Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rootkit Detection Problem [Solved]

Started by Jerry23 , Nov 19 2009 01:07 PM

  • This topic is locked This topic is locked

#16
emeraldnzl
Posted 28 November 2009 - 09:05 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Jerry23,

I am not sure that ComboFix dealt with that. I wonder if you can bear with me and run a couple of tools to tell me whether we have fixed it, or if it was just a harmless Emulation Driver or if it was a baddy that is still there.

Now

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Next

Please run GMER again and post the results back here.
  • 0

Advertisements

#17
Jerry23
Posted 28 November 2009 - 11:50 PM

Jerry23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
OK Emerald,

Here it is. I still have dis-abled drivers.

I am really impressed with how well you know this "stuff", & what to do & why! I am blindly following directions here. Thanks for all your hard work today.

Hope it worked. :)

Regards,

Jerry


GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-29 00:44:41
Windows 5.1.2600 Service Pack 2
Running: 73goeb42.exe; Driver: C:\DOCUME~1\JERRY\LOCALS~1\Temp\kfayrfob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xF2CA758C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xF2CA7E0C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xF2CA8922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xF2CA8E94]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xF2CA80EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xF2CA6436]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xF2CA8D6C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xF2CA7192]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xF2CA8C28]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xF2CA734E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xF2CA8FC6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xF2CAAC08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xF2CA7AAA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xF2CA8CCA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xF2CAA5FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xF2CA69FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xF2CA6D88]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xF2CA8576]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xF2CAB5CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xF2CA6ECA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xF2CA6F74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xF2CA8382]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xF2CAA68C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xF2CA6412]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xF2CA6424]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xF2CAACBC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xF2CA70C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xF2CA8F36]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xF2CA7E8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xF2CA65DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xF2CA8E04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xF2CA7792]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xF2CAAC32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xF2CA9068]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xF2CA76B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xF2CA701E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xF2CA6C46]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xF2CAAFD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xF2CA6896]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xF2CAA922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xF2CA6B0E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xF2CA62B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xF2CA93F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xF2CA92B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xF2CAA39A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xF2CADE2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xF2CAB4AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xF2CA6248]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xF2CA865C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xF2CA7CC8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xF2CA9C4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xF2CAA786]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xF2CAB114]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xF2CA671E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xF2CAB1F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xF2CAB320]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xF2CAA526]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xF2CA790A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xF2CA7860]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xF2CAAE8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xF2CA79EA]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9E14 5 Bytes JMP F2C9C4DC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE54E 5 Bytes JMP F2C9C8B6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 23F4 805010F8 16 Bytes [4E, 73, CA, F2, C6, 8F, CA, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 24B0 805011B4 12 Bytes [8C, A6, CA, F2, 12, 64, CA, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 262C 80501330 9 Bytes [0E, 6B, CA, F2, B0, 62, CA, ...] {PUSH CS; IMUL ECX, EDX, 0xf2; MOV AL, 0x62; RETF 0xf2f2}
.text ntkrnlpa.exe!ZwCallbackReturn + 2636 8050133A 6 Bytes [CA, F2, B8, 92, CA, F2]
.text ntkrnlpa.exe!ZwCallbackReturn + 2720 80501424 12 Bytes [F8, B1, CA, F2, 20, B3, CA, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] USER32.dll!VRipOutput + FFFA5010 77D42A78 4 Bytes [70, 11, 33, 6D]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] USER32.dll!VRipOutput + FFFA5010 77D42A78 4 Bytes [70, 11, 33, 6D]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00360240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 003602B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 00360320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00360390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 00360550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 003605C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 00940860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 009408D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 003606A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 00940940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 009409B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00940A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00940A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 00360780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 003607F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 00360860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 003608D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 00360940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00940B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00940B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00940BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 003609B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00940C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00940CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00940D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00940DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00940E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] 00360B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00360B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00360BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00360C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00940E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 00360CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00940EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!VirtualFree] 00360E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00940F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 7D1E0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1E05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7D1E0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 7D1E06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7D1E0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1E0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00360F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7C9B0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1E07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 7D1E0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 7D1E08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7D1E0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7D1E09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 7D1E0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7D1E0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00950010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00950080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 009500F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00950160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 009501D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 00950240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 009502B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7C9B08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 7C9B0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 7C9B09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7C9B0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 00950320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7C9B0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 7C9B0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 7C9B0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7C9B0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00950470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 009504E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00950550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 009505C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00950630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 009506A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00950710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7C9B0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00950780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 009507F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] 00950860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 009508D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00950940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 009509B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 00950A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00950A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00950B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 00950B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 00950BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00950C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00370010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 00370080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00950CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00950D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00950DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00370160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00950E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00950E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00950EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00950F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 00960010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00370390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00960080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 009600F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 00960160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 00370400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 009601D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 009609B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 00960A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 00960A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 00960B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 00960B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 00970160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 009701D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 00970240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 009702B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 009706A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 00970710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] 00970780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 009707F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 00970860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 009708D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 00970940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 009709B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[580] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00970A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00360240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 003602B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 00360320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00360390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 00360550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 003605C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 00B20860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 00B208D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 003606A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 00B20940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00B209B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00B20A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B20A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 00360780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 003607F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 00360860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 003608D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 00360940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00B20B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00B20B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00B20BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 003609B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B20C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00B20CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00B20D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00B20DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00B20E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] 00360B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00360B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00360BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00360C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00B20E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 00360CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00B20EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!VirtualFree] 00360E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00B20F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 7D1E0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1E05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7D1E0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 7D1E06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7D1E0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1E0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00360F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7C9B0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1E07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 7D1E0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 7D1E08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7D1E0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7D1E09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 7D1E0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7D1E0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B30010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00B30080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00B300F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00B30160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 00B301D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 00B30240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 00B302B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7C9B08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 7C9B0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 7C9B09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7C9B0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 00B30320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7C9B0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 7C9B0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 7C9B0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7C9B0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00B30470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B304E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00B30550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 00B305C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00B30630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00B306A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00B30710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7C9B0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00B30780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00B307F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] 00B30860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B308D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00B30940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00B309B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 00B30A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00B30A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00B30B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 00B30B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 00B30BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00B30C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00370010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 00370080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00B30CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00B30D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00B30DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00370160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00B30E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00B30E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00B30EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00B30F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 00B40010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00370390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00B40080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00B400F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 00B40160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 00370400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B401D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B409B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 00B40A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 00B40A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 00B40B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 00B40B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 00B50470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 00B504E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 00B50550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 00B505C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 00B509B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 00B50A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] 00B50A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 00B50B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 00B50B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 00B50BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 00B50C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 00B50CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B50D30

