Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

please help! Urgent

Started by problemboy , Dec 22 2010 05:59 PM

  • Please log in to reply

#1
problemboy
Posted 22 December 2010 - 05:59 PM

problemboy

    New Member

  • Member
  • Pip
  • 7 posts
hi guys, i need some help. lately my cpu has been going through the roof, making it impossible to go on the internet/play games. i think i may have a virus, this is my hijack this log, can anyone help please? If i don't have a virus, are there any suggestions to help get my cpu down? it's not that it's gone slightly up, but it's constantly at 100% when i play games/watch vids. my computer basically isn't runnable anymore.

Thanks alot

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:48:51, on 22/12/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...9&m=aspire_5536
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=ACAW&bmod=ACEU
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...9&m=aspire_5536
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...9&m=aspire_5536
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; eSobiSubscriber 2.0.4.16; .NET CLR 3.5.30729; .NET CLR 3.0.30729; FDM; .NET4.0C)" -"http://www.nationale...ign=Pure Brand"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://cache.systemr...sreqlab_srl.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {811576B0-FD69-4414-8C43-AB30546C102D} (SpeedDownAx Control) - http://down.speeddow...dDownAxProj.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail....NPUplden-gb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe

--
End of file - 6200 bytes
  • 0

Advertisements

#2
kahdah
Posted 29 December 2010 - 06:32 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello problemboy

Welcome to Geekstogo.
=====================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#3
problemboy
Posted 29 December 2010 - 10:43 AM

problemboy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
thanks kardah,

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-29 16:33:36
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9A300 rev.PB4OC60F
Running: download[1].exe; Driver: C:\Users\Dom\AppData\Local\Temp\kxrdapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8B18ADAA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8B18CFE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8B18D262]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8B18D4D8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8B18B6BE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8B18C4F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8B18CA3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8B18B99A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8B18C922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8B18A998]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8B18C7F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8B18AB40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8B18CB5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8B18B344]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8B18B442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x8B18D722]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8B18C88C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8B18E24A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x8B18BE1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8B18F458]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8B18BC2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8B18E33C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8B18EAA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8B18CAD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8B18B740]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8B18C9B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8B18AFE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8B18E83E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8B18CBF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8B18AED8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8B18D7DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8B18EDDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8B18E6D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplaceKey [0x8B189652]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8B18CF56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8B18CE1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8B18DFE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRestoreKey [0x8B1899CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8B18F2FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKey [0x8B1895EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8B18C238]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8B18B560]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8B18D87E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8B18E4DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8B18EF2E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8B18F020]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8B18F15A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8B18E16E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8B18B18E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8B18B0E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8B18EC82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8B18B27A]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8285A579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8287EF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 220 82886720 4 Bytes [AA, AD, 18, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 248 82886748 8 Bytes CALL E513801C
.text ntkrnlpa.exe!RtlSidHashLookup + 28C 8288678C 4 Bytes [D8, D4, 18, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 2B8 828867B8 4 Bytes [BE, B6, 18, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 828867DC 4 Bytes [F2, C4, 18, 8B]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91015000, 0x2D5378, 0xE8000020]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 98CA2000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 98CA2123 486 Bytes [D5, C9, 98, FE, 05, 34, D5, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 529A 98CA230A 142 Bytes [C9, 98, 3B, 08, 77, 04, 3B, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 98CA2399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 98CA23FF 66 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] USER32.dll!NotifyWinEvent + 48B 75EDF724 4 Bytes [E0, 13, 48, 6C] {LOOPNZ 0x15; DEC EAX; INSB }
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] USER32.dll!NotifyWinEvent + 48B 75EDF724 4 Bytes [E0, 13, 48, 6C] {LOOPNZ 0x15; DEC EAX; INSB }

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00340240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 003402B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00340320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00340390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 778307F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 77830860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 778309B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 012E0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 77830A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 012E0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 012E0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 012E0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 77830A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 77830B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 00350160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 003501D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 00350240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00350320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 761507F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 76150860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 761508D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 003504E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 76150940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 761509B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 00350B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 00350B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00350BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00350C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 76150E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 00350CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 76150E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 76150EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 76150F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 012F0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00350D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00350DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 012F0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 012F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 012F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 012F01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 012601D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 012602B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 01810400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 01810470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 018104E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 01810550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 018105C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01810630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 012608D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 01260940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 012609B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1524] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 01260A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00590240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 005902B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00590320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00590390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 778307F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 77830860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 778309B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 00C70B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 77830A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C70BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 00C70C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 00C70CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 77830A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 77830B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 005A0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 005A01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 005A0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 005A0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 761507F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 76150860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 761508D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 005A04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 76150940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 761509B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 005A0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 005A0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 005A0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 005A0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 76150E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 005A0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 76150E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 76150EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 76150F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 00C80010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 005A0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 005A0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C80080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 00C800F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 00C80160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 00C801D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 005C01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 005C02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 00C90400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 00C90470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00C904E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00C90550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00C905C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C90630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 005C08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 005C0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 005C09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[2800] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 005C0A20

