GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-05-30 11:30:10 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD642JJ rev.1AA01112 Running: gmer.exe; Driver: C:\Users\JARAS\AppData\Local\Temp\kwroyfod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8B6C4BD0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8B6C652C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8B6C6782] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8B6C69FC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8B6C5450] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8B6C5B32] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8B6C5F3C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8B6C55F8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8B6C5E14] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8B6C47D6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8B6C5CD0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8B6C4992] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8B6C606E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x8B6C7CB0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8B6C50EE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8B6C51EE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8B6C5D72] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8B6C76A2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8B6C8672] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8B6C5752] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8B6C7734] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8B6C7D64] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8B6C5FDE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8B6C54D2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8B6C5EAC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8B6C4DD6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8B6C7CDA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8B6C6110] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8B6C4CFA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8B6C6C3E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8B6C807C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8B6C79CA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8B6C649A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8B6C6360] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8B6C7442] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8B6C8554] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8B6C586C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8B6C530C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8B6C6CF2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8B6C782E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8B6C81BC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8B6C82A0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8B6C83C8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8B6C75CE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8B6C4F4E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8B6C4EA4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8B6C7F32] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8B6C502E] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C55599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C79F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 220 82C81730 4 Bytes [D0, 4B, 6C, 8B] .text ntkrnlpa.exe!RtlSidHashLookup + 248 82C81758 8 Bytes [2C, 65, 6C, 8B, 82, 67, 6C, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 28C 82C8179C 4 Bytes [FC, 69, 6C, 8B] .text ntkrnlpa.exe!RtlSidHashLookup + 2B8 82C817C8 4 Bytes [50, 54, 6C, 8B] .text ntkrnlpa.exe!RtlSidHashLookup + 2DC 82C817EC 4 Bytes [32, 5B, 6C, 8B] .text ... ? System32\Drivers\spfi.sys System nie może odnaleźć określonej ścieżki. ! PAGE ataport.SYS!DllUnload + 1 8B027AD7 4 Bytes JMP 853781D9 .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91615000, 0x31BA76, 0xE8000020] .text USBPORT.SYS!DllUnload 934B9CA0 5 Bytes JMP 865D54E0 .text a306yb76.SYS 93505000 12 Bytes [44, 78, 02, 83, EE, 76, 02, ...] {INC ESP; JS 0x5; SUB ESI, 0x76; ADD AL, [EBX-0x7cfda860]} .text a306yb76.SYS 9350500D 9 Bytes [57, 02, 83, 48, 7B, 02, 83, ...] {PUSH EDI; ADD AL, [EBX-0x7cfd84b8]; ADD [EAX], AL} .text a306yb76.SYS 93505017 170 Bytes [00, DE, 97, F0, 8A, E6, 95, ...] .text a306yb76.SYS 935050C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL} .text a306yb76.SYS 935050CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL} .text ... ---- User code sections - GMER 1.0.15 ---- .text F:\programy\Mozilla Firefox\firefox.exe[756] ntdll.dll!LdrLoadDll 7746F585 5 Bytes JMP 01281410 F:\programy\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch; ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] USER32.dll!NotifyWinEvent + 48B 75A1F724 4 Bytes [70, 11, 33, 6D] ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch; ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] USER32.dll!NotifyWinEvent + 48B 75A1F724 4 Bytes [70, 11, 33, 6D] .text F:\programy\Mozilla Firefox\plugin-container.exe[4140] USER32.dll!SetWindowLongA 75A0B1E3 5 Bytes JMP 67528DD9 F:\programy\Mozilla Firefox\xul.dll (Mozilla Foundation) .text F:\programy\Mozilla Firefox\plugin-container.exe[4140] USER32.dll!SetWindowLongW 75A16614 5 Bytes JMP 67528D6B F:\programy\Mozilla Firefox\xul.dll (Mozilla Foundation) .text F:\programy\Mozilla Firefox\plugin-container.exe[4140] USER32.dll!GetWindowInfo 75A16A82 5 Bytes JMP 67357187 F:\programy\Mozilla Firefox\xul.dll (Mozilla Foundation) .text F:\programy\Mozilla Firefox\plugin-container.exe[4140] USER32.dll!TrackPopupMenu 75A34B3B 5 Bytes JMP 67357781 F:\programy\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8AE0D042] \SystemRoot\System32\Drivers\spfi.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8AE0D6D6] \SystemRoot\System32\Drivers\spfi.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8AE0D800] \SystemRoot\System32\Drivers\spfi.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8AE0D13E] \SystemRoot\System32\Drivers\spfi.sys IAT \SystemRoot\System32\Drivers\a306yb76.SYS[ataport.SYS!AtaPortNotification] 00147880 IAT \SystemRoot\System32\Drivers\a306yb76.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75 IAT \SystemRoot\System32\Drivers\a306yb76.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015 IAT \SystemRoot\System32\Drivers\a306yb76.SYS[ataport.SYS!AtaPortStallExecution] C25DC033 IAT \SystemRoot\System32\Drivers\a306yb76.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008 IAT \SystemRoot\System32\Drivers\a306yb76.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08 IAT \SystemRoot\System32\Drivers\a306yb76.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24 IAT \SystemRoot\System32\Drivers\a306yb76.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8 IAT \SystemRoot\System32\Drivers\a306yb76.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800 IAT \SystemRoot\System32\Drivers\a306yb76.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000 IAT \SystemRoot\System32\Drivers\a306yb76.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008 IAT \SystemRoot\System32\Drivers\a306yb76.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC IAT \SystemRoot\System32\Drivers\a306yb76.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC IAT \SystemRoot\System32\Drivers\a306yb76.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC IAT \SystemRoot\System32\Drivers\a306yb76.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55 IAT \SystemRoot\System32\Drivers\a306yb76.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B IAT \SystemRoot\System32\Drivers\a306yb76.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B IAT \SystemRoot\System32\Drivers\a306yb76.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A IAT \SystemRoot\System32\Drivers\a306yb76.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500 IAT \SystemRoot\System32\Drivers\a306yb76.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B IAT \SystemRoot\System32\Drivers\a306yb76.SYS[ataport.SYS!AtaPortInitialize] 157B805E IAT \SystemRoot\System32\Drivers\a306yb76.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500 IAT \SystemRoot\System32\Drivers\a306yb76.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 001F0240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 001F02B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 001F0320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 001F0390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 001F07F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 001F0860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 001F0B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 001F0B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 001F0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 001F0C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00B60DA0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 001F0CC0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00B60E10 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00B60E80 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 00B60EF0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B60F60 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 75D90860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 75D908D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 75D90940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 75D909B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 001F0D30 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 001F0DA0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 75D90A20 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 75D90A90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 75D90B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 75D90B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 75D90BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 75D90C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 77550940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 775509B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 77550A20 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 77550B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00B70400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00B70470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00B704E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00B70550 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00B705C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00B70630 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00B706A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 77550CC0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 00B70710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B70780 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 002006A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00B802B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00B80320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00B80390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00200710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 002007F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00B80400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00B80470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00B804E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00B80550 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00B805C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00B80630 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 00B806A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00B80710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B80780 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00200860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 002008D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00200940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00B80B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00B80BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 775502B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 77550320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 75D904E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 75D90390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 75D901D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 75D90320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 75D902B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 75D90240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 75D900F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryExA] 75D90320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 75D900F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 75D90240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 75D904E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread] 775501D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 75D90470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryW] 75D90400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!HeapFree] 775502B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 75D904E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryExW] 75D90390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 75D90240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryA] 75D902B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 75D900F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameW] 75D901D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1800] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameA] 75D90160 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 001F0240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 001F02B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 001F0320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 001F0390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 001F07F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 001F0860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 001F0B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 001F0B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 001F0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 001F0C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 01310DA0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 001F0CC0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 01310E10 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 01310E80 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 01310EF0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01310F60 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 75D90860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 75D908D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 75D90940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 75D909B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 001F0D30 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 001F0DA0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 75D90A20 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 75D90A90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 75D90B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 75D90B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 75D90BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 75D90C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 77550940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 775509B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 77550A20 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 77550B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 01320400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 01320470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 013204E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 01320550 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 013205C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 01320630 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 013206A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 77550CC0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 01320710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01320780 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 002006A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 013302B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 01330320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 01330390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00200710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 002007F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 01330400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 01330470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 013304E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 01330550 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 013305C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 01330630 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 013306A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 01330710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01330780 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00200860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 002008D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00200940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 01330B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2020] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 01330BE0 IAT C:\Windows\Explorer.EXE[2112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [740A2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74085624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740856E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [740A250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74098573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74094D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [740950CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [740951A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [740966D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [740982CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74098819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7409907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7409E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2112] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74094C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8537E1F8 Device \Driver\volmgr \Device\VolMgrControl 8537A1F8 Device \Driver\usbohci \Device\USBPDO-0 865D61F8 Device \Driver\usbohci \Device\USBPDO-1 865D61F8 Device \Driver\usbehci \Device\USBPDO-2 865FD1F8 Device \Driver\usbohci \Device\USBPDO-3 865D61F8 Device \Driver\usbohci \Device\USBPDO-4 865D61F8 AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) Device \Driver\usbehci \Device\USBPDO-5 865FD1F8 Device \Driver\usbohci \Device\USBPDO-6 865D61F8 Device \Driver\PCI_PNP5146 \Device\00000057 spfi.sys Device \Driver\volmgr \Device\HarddiskVolume1 8537A1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume2 8537A1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 863B61F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8537C1F8 Device \Driver\atapi \Device\Ide\IdePort0 8537C1F8 Device \Driver\atapi \Device\Ide\IdePort1 8537C1F8 Device \Driver\atapi \Device\Ide\IdePort2 8537C1F8 Device \Driver\atapi \Device\Ide\IdePort3 8537C1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-4 8537C1F8 Device \Driver\volmgr \Device\HarddiskVolume3 8537A1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom1 863B61F8 Device \Driver\volmgr \Device\HarddiskVolume4 8537A1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBT_Tcpip_{8838ED8F-8D7D-4F41-9F88-03E207984944} 864F7500 Device \Driver\volmgr \Device\HarddiskVolume5 8537A1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBt_Wins_Export 864F7500 Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) Device \Driver\sptd \Device\3604793147 spfi.sys Device \Driver\usbohci \Device\USBFDO-0 865D61F8 Device \Driver\usbohci \Device\USBFDO-1 865D61F8 Device \Driver\usbehci \Device\USBFDO-2 865FD1F8 Device \Driver\usbohci \Device\USBFDO-3 865D61F8 Device \Driver\usbohci \Device\USBFDO-4 865D61F8 Device \Driver\usbehci \Device\USBFDO-5 865FD1F8 Device \Driver\usbohci \Device\USBFDO-6 865D61F8 Device \Driver\a306yb76 \Device\Scsi\a306yb761 865FF1F8 Device \Driver\a306yb76 \Device\Scsi\a306yb761Port4Path0Target0Lun0 865FF1F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x50 0xF7 0xFD 0xB4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xED 0xEF 0x01 0x11 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBB 0x7C 0x4A 0xA3 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFD 0x84 0x54 0x18 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xED 0xEF 0x01 0x11 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBB 0x7C 0x4A 0xA3 ... ---- EOF - GMER 1.0.15 ----