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\ALSZUPWU\goldresourcecorp.com.\presentation\company.bd.ren 0 bytes
File C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\ALSZUPWU\goldresourcecorp.com.\presentation\company.bd.ren\player.bd.ren 0 bytes
File C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\ALSZUPWU\goldresourcecorp.com.\presentation\company.bd.ren\player.bd.ren\playershell.swf.bd.ren 0 bytes
File C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\ALSZUPWU\goldresourcecorp.com.\presentation\company.bd.ren\player.bd.ren\playershell.swf.bd.ren\asTUQLRiYlqk7PC.sol.bd.ren 1999 bytes

---- EOF - GMER 1.0.15 ----

Edited by Jerry23, 28 November 2009 - 11:54 PM.

  • 0

#18
emeraldnzl
Posted 29 November 2009 - 05:07 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Jerry23,

I think that is fine.

I got thrown by this:

Running: 73goeb42.exe; Driver


Thought it was bad but I think that is where GMER itself is running from.

It usually has this in the line:

Running: gmer.exe


Now

Here is a link that might help with your user accounts problem.

http://support.micro...com/kb/q279783/

Next

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

After that

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Finally in this post

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
So when you return please post
  • MBAM log
  • ESet scan results
  • tell me how you went with the User Accounts problem
  • and tell me how your machine is now
  • 0

#19
Jerry23
Posted 29 November 2009 - 07:06 PM

Jerry23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hi Emerald,

[1] As I recall from the gmer dl, I believe the odd name for GMER file was due to assigning random names to the dl. Otherwise the malware sometimes prohibits the dl.

[2] The link you gave me to the MSFT procedure on User Accnts, told me to do the same thing as I did before - and I got the same results. When I hilite the second user named Jerry, and click on delete annct tab, my computer hangs up[hourglass]. When I bring up the task mgr, it shows computer usage of 97-100%. When I click X on User accnts window, I get: End Program - mshta.exe - This prog is not responding - End now - It ends.

Could this be tied into this note in the msft procedure? "Note: You can not delete the account for a user that is currently logged on to the computer."

I believe, With 2 users with identical names, there really is only 1 JERRY account - with 2 paths to get there. This problem first showed up right after I did a system repair procedure on 11/11/09. My recollection is kinda muddled on this, but I made a note that I "wrote a new Boot Sector" somewhere in that process. Could this be why I am seeing 2 log in locations for user JERRY ?

[3] I had a problem with Defogger. I ran it as you said. It seemed to run OK. Instead of it asking me to reboot, it brought up a screen a second time, giving me the choice of disable or reenable. I hit reenable again. That is when I got the ERROR report. I rebooted. My cd does not respond to cd's I insert. I tried to run it again - got the ERROR report again. Here they are.

defogger_enable by jpshortstuff (28.11.09.2)
Log created at 18:50 on 29/11/2009 (JERRY)

Parsing file...


-=E.O.F=-

defogger_enable by jpshortstuff (28.11.09.2)
Log created at 18:50 on 29/11/2009 (JERRY)

Parsing file...


-=E.O.F=-

OK -- I found a 3rd ERROR report. This is getting a little foggy - but I believe - YESTERDAY - I got the disable/ reenable screen to come up a second time also as I was disabling my cd emulator drives. I hit it & got the ERROR msg. I did not think much of it, since it seemed to run OK the first time. Therefore I did not think to post. I did not get the request to reboot yesterday either - but I did reboot. Here is the ERROR report from yesterday.

defogger_disable by jpshortstuff (28.11.09.2)
Log created at 23:10 on 28/11/2009 (JERRY)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

[4] I already ran ESET online scanner [before you got involved] as part of the process to start this thread [to go thru the procedures in the Malware and Spyware Cleaning Guide]. Here is the results I posted earlier [11/20/09].

>>>>
*** ESET - This took a very long time to run -- 5 hr 39 minutes with low level DSL - ATT. 1 threat found & cleaned. It said the threat was probably an unknown NewHeur_PE virus. Action - Quarantined.
Note: The file it quarantined is from a program called Magnibar. I Dl it over 2 years ago & haven't used it in over 2 years. I really doubt that this file could be causing my recent problems.
<<<<

If you would like, I will run this again. Just thought I would let you know it has been run already - & what the results were before , before running it again.


I have not had time to run Malwarebytes or ESET yet. I will run both unless I hear back from you otherwise.

Thanks again Emerald.

Regards,

Jerry

Edited by Jerry23, 29 November 2009 - 07:09 PM.

  • 0

#20
Jerry23
Posted 29 November 2009 - 07:49 PM

Jerry23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Here is Malwarebytes. I very seldom get anything from running this or Kapersky.

I will let ESET run overnight.

Regards,

Jerry

Malwarebytes' Anti-Malware 1.41
Database version: 3259
Windows 5.1.2600 Service Pack 2

11/29/2009 8:44:53 PM
mbam-log-2009-11-29 (20-44-53).txt

Scan type: Quick Scan
Objects scanned: 110927
Time elapsed: 10 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#21
emeraldnzl
Posted 29 November 2009 - 08:08 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

[1] As I recall from the gmer dl, I believe the odd name for GMER file was due to assigning random names to the dl. Otherwise the malware sometimes prohibits the dl.


Yes, that's right. Just hadn't seen it like that.

[2] The link you gave me to the MSFT procedure on User Accnts, told me to do the same thing as I did before - and I got the same results. When I hilite the second user named Jerry, and click on delete annct tab, my computer hangs up[hourglass]. When I bring up the task mgr, it shows computer usage of 97-100%. When I click X on User accnts window, I get: End Program - mshta.exe - This prog is not responding - End now - It ends.

Could this be tied into this note in the msft procedure? "Note: You can not delete the account for a user that is currently logged on to the computer."


Could be. I thought it worth another try though in case it only applied to the current user. In other words even though they are the same name you might only be logged on under one so to speak.

I believe, With 2 users with identical names, there really is only 1 JERRY account - with 2 paths to get there.


Again, if this is the case you will need help from someone with the right knowledge.

It is something to take up with the techs in the XP Operating System Forum when you have finished here. :)

As far as Eset is concerned I think it would be good to run again. Just to check whether our actions so far have not got rid of everything.

Turning to the re-enabling of your Emulation drivers. I have referred to the developer of this tool and will get back to you as soon as I can.
  • 0

#22
Jerry23
Posted 30 November 2009 - 12:39 AM

Jerry23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hi Emerald,

I am glad you asked me to run ESET again. Something came up. There was 1 infected file & it was cleaned. Here is the results of the scan. It ran much faster this time -- 1 hr 31 min vs 5 hr 39 min the 1st time!!! Does that look a little odd to you??


C:\System Volume Information\_restore{572549A6-8F75-409A-9F9D-5F42D0605569}\RP14\A0013714.dll probably unknown NewHeur_PE virus deleted - quarantined

Is it OK if I try to run RootRepeal.exe?? -- to see if it will run now? I'm still concerned that I have not been able to run that program.

As far as how my computer is running:

I was on the web quite a bit today. It still seems slow. But I did not have any freezes or unusual activity. Let's wait a day or two to get a better read on this. It sometimes runs pretty well for while & then reverts to its wicked ways. I will get back to you on this.

When I rt click on a web pg, I should get print preview as an option - and the option to resize the page by x%. I still am not getting this - and this is important to me in a few things I do on a regular basis. There are a few more things I need to check out. But I am going to bed now.

Thanks again.

Regards,

Jerry
  • 0

#23
emeraldnzl
Posted 30 November 2009 - 01:23 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Does that look a little odd to you??


No that is normal.

The one found was in System Restore and wouldn't have been a problem unless you carried out Restore. In any event we will be dealing with that at the end when we clear away the tools we have been using.

Is it OK if I try to run RootRepeal.exe??


Yes if you like, I don't see a need. We did use GMER instead but I see no harm in running RootRepeal. In a way it will be interesting to see if it will run. Could be some conflict somewhere there.

When I rt click on a web pg, I should get print preview as an option - and the option to resize the page by x%. I still am not getting this - and this is important to me in a few things I do on a regular basis. There are a few more things I need to check out


You could try going to Repair/Reinstall IE, follow the instructions for your version of IE and see if that works.

Tell me how you get on.
  • 0

#24
Jerry23
Posted 30 November 2009 - 01:57 PM

Jerry23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hi Emerald,

Some good news & some bad news.

[a]THE GOOD NEWS - First - My Realtek AC97 Audio Controls are working - for the first time since 11/5/09. No more Err Msg when I click on the vol adjust in the sys tray. No more very loud sounds when I turn the computer on & off, & other sound events happen. No more initial loud volume when I start a video clip on IE. Thank you so much. :) :) :) :)

I don't know at what point in this process this happened. I haven't checked the volume control for a couple days. I believe part of the problem went away when we ran OTL.exe on 11/23/09. That is when the ACLXMNTR.exe error window stopped coming up each time I rebooted. But I still could not adjust the volume - got a SNDVOL.exe Err Msg when I tried. What do you suppose corrected that last Error?

[b] I have mentioned before that I seldom get anything showing up in the reports when I run either Kapersky Internet Security 2010 or Malwarebytes. And yet I seem to be getting problems associated with Malware. I run a full scan of Kap every day. I run MalB full scan about every 2-3 weeks.I am not convinced they are currently working properly. I found this in Device manager.

http://screencast.com/t/OTczZDYxZ

Three items have yellow warnings. Is this a problem? Is there any way to safely introduce controlled malware to my computer & see if my malware programs pick them up? What do you suggest along these lines?

[c] My screen capture program - JING - disappeared from view sometime in the last few days. I did an add/rem prog > change > repair on it & it is back. The only problem is, I have lost the history of the captures. Not a big deal - but there are a few captures I would have liked to keep. I have no idea at what point in this process this happened.

[d] THE BAD NEWS - I think - saved it for last.

I ran RootRepeal again & got the same freeze problem - the whole computer - not just the program. Had to Hard turn off the computer [hold in on/off button]. What I noticed this time, that I missed the other times, was that the program was in the "Hidden Services" Window when it froze. So I got the idea to run the program with just 3 boxes checked - leaving out the Hidden Services check. When I ran that config, it completed the scan. This concerns me, that there is still some Hidden Malware in my computer, waiting for an opportunity to strike again. And that I will be back here in a few days/weeks. I will post the report of that at the end of this post.

One other thing about the RootRepeal run - not sure if it is significant. The instructions say that after checking the 4 boxes & hitting OK, I should select all drives showing in the next dialog, then hit OK to start the scan. Well, I did not get the dialog to select all drives showing.

What do you think Emerald?

Regards,

Jerry


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/30 13:56
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_nvatabus.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_nvatabus.sys
Address: 0xEB08B000 Size: 81920 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF0574000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF0C7E000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304a58c

#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304ae0c

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304b922

#: 035 Function Name: NtCreateEvent
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304be94

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304b0ee

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf3049436

#: 043 Function Name: NtCreateMutant
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304bd6c

#: 044 Function Name: NtCreateNamedPipeFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304a192

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304bc28

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304a34e

#: 051 Function Name: NtCreateSemaphore
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304bfc6

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304dc08

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304aaaa

#: 056 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304bcca

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304d5fa

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf30499fa

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf3049d88

#: 066 Function Name: NtDeviceIoControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304b576

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304e5ca

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf3049eca

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf3049f74

#: 084 Function Name: NtFsControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304b382

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304d68c

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf3049412

#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf3049424

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304dcbc

#: 111 Function Name: NtNotifyChangeKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304a0c0

#: 114 Function Name: NtOpenEvent
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304bf36

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304ae8e

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf30495dc

#: 120 Function Name: NtOpenMutant
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304be04

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304a792

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304dc32

#: 126 Function Name: NtOpenSemaphore
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304c068

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304a6b6

#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304a01e

#: 161 Function Name: NtQueryMultipleValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf3049c46

#: 167 Function Name: NtQuerySection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304dfd4

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf3049896

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304d922

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf3049b0e

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf30492b0

#: 194 Function Name: NtReplyPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304c3f2

#: 195 Function Name: NtReplyWaitReceivePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304c2b8

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304d39a

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf3050e2c

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304e4ac

#: 207 Function Name: NtSaveKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf3049248

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304b65c

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304acc8

#: 230 Function Name: NtSetInformationToken
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304cc4a

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304d786

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304e114

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304971e

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304e1f8

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304e320

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304d526

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304a90a

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304a860

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304de8a

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf304a9ea

==EOF==
  • 0

#25
Jerry23
Posted 30 November 2009 - 02:15 PM

Jerry23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
OK, I wanted to try one other thing with RootRepeal.

I ran it with only one box checked -- Hidden services. Got the same computer freeze. It appears to scan for 15-20 secs before it freezes. Is there someway we could get a dump right after this happens to show what is causing it?

Regards,

Jher
  • 0

Advertisements

#26
emeraldnzl
Posted 30 November 2009 - 02:31 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

THE GOOD NEWS - First - My Realtek AC97 Audio Controls are working


Did you go and carry out IE Repair at the Microsoft page? If so my guess would be that that might have helped with this one. Otherwise it might have been an update that fixed some bug or corrupted file.

My screen capture program - JING - disappeared from view sometime in the last few days.


Don't know the answer to that. We have been using some pretty powerful tools. Possibly something happened there. Neither can I think of a way to restore the history.

Three items have yellow warnings.


Nothing to worry about I think. Just warning you that something it doesn't understand is there. In this case it is Kaspersky which is there doing its job.

I ran RootRepeal again & got the same freeze problem


Yes I did think this might happen. Could be some conflict with one of your programs, most likely an anti-malware program... not malware.

Turning to the Emulation Drivers.

Here is what we think is the position:

The machine has no CD Emulators installed.

Defogger did not ask you to reboot either time because it didn't find anything to disable.

Both the disable and enable reports are empty, because nothing was done either time.

You got an error when they hit Re-enable the second time because Defogger deletes its "Re-enable ToDoList" after a successful re-enabling.


I think your machine is clean. Unless you have any other issues we will go to clearing away the tools we have been using in my next post.
  • 0

#27
Jerry23
Posted 30 November 2009 - 02:56 PM

Jerry23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hi Emerald,

I did not run the IE repair. I wanted to wait for a couple days to see how my computer was running before I did that.

I do have an issue. My CD is no longer working. When I put a cd in & close it, it does nothing. In the past, when I put a cd in, I could hear it spin & it would start communicating with me. I tried 3 cd's & none of them did anything. I don't understand what it means when you say I have no cd emulators installed.

Regards,

Jerry
  • 0

#28
emeraldnzl
Posted 30 November 2009 - 03:09 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Jerry23,

Put a CD in your CD drive and then go to your desktop and double click on MY Computer > DVD (or CD) Drive. If your CD drive starts after a few seconds it just means that CD autoplay is disabled. I have mine that way as a security precaution but it is not the default position (well at least it didn't used to be).

If you find that that is the problem then doing the following should restore the autoplay.

How to enable autoplay of audio CDs & USB Drives.

Go to Start Menu \ Run and type in:

gpedit.msc

You will see the Group Policy window. You should select Administrative Templates \ System in the tree view:

Posted Image

You will see an item in the right side pane called “Turn off Autoplay”

Posted Image

Double click the item, and set the radio button to Disabled.

Posted Image

Thanks to How-To-Geek for this explanation.

Let me know how you get on.
  • 0

#29
Jerry23
Posted 30 November 2009 - 03:40 PM

Jerry23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hi Emerald,

Thanks for the help on this. Good news, Bad news again.

When I dbl click on My Prog > dvd/cd, it starts the cd.

When I type in gpedit.msc in Run, I get the Err Msg, it could not fint the file. Tried it 2x & double chk the spelling.

Regards

Jerry

P. S. I went to how to geek website, searched for cd autoplay - a page came up with several links. None of the links would work for me. When I clicked on them nothing happened. Do you have to register to get search info?

Edited by Jerry23, 30 November 2009 - 04:01 PM.

  • 0

#30
emeraldnzl
Posted 30 November 2009 - 04:22 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Jerry23,

I think your machine may have some corrupt system files.

If I were in your shoes I would update to SP3.

You will need to use Internet Explorer to download:

Please go to Windows updates

You may need to allow Microsoft to install an active x component to check your machine before it downloads. Let it do that.

Come back if you have any difficulties.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP