we will wrap things up here, I do suggest you do post here at the CTH Hardware forum on that partition issue - just to have it down pat before you make any changes you can't undo.

I normally at this time discuss Java updating, as it's software constantly needs up dating due to malware-vulnerable areas. But also note you don't seem to have any installed. Have you noticed any web pages suggesting you need that? And Java's (now Oracle) Reader, for .pdf files, You have a program that reads them already?
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
malware problem poorcomputerboy Malware Removal 18 October 10th, 2011 03:40 AM
Malware Problem Barr Malware Removal 8 August 6th, 2010 06:46 AM
malware problem rvasicek Malware Removal 13 July 18th, 2008 10:39 PM
malware problem segengland Malware Removal 1 February 26th, 2008 09:52 PM
Malware problem shakedownst41 Malware Removal 16 August 23rd, 2007 06:16 PM


All times are GMT +1. The time now is 07:00 AM.