Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Cant remove Q-Word Search

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Cant remove Q-Word Search

Unread postby sarasara » December 11th, 2010, 6:45 pm

Hi Techs,
Most grateful if you could be kind enough to assist me :) after a long try.

These are the steps I have taken as outlined in the suggestions on this page:
(The last post from edlpirateradio (personal youtube channel) was mine.
A further step was a scan by malaware bytes).

http://www.google.com/support/forum/p/W ... 27bdd03fa0


LOGS:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:30:06, on 11/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 10.115.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1176277750
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} (Java Plug-in 1.6.0_19) -
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll, C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8547 bytes

UNINSTALL FILE:

Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Advertising Center
Any Video Converter 3.0.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Natural Voices Audrey v. 1.4
AV Voice Changer Software 7.0
AV Voice Changer Software DIAMOND 4.0
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
Bazooka Scanner
Bonjour
CCleaner
CrystalDiskInfo 3.8.0c
Dark Void Demo
DolbyFiles
Download Accelerator Plus (DAP)
Download Manager 2.3.10
Female Voice Pack
Foxit Reader
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
iTunes
Java(TM) 6 Update 22
Kaspersky Internet Security 2011
Kaspersky Internet Security 2011
Lexmark 640 Series
Mafia II - Demo
Malwarebytes' Anti-Malware
Max Payne
Menu Templates - Starter Kit
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Speech SDK 5.1
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Word 97
Mozilla Firefox (3.6.3)
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Pixie
Nero 9
Nero ControlCenter
Nero Installer
Nero Vision
NeroExpress
neroxml
NETGEAR WG111v2 wireless USB 2.0 adapter
NextUp-ScanSoft Moira Irish Voice
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
ProtectDisc Driver, Version 11
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Serif PagePlus SE 1.0
Spybot - Search & Destroy
Steam
TextAloud
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2291599)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Vegas Pro 10.0
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinRAR archiver
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm
Advertisement
Register to Remove

Re: Cant remove Q-Word Search

Unread postby MWR 3 day Mod » December 14th, 2010, 9:40 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Cant remove Q-Word Search

Unread postby deltalima » December 16th, 2010, 3:49 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Cant remove Q-Word Search

Unread postby deltalima » December 16th, 2010, 4:03 pm

Hi sarasara,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your malware issue.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Cant remove Q-Word Search

Unread postby sarasara » December 17th, 2010, 2:06 pm

Thank you very much :P
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm

Re: Cant remove Q-Word Search

Unread postby deltalima » December 17th, 2010, 3:41 pm

You're welcome.

Please post logs when ready.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Cant remove Q-Word Search

Unread postby sarasara » December 18th, 2010, 3:03 pm

deltalima wrote:You're welcome.

Please post logs when ready.
Thank you Deltalima,
I have posted the logs and the history of the case in the first link. Is there something else?
sara. :)
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm

Re: Cant remove Q-Word Search

Unread postby deltalima » December 18th, 2010, 3:05 pm

Please follow the instructions that I posted to run a scan with OTL and a scan with GMER and post the logs.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Cant remove Q-Word Search

Unread postby sarasara » December 18th, 2010, 4:18 pm

Hi Deltalmia,
I followed your instructions on both programmes. The first task completed successfully. Though when running GMER Rootkit Scanner the question "If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO." was not asked.
I was unable then to close OTL while running the GMER Rootkit Scanner. In any event while running GMER Rootkit Scanner the PC suddenly went to blue screen with the error message that it has closed down to protect the PC. I thought it better to inform you of this rather than start again. awaiting your advice,
Thank you,
sara.
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm

Re: Cant remove Q-Word Search

Unread postby deltalima » December 18th, 2010, 4:26 pm

The two logs from OTL should be on your desktop, if so please post them, if not then run OTL again and post the logs.

Next follow the instructions to run GMER in safe mode and then post the log if it works, if not let me know.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Cant remove Q-Word Search

Unread postby sarasara » December 20th, 2010, 12:06 pm

TOOK THREE POSTS TO FIT IT ALL IN :) thanks.