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----




when i run OTL it scans for a while and then comes up with an error message:

'access violation at adress 00546704 in module 'OTL.exe'. Read of address 00000000'

any ideas?

thanks
  • 0

#4
kahdah
Posted 29 December 2010 - 11:31 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok disregard OTL and do the following:
Please download DDS and save it to your desktop.
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open as well as attach.txt.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt
attach.txt
  • 0

#5
problemboy
Posted 30 December 2010 - 04:23 AM

problemboy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 28/12/2010 18:14:52
System Uptime: 30/12/2010 03:33:58 (7 hours ago)

Motherboard: Acer | | JV50PU
Processor: AMD Turion™ X2 Dual-Core Mobile RM-74 | Socket S1G2 | 2200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 456 GiB total, 371.889 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 28/12/2010 18:19:47 - Windows Update
RP2: 28/12/2010 18:24:31 - Installed Java™ 6 Update 23
RP3: 28/12/2010 18:32:00 - Windows Update
RP4: 28/12/2010 19:08:06 - Installed Kaspersky Anti-Virus 2011.
RP5: 29/12/2010 14:00:59 - Installed Microsoft Office Word Viewer 2003
RP6: 29/12/2010 14:16:45 - Installed Adobe Reader X.
RP7: 30/12/2010 03:00:15 - Windows Update
RP8: 30/12/2010 08:25:26 - Windows Update

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X
Google Toolbar for Internet Explorer
Google Update Helper
Java Auto Updater
Java™ 6 Update 23
Kaspersky Anti-Virus 2011
Microsoft Office Word Viewer 2003

==== Event Viewer Messages From Past Week ========

30/12/2010 03:34:47, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
30/12/2010 03:34:47, Error: atikmdag [43029] - Display is not active
28/12/2010 13:54:30, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: The system cannot find the file specified.

==== End Of File ===========================


DDS.txt




DDS (Ver_10-12-12.02) - NTFSx86
Run by Dom at 10:19:03.31 on 30/12/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.2942.1539 [GMT 0:00]

AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\javaw.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YSNF08P3\dds[1].scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [BrowserChoice] "c:\windows\system32\browserchoice.exe" /run
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll

============= SERVICES / DRIVERS ===============

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe [2010-11-2 365336]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-29 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-30 1343400]

=============== Created Last 30 ================

2010-12-30 08:26:00 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2010-12-30 08:25:55 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{23623597-4065-4a21-96a0-3c06ccdc862b}\mpengine.dll
2010-12-30 03:32:57 -------- d-----w- c:\windows\system32\Wat
2010-12-30 03:15:26 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-12-30 03:13:33 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-12-30 03:13:33 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-12-30 03:13:33 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-12-30 03:13:33 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-12-30 03:13:33 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-12-30 03:02:57 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-12-30 03:01:52 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-12-30 03:01:52 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-12-29 14:16:19 -------- d-----w- c:\users\dom\appdata\local\Adobe
2010-12-29 14:15:24 -------- d-----w- c:\users\dom\appdata\local\Google
2010-12-29 14:00:49 -------- d-----w- c:\program files\MSECache
2010-12-29 03:12:47 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-12-29 03:12:47 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-12-29 03:12:42 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-12-29 03:12:32 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-12-29 03:12:30 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-12-29 03:12:10 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-12-29 03:12:10 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-12-29 03:12:06 516096 ----a-w- c:\program files\windows mail\wab.exe
2010-12-29 03:12:04 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-12-29 03:12:01 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-12-29 03:12:01 2614272 ----a-w- c:\windows\explorer.exe
2010-12-29 03:10:55 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-12-29 03:09:59 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-12-29 03:08:59 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-28 21:49:09 0 ----a-w- c:\windows\ativpsrm.bin
2010-12-28 21:45:02 -------- d-----w- c:\windows\Panther
2010-12-28 19:11:02 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2010-12-28 19:11:02 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2010-12-28 19:08:50 -------- d-----w- c:\program files\Kaspersky Lab
2010-12-28 19:08:50 -------- d-----w- c:\progra~2\Kaspersky Lab
2010-12-28 19:06:43 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files
2010-12-28 18:32:32 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 18:25:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-28 18:24:27 -------- d-sh--w- c:\windows\Installer
2010-12-28 18:19:24 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-12-28 18:19:17 132608 ----a-w- c:\windows\system32\cabview.dll
2010-12-28 18:13:12 -------- d-sh--w- C:\Recovery
2010-12-28 18:12:06 -------- d-----w- c:\windows\system32\wbem\Performance
2010-12-28 13:31:44 -------- d-----w- C:\inetpub
2010-12-27 23:18:51 -------- d-----w- C:\Temp
2010-11-30 22:20:17 -------- d-----w- C:\CSTEMP

==================== Find3M ====================

2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-20 03:00:24 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll
2010-10-05 20:27:04 228024 ----a-w- c:\windows\system32\klogon.dll

============= FINISH: 10:19:53.93 ===============











Thanks kardah, hope you can help with this info
  • 0

#6
kahdah
Posted 30 December 2010 - 05:11 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP