Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trouble removing Key Mouse Genie

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trouble removing Key Mouse Genie

Unread postby wall » September 6th, 2011, 6:50 pm

I was having a bit of trouble removing it and i saw that someone else on these forums also had the same problem (and they ended up having a key logger Trojan). So i just wanted to make sure that it was gone and my computer is fine. If you would could you look at the entire log to make sure that nothing else is wrong.

Thanks,
James


Logs:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:33:03 PM, on 9/6/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17099)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\cacaoweb\cacaoweb.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Razer\Lachesis\OSD.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Razer\Lachesis\razertra.exe
C:\Program Files\Skypee\Phone\Skype.exe
C:\Program Files\HJT123\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sharewareisland.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.sharewareisland.com/quicksearch.aspx
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cacaoweb] "C:\Program Files\cacaoweb\cacaoweb.exe" -noplayer
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 8448 bytes

------------------------------------------------------------------------------
Adobe AIR
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Bonjour
Browser Address Error Redirector
Canon MP510
Catalyst Control Center - Branding
CCleaner
Comcast Access
Comcast Access
Compatibility Pack for the 2007 Office system
DisplayFusion 3.1.10
Gadwin PrintScreen
GhostMouse
Google Toolbar for Internet Explorer
gtw_logo
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iPod for Windows 2005-09-23
iTunes
Java(TM) 6 Update 26
Kaspersky Anti-Virus 2011
Kaspersky Anti-Virus 2011
KeyTweak - Keyboard Remapper (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
mIRC
Mozilla Firefox 6.0.2 (x86 en-US)
Nero BurnRights
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenSSL 0.9.8g Light
PowerDVD
QuickTime
Rainmeter
Razer Lachesis