OTL logfile created on: 20/12/2010 16:01:04 - Run 2
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Documents and Settings\User\Desktop\hijack this
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 244.14 Gb Total Space | 191.28 Gb Free Space | 78.35% Space Free | Partition Type: NTFS
Drive D: | 221.61 Gb Total Space | 194.95 Gb Free Space | 87.97% Space Free | Partition Type: NTFS
Drive G: | 699.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 2.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARIA-PC3000 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User\Desktop\hijack this\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\DAP\DAP.exe (SpeedBit Ltd.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\CtHelper.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
PRC - C:\Program Files\Microsoft Office\Office\OSA.EXE ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\User\Desktop\hijack this\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (kl1) -- C:\WINDOWS\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab ZAO)
DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (VCSVADHWSer) Avnex Virtual Audio Device (WDM) -- C:\WINDOWS\system32\drivers\vcsvad.sys (Avnex)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\wg111v2.sys (NETGEAR Inc.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (sfsync03) StarForce Protection Synchronization Driver (version 3.x) -- C:\WINDOWS\System32\drivers\sfsync03.sys (Protection Technology)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (UsbFltr) -- C:\WINDOWS\system32\drivers\copperhd.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (Vcs) -- C:\WINDOWS\system32\drivers\Vcs.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-527237240-1614895754-1801674531-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-527237240-1614895754-1801674531-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-527237240-1614895754-1801674531-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-527237240-1614895754-1801674531-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 EC 86 52 3D 5E CB 01 [binary data]
IE - HKU\S-1-5-21-527237240-1614895754-1801674531-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-527237240-1614895754-1801674531-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {99a0337c-6303-4879-b72e-500fd9aaca8c}:1.0.8
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.4.0.1

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/27 23:02:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/18 21:46:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/18 21:46:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010/09/27 13:07:40 | 000,000,000 | ---D | M]

[2010/04/12 01:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2010/04/13 16:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\uh1w18zb.default\extensions
[2010/04/12 01:47:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\uh1w18zb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/16 09:23:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/28 16:53:47 | 000,000,000 | ---D | M] (TextAloud Firefox Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}
[2010/09/27 12:21:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/19 19:08:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/16 09:23:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/09/27 13:09:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010/09/27 13:09:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/13 16:15:58 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/04/01 16:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 16:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 16:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 16:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2001/08/23 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files\TextAloud\TAForIE.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-527237240-1614895754-1801674531-1001..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-527237240-1614895754-1801674531-1001..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-21-527237240-1614895754-1801674531-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527237240-1614895754-1801674531-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/ ... 10.115.cab (CDownloadCtrl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 1176277750 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/13 16:00:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/06/27 10:26:18 | 000,000,050 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/07/31 16:26:36 | 000,000,027 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/18 23:22:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2010/12/18 22:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\US2
[2010/12/18 22:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\Strategy First
[2010/12/18 22:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/18 22:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/18 21:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/12/18 19:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\GMER Rootkit Scanner
[2010/12/18 19:49:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\otl
[2010/12/18 19:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\hijack this
[2010/12/16 09:23:09 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/16 09:23:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/16 09:23:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/11 22:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/11 20:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2010/12/11 20:17:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/11 20:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/11 20:17:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/11 20:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/11 18:34:31 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/12/11 18:34:26 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/12/11 18:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Sunbelt Software
[2010/12/11 18:00:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/12/11 16:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\ProtectDisc Driver Installer
[2010/12/11 16:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\CAPCOM
[2010/12/06 13:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/12/06 13:17:50 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/12/06 13:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/12/02 11:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010/12/02 11:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2010/12/02 11:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\W3i
[2010/12/02 11:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\W3i
[2010/12/02 11:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Yahoo!
[2010/11/29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/11/27 23:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/11/27 23:01:51 | 000,199,904 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/11/27 23:01:00 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/11/27 23:01:00 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/11/27 23:00:54 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2010/11/27 21:35:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\eSellerate
[2010/11/27 21:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\2C09381C82B740BFAB17C805414BE85D
[2010/11/25 21:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/20 18:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AVS4YOU
[2010/11/20 18:48:10 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\libmfxhw32.dll
[2010/11/20 18:48:10 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\libmfxsw32.dll
[2010/11/20 18:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/11/20 18:48:02 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll
[2010/11/20 18:48:02 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010/11/20 18:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/11/20 18:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2006/12/12 09:47:24 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[5 C:\Documents and Settings\User\My Documents\*.tmp files -> C:\Documents and Settings\User\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/20 16:00:32 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3866EC9F-E3F4-48A5-8B98-F29D52B3E338}.job
[2010/12/20 16:00:28 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-1614895754-1801674531-1001.job
[2010/12/20 16:00:28 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-527237240-1614895754-1801674531-1001.job
[2010/12/20 15:55:43 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MalWare Removal • View topic - referred from malware forum.url
[2010/12/20 15:21:35 | 000,000,373 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - the who.url
[2010/12/20 14:40:41 | 004,935,680 | -H-- | M] () -- C:\ffastun0.ffx
[2010/12/20 14:40:41 | 000,376,832 | -H-- | M] () -- C:\ffastun.ffl
[2010/12/20 14:40:41 | 000,118,784 | -H-- | M] () -- C:\ffastun.ffo
[2010/12/20 14:40:41 | 000,004,460 | -H-- | M] () -- C:\ffastun.ffa
[2010/12/20 14:36:42 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Conservative Radio - Listen Online.url
[2010/12/20 13:43:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/20 12:35:22 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\User\Desktop\newworldorderuk.url
[2010/12/20 10:26:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/20 10:26:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/20 00:37:21 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000007-00000000-00000006-00001102-00000005-00291102}.rfx
[2010/12/20 00:37:21 | 000,053,800 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000007-00000000-00000006-00001102-00000005-00291102}.rfx
[2010/12/20 00:37:21 | 000,053,800 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000007-00000000-00000006-00001102-00000005-00291102}.rfx
[2010/12/20 00:37:21 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/12/20 00:37:21 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/12/19 23:21:04 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - blenkarni's YouTube (2).url
[2010/12/19 21:50:21 | 000,000,356 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Sign in to Yahoo!.url
[2010/12/19 21:20:38 | 000,000,263 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - robinarielmedia's Channel.url
[2010/12/19 16:11:56 | 016,746,974 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Hizb ut Tahrir March for Gaza.flv
[2010/12/18 22:52:55 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ubersoldier 2.lnk
[2010/12/18 22:00:47 | 000,000,295 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - ironmaiden's Channel.url
[2010/12/18 21:18:14 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\User\Desktop\The Savage Nation Forum.url
[2010/12/18 21:11:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/18 21:05:52 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TheHill.com.url
[2010/12/18 19:09:59 | 000,000,263 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - EnglishDemocrat's Channel.url
[2010/12/18 14:37:36 | 000,000,315 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Mark Thompson, Director-General of the BBC - Common Purpose training - WhatDoTheyKnow.url
[2010/12/18 13:30:41 | 000,000,257 | ---- | M] () -- C:\Documents and Settings\User\Desktop\The Surfing Rabbi.url
[2010/12/17 23:05:41 | 000,000,255 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - SikhWorldTV's Channel.url
[2010/12/17 15:16:50 | 000,000,233 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Michael Savage Show.url
[2010/12/17 14:28:04 | 000,000,379 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - elvis.url
[2010/12/16 21:34:28 | 000,000,375 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - islamism.url
[2010/12/16 18:39:05 | 000,000,287 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MalWare Removal • View topic - Cant remove Q-Word Search.url
[2010/12/16 15:43:38 | 000,000,407 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - MarxistFascistUK's Channel (2).url
[2010/12/15 19:25:56 | 000,330,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/14 22:36:45 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/14 22:35:28 | 013,496,102 | ---- | M] () -- C:\Documents and Settings\User\My Documents\EDL - Gutsy female EDL member silenced at 'Islamophobia' conference.flv
[2010/12/14 16:22:22 | 243,189,356 | ---- | M] () -- C:\Documents and Settings\User\My Documents\The Day the Dollar Died.avi
[2010/12/14 15:53:46 | 043,015,983 | ---- | M] () -- C:\Documents and Settings\User\My Documents\The Day the Dollar Died.flv
[2010/12/14 15:37:00 | 000,000,307 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - american militia.url
[2010/12/14 13:24:53 | 000,000,278 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Mark Levin Show.url
[2010/12/13 19:49:55 | 000,000,259 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - Goodfightlads's Channel.url
[2010/12/13 18:58:10 | 000,000,403 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - meir kahane.url
[2010/12/13 18:19:44 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - Patriotic English song.url
[2010/12/13 16:02:52 | 008,697,084 | ---- | M] () -- C:\Documents and Settings\User\My Documents\counterfeet's Channel.flv
[2010/12/13 14:46:21 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - the kiss.url
[2010/12/12 23:20:47 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - Remember Great Britain .url
[2010/12/12 18:07:31 | 000,000,249 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - clarkewi's Channel.url
[2010/12/12 00:09:45 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware (2).lnk
[2010/12/11 22:32:48 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\HiJackThis.lnk
[2010/12/11 22:02:48 | 000,000,608 | ---- | M] () -- C:\Documents and Settings\User\Desktop\The Qword search engine is overriding google as the default at the top right corner even after I have delete it. - Web Search Help.url
[2010/12/11 22:01:42 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/12/11 21:15:03 | 030,295,162 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Tommy Robinson Peterborough part two.flv
[2010/12/11 20:53:04 | 046,445,311 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Tommy Robinson Peterborough Part 1.flv
[2010/12/11 19:53:36 | 000,000,297 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Strange pop-ups and other malware.url
[2010/12/11 18:34:26 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/12/11 18:00:47 | 000,000,895 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/12/11 17:47:19 | 000,000,230 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Remove qword.dll - qword.dll Manual and Automatic Removal Instructions.url
[2010/12/11 17:33:27 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Tech PC Forums • Index page.url
[2010/12/11 17:04:03 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - Episode 6 - Alan Partridge's - Mid Morning Matters.url
[2010/12/11 17:01:06 | 000,000,387 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - geert wilders.url
[2010/12/11 13:56:46 | 000,000,251 | ---- | M] () -- C:\Documents and Settings\User\Desktop\The Manning Report.url
[2010/12/11 12:44:30 | 018,134,668 | ---- | M] () -- C:\Documents and Settings\User\My Documents\English Speaking Schoolchildren a Minority in British Schools3.flv
[2010/12/10 20:48:53 | 000,000,405 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - israel punk music.url
[2010/12/10 11:09:53 | 010,417,091 | ---- | M] () -- C:\Documents and Settings\User\My Documents\EDL Rabbi Meir Kahane- The First US victim of Al Quada.mp4
[2010/12/09 21:24:20 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - idf.url
[2010/12/09 18:47:58 | 000,000,289 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - england.url
[2010/12/09 15:07:53 | 005,501,895 | ---- | M] () -- C:\Documents and Settings\User\My Documents\EDL Michael Savage.flv
[2010/12/09 11:52:40 | 246,228,712 | ---- | M] () -- C:\Documents and Settings\User\My Documents\EDL Rabbi Schrifrens Address To The British Resistance.avi
[2010/12/09 11:35:21 | 044,850,687 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Surfing rabbi - Nachum Shifren at EDL Demo in London.flv
[2010/12/08 10:05:59 | 000,114,243 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/12/08 10:05:59 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/12/07 21:00:48 | 000,000,443 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - punk uk.url
[2010/12/07 20:33:30 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - army.url
[2010/12/07 14:41:38 | 000,000,397 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - radio caroline.url
[2010/12/06 19:10:52 | 000,000,393 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - punk israel.url
[2010/12/06 11:12:44 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Newsmax - Newsmax.com - Breaking News, Politics, Commentary.url
[2010/12/05 15:40:15 | 000,000,914 | ---- | M] () -- C:\Documents and Settings\User\Desktop\A Free Press for a Free People.url
[2010/12/04 20:17:27 | 027,055,395 | ---- | M] () -- C:\Documents and Settings\User\My Documents\goodbyeweyman's Channel.flv
[2010/12/03 21:39:16 | 015,695,940 | ---- | M] () -- C:\Documents and Settings\User\My Documents\EDL Pete McKenna.flv
[2010/12/03 09:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/12/03 09:05:33 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/12/02 11:18:49 | 062,298,450 | ---- | M] () -- C:\Documents and Settings\User\My Documents\English Defence League support Israel.flv
[2010/12/01 19:45:17 | 018,057,260 | ---- | M] () -- C:\Documents and Settings\User\My Documents\PopModal The Conservative Alternative to YouTube - Jackie Mason Endorsement of Rabbi Shifren.flv
[2010/11/30 15:47:29 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - Fashion in the 1950's.url
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/11/29 16:56:32 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes (2).lnk
[2010/11/29 12:00:03 | 014,244,862 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Guramit Singh's Speech EDL Nuneaton 27 Nov 2010.flv
[2010/11/29 11:02:10 | 034,738,820 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Robert Spencer - so what if Feisal Abdul Rauf is really what he says he is.flv
[2010/11/28 15:29:01 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/11/28 14:14:04 | 086,857,287 | ---- | M] () -- C:\Documents and Settings\User\My Documents\THE GLORIOUS EDL.flv
[2010/11/28 11:39:46 | 004,157,293 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Are Muslim Nurses Killing Patients.flv
[2010/11/28 11:19:25 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2010/11/27 23:01:51 | 000,199,904 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/11/27 23:01:00 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/11/27 23:01:00 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/11/27 23:00:54 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2010/11/27 20:45:28 | 000,001,244 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to 1940's Fashion - Ladies Boudoir.flv.lnk
[2010/11/27 20:45:13 | 000,001,129 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut to 50'sGirl.flv.lnk
[2010/11/27 14:27:15 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - vidcat1's Channel.url
[2010/11/24 21:08:26 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - famouspictures's Channel.url
[2010/11/24 17:15:00 | 007,703,836 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Saudi King Heads to U.S. for Medical Treatment.flv
[2010/11/22 15:15:18 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2010/11/22 11:26:40 | 000,000,425 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Ronald Reagan Speech – 1964 Republican National Convention « Counterculture Con HQ.url
[2010/11/21 20:15:50 | 000,014,568 | ---- | M] () -- C:\Documents and Settings\User\My Documents\boat001[1].gif
[2010/11/20 20:43:26 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2010/11/20 18:48:16 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\User\Desktop\AVS Video Converter.lnk
[2010/11/20 17:49:21 | 005,660,705 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Marxist Brainwashing American Schools.flv
[2010/11/20 16:37:36 | 131,612,270 | ---- | M] () -- C:\Documents and Settings\User\My Documents\End of Nations_xvid_001.avi
[5 C:\Documents and Settings\User\My Documents\*.tmp files -> C:\Documents and Settings\User\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/19 16:02:24 | 016,746,974 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Hizb ut Tahrir March for Gaza.flv
[2010/12/18 23:35:05 | 000,000,373 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - the who.url
[2010/12/18 22:52:55 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ubersoldier 2.lnk
[2010/12/18 22:00:47 | 000,000,295 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - ironmaiden's Channel.url
[2010/12/18 19:09:59 | 000,000,263 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - EnglishDemocrat's Channel.url
[2010/12/18 14:37:36 | 000,000,315 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Mark Thompson, Director-General of the BBC - Common Purpose training - WhatDoTheyKnow.url
[2010/12/18 13:30:41 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\User\Desktop\The Surfing Rabbi.url
[2010/12/17 23:05:41 | 000,000,255 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - SikhWorldTV's Channel.url
[2010/12/17 14:28:04 | 000,000,379 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - elvis.url
[2010/12/16 18:33:27 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MalWare Removal • View topic - referred from malware forum.url
[2010/12/16 15:43:38 | 000,000,407 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - MarxistFascistUK's Channel (2).url
[2010/12/14 22:35:27 | 013,496,102 | ---- | C] () -- C:\Documents and Settings\User\My Documents\EDL - Gutsy female EDL member silenced at 'Islamophobia' conference.flv
[2010/12/14 16:26:28 | 243,189,356 | ---- | C] () -- C:\Documents and Settings\User\My Documents\The Day the Dollar Died.avi
[2010/12/14 15:37:00 | 000,000,307 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - american militia.url
[2010/12/14 15:30:25 | 043,015,983 | ---- | C] () -- C:\Documents and Settings\User\My Documents\The Day the Dollar Died.flv
[2010/12/13 22:25:57 | 000,000,220 | ---- | C] () -- C:\Documents and Settings\User\Desktop\TheHill.com.url
[2010/12/13 19:49:55 | 000,000,259 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - Goodfightlads's Channel.url
[2010/12/13 18:19:44 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - Patriotic English song.url
[2010/12/13 16:00:12 | 008,697,084 | ---- | C] () -- C:\Documents and Settings\User\My Documents\counterfeet's Channel.flv
[2010/12/12 23:20:47 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - Remember Great Britain .url
[2010/12/12 18:07:31 | 000,000,249 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - clarkewi's Channel.url
[2010/12/12 00:09:45 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware (2).lnk
[2010/12/11 22:45:34 | 000,000,287 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MalWare Removal • View topic - Cant remove Q-Word Search.url
[2010/12/11 22:29:21 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\HiJackThis.lnk
[2010/12/11 22:01:42 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/12/11 20:56:31 | 030,295,162 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Tommy Robinson Peterborough part two.flv
[2010/12/11 20:52:29 | 046,445,311 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Tommy Robinson Peterborough Part 1.flv
[2010/12/11 19:53:36 | 000,000,297 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Strange pop-ups and other malware.url
[2010/12/11 19:47:38 | 000,000,608 | ---- | C] () -- C:\Documents and Settings\User\Desktop\The Qword search engine is overriding google as the default at the top right corner even after I have delete it. - Web Search Help.url
[2010/12/11 18:48:17 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/12/11 18:00:47 | 000,000,895 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/12/11 17:47:19 | 000,000,230 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Remove qword.dll - qword.dll Manual and Automatic Removal Instructions.url
[2010/12/11 16:24:28 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - Episode 6 - Alan Partridge's - Mid Morning Matters.url
[2010/12/11 12:44:29 | 018,134,668 | ---- | C] () -- C:\Documents and Settings\User\My Documents\English Speaking Schoolchildren a Minority in British Schools3.flv
[2010/12/10 18:24:54 | 000,000,375 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - islamism.url
[2010/12/10 11:04:57 | 010,417,091 | ---- | C] () -- C:\Documents and Settings\User\My Documents\EDL Rabbi Meir Kahane- The First US victim of Al Quada.mp4
[2010/12/09 22:23:35 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-527237240-1614895754-1801674531-1001.job
[2010/12/09 21:24:20 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - idf.url
[2010/12/09 20:22:47 | 000,000,405 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - israel punk music.url
[2010/12/09 17:55:23 | 000,000,289 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - england.url
[2010/12/09 15:04:45 | 005,501,895 | ---- | C] () -- C:\Documents and Settings\User\My Documents\EDL Michael Savage.flv
[2010/12/09 11:53:14 | 246,228,712 | ---- | C] () -- C:\Documents and Settings\User\My Documents\EDL Rabbi Schrifrens Address To The British Resistance.avi
[2010/12/09 11:17:03 | 044,850,687 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Surfing rabbi - Nachum Shifren at EDL Demo in London.flv
[2010/12/08 23:32:04 | 000,000,403 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - meir kahane.url
[2010/12/08 10:45:56 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\User\Desktop\The Savage Nation Forum.url
[2010/12/07 14:41:38 | 000,000,397 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - radio caroline.url
[2010/12/06 22:00:44 | 000,000,387 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - geert wilders.url
[2010/12/06 19:10:52 | 000,000,393 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - punk israel.url
[2010/12/06 13:43:11 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/05 22:26:36 | 000,000,283 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - army.url
[2010/12/05 22:17:17 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - the kiss.url
[2010/12/05 13:56:54 | 000,000,251 | ---- | C] () -- C:\Documents and Settings\User\Desktop\The Manning Report.url
[2010/12/04 20:02:18 | 027,055,395 | ---- | C] () -- C:\Documents and Settings\User\My Documents\goodbyeweyman's Channel.flv
[2010/12/04 16:58:00 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Mark Levin Show.url
[2010/12/04 11:04:16 | 000,000,443 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - punk uk.url
[2010/12/03 21:39:16 | 015,695,940 | ---- | C] () -- C:\Documents and Settings\User\My Documents\EDL Pete McKenna.flv
[2010/12/02 10:45:57 | 062,298,450 | ---- | C] () -- C:\Documents and Settings\User\My Documents\English Defence League support Israel.flv
[2010/12/01 19:20:56 | 018,057,260 | ---- | C] () -- C:\Documents and Settings\User\My Documents\PopModal The Conservative Alternative to YouTube - Jackie Mason Endorsement of Rabbi Shifren.flv
[2010/11/29 16:56:32 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes (2).lnk
[2010/11/29 11:51:48 | 014,244,862 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Guramit Singh's Speech EDL Nuneaton 27 Nov 2010.flv
[2010/11/29 10:49:03 | 034,738,820 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Robert Spencer - so what if Feisal Abdul Rauf is really what he says he is.flv
[2010/11/28 15:29:01 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/11/28 12:53:23 | 086,857,287 | ---- | C] () -- C:\Documents and Settings\User\My Documents\THE GLORIOUS EDL.flv
[2010/11/28 11:37:51 | 004,157,293 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Are Muslim Nurses Killing Patients.flv
[2010/11/28 11:19:25 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2010/11/27 20:45:28 | 000,001,244 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to 1940's Fashion - Ladies Boudoir.flv.lnk
[2010/11/27 20:45:13 | 000,001,129 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut to 50'sGirl.flv.lnk
[2010/11/24 21:08:26 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - famouspictures's Channel.url
[2010/11/24 17:12:35 | 007,703,836 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Saudi King Heads to U.S. for Medical Treatment.flv
[2010/11/24 10:04:33 | 000,000,263 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - robinarielmedia's Channel.url
[2010/11/22 15:15:18 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2010/11/22 11:26:40 | 000,000,425 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Ronald Reagan Speech – 1964 Republican National Convention « Counterculture Con HQ.url
[2010/11/21 20:16:25 | 000,014,568 | ---- | C] () -- C:\Documents and Settings\User\My Documents\boat001[1].gif
[2010/11/20 20:43:26 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2010/11/20 19:40:10 | 131,612,270 | ---- | C] () -- C:\Documents and Settings\User\My Documents\End of Nations_xvid_001.avi
[2010/11/20 18:48:16 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\User\Desktop\AVS Video Converter.lnk
[2010/11/20 17:45:24 | 005,660,705 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Marxist Brainwashing American Schools.flv
[2010/11/03 00:04:20 | 000,187,856 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/20 15:30:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\SYSVCPDRV.SYS
[2010/09/20 15:28:50 | 000,006,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vcs.sys
[2010/06/04 17:54:02 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/05/24 18:54:01 | 000,000,088 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/05/16 18:18:58 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010/04/29 19:27:14 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 11:34:51 | 000,000,207 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2010/04/24 11:03:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/13 17:10:36 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/13 16:52:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/13 16:10:47 | 000,966,765 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2010/04/13 16:10:47 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\SCMLib.dll
[2010/04/13 16:10:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\RtlGina2.dll
[2008/04/14 05:41:56 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/14 05:41:56 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/14 05:41:56 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/14 05:41:56 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/14 05:41:56 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2006/12/19 06:15:20 | 000,065,154 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2006/12/12 09:48:22 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2006/11/30 07:01:26 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/05/18 06:03:24 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[1997/08/18 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/18 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF

< End of report >
Last edited by sarasara on December 20th, 2010, 1:16 pm, edited 1 time in total.
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm

Re: Cant remove Q-Word Search

Unread postby sarasara » December 20th, 2010, 1:14 pm

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-20 16:58:57
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD5000AACS-00G8B1 rev.05.04C05
Running: c03p99bj.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\kwdorfog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xAF94F558]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xAF94FE5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xAF950C90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xAF9511DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xAF950138]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xAF94E3C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xAF9510C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xAF94F146]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xAF950F94]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xAF94F2EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xAF9512FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xAF94FAE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xAF95102A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xAF9529E2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xAF94E9D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xAF94ED86]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xAF9505BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xAF953BEE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xAF94EED2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xAF94EF6A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xAF9503C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xAF952AD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xAF94E3A4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xAF94E3B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xAF95323C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xAF94F096]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xAF951270]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xAF94FEDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xAF94E588]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xAF951150]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xAF94F794]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xAF952FD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xAF951390]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xAF94F686]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xAF94F002]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xAF94EC3A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xAF953576]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xAF94E864]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xAF952E68]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xAF94EAF4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xAF94DDDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xAF9516F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xAF9515BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xAF95277C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xAF94E156]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xAF953A90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xAF94DD76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xAF9509D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xAF94FD00]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xAF95201C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xAF952C72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xAF9536C6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xAF94E6DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xAF9537B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xAF9538F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xAF952906]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xAF94F930]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xAF94F890]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xAF95341A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xAF94FA1A]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP AF941FE6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP AF9423C2 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2CE0 8050457C 4 Bytes JMP C9A4F515
.text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 12 Bytes [D4, 2A, 95, AF, A4, E3, 94, ...] {AAM 0x2a; XCHG EBP, EAX; SCASD ; MOVSB ; JECXZ 0xffffffffffffff9b; SCASD ; MOV DH, 0xe3; XCHG ESP, EAX; SCASD }
.text ntkrnlpa.exe!ZwCallbackReturn + 2EA8 80504744 4 Bytes CALL 0C6AF6DD
.text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80504780 16 Bytes JMP DDDEAF94
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [B8, 37, 95, AF, F2, 38, 95, ...] {MOV EAX, 0xf2af9537; CMP [EBP-0x6ad6f951], DL; SCASD }
.sfrelocÿÿÿÿsfsync03unknown last section [0xB80F5000, 0xA20, 0x40000040] C:\WINDOWS\system32\drivers\sfsync03.sys unknown last section [0xB80F5000, 0xA20, 0x40000040]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB61FB3A0, 0x59FFE5, 0xE8000020]
.vmp2 C:\WINDOWS\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0xAE75D69D]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[208] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [E0, 13, 46, 6C] {LOOPNZ 0x15; INC ESI; INSB }
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [E0, 13, 46, 6C] {LOOPNZ 0x15; INC ESI; INSB }
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4328] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4328] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4328] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4328] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4328] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4328] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4328] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4328] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4328] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6032] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6032] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6032] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6032] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6032] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6032] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6032] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6032] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6032] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6032] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6032] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6032] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6032] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [B7928D50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [B7928D50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 008E0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 008E02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 008E0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 008E0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 00BB09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BB0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00BB0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00BB0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00BB0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 00BB0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 00BB0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 00BB0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 00BB0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 008E0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 008E09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 008E0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 008E0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 008E0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 00BB0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00BB0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00BB0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 008E0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7D1F06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 7D1F07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7D1F0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 7D1F08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7D1F0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] 008E0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 008E0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 008E0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7D1E0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 7D1F0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 7D1F0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7D1F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7D1F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7D1E05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7D1F0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 7D1E0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 7D1E06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7D1E0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7D1E0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7D1F0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7D1F0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7D1F0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7D1E07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 7D1E08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 00BC0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7D1E0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 7D1E09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7D1E0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BC0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00BC00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00BC0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 00BC01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 00BC0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00BC02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00BC0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00BC0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7D1E0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00BC0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00BC0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] 00BC04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7D1E0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BC0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 00BC05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 00BC0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 00BC06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 00BC0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 00BC0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7D1E0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 00BC07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00BC0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7D1E0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00BC08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00BC0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 00BC09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 00BC0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BC0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 00BC0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 00BC0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 00BC0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 00BC0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 008F0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 008F0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BC0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00BC0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00BC0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 00BC0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 00BC0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 00BC0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00BC0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00BD0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 00BD0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 00BD00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00BD0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 008F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 008F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 008F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00BD01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00BD0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00BD02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00BD0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 00BD0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00BD0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00BD0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00BD04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 00BD0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 008F0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00BD05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00BD0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 00BD06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 008F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BD0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 008F0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 00BD0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 00BD0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 00BD0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 00BD0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 00BF0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 00BF0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] 00BF0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 00BF0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 00BF0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 00BF0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 00BF0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 00BF0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BF0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7D1F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7D1E0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7D1E02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7D1F0320
IAT C:\Program Files\Kaspersky
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm

Re: Cant remove Q-Word Search

Unread postby sarasara » December 20th, 2010, 1:15 pm

Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 7D1F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7D1F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapCreate] 7D1E0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapDestroy] 7D1E02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7D1F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 7D1F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7D1E0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7D1F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 7D1F0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 7D1F0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualFree] 7D1E0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualAlloc] 7D1E0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 7D1F0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 7D1F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 7D1F0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7D1F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 7D1F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1408] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00BB0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00BB02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 00BB0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00BB0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 00D909B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00D90A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00D90A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00D90B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00D90B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 00D90BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 00D90C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 00D90CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 00D90D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 00BB0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 00BB09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 00BB0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 00BB0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 00BB0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 00D90DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00D90EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00D90F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 00BB0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7D1F06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 7D1F07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7D1F0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 7D1F08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7D1F0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] 00BB0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00BB0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 00BB0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7D1E0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 7D1F0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 7D1F0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7D1F0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7D1F0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7D1E05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7D1F0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 7D1E0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 7D1E06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7D1E0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7D1E0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7D1F0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 7D1F0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1F0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7D1F0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7D1F0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7D1E07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 7D1E08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 00DA0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7D1E0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 7D1E09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7D1E0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00DA0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00DA00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00DA0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 00DA01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 00DA0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00DA02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00DA0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00DA0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7D1E0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00DA0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00DA0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] 00DA04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7D1E0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00DA0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 00DA05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 00DA0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 00DA06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 00DA0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 00DA0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7D1E0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 00DA07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00DA0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7D1E0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00DA08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00DA0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 00DA09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 00DA0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00DA0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 00DA0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 00DA0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 00DA0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 00DA0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00BC0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00BC0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00DA0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00DA0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00DA0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 00DA0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 00DA0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 00DA0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00DA0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00DB0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 00DB0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 00DB00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00DB0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00BC00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 00BC0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 00BC0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00DB01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00DB0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00DB02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00DB0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 00DB0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00DB0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00DB0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00DB04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 00DB0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00BC0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00DB05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00DB0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 00DB06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 00BC04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00DB0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00BC0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 00DB0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 00DB0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 00DB0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 00DB0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 00DD0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00DD0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 00DD0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 00DD04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 00DD0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 00DD05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 00DE04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 00DE0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] 00DE05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 00DE0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 00DE06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 00DE0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 00DE0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 00DE07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00DE0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7D1E0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7D1E02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7D1F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 7D1F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 7D1F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[1948] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7D1F0320
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[6032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

Device \Driver\atapi \Device\Ide\IdePort0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

Device \Driver\usbstor \Device\0000007c sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\0000007d sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\0000007e sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm

Re: Cant remove Q-Word Search

Unread postby deltalima » December 20th, 2010, 2:39 pm

Hi sarasara,

Please also post the Extras.txt log from OTL, it should be on your desktop.

Also let me know if you have the Q-Word Search problem in Internet Explorer of Firefox or in both.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Cant remove Q-Word Search

Unread postby sarasara » December 20th, 2010, 4:50 pm

Deltalima, Could that refer to the 'extra registry' in the OTL program which is unticked? Should I rescan with that ticked? I failed to get the logfile to desktop though I did create a file on the desktop for it, when I found that file empty I clicked 'open' instead to the download and then c&P'd it to you.
Thanks,
sara
sarasara
Regular Member
 
Posts: 52
Joined: December 11th, 2010, 6:06 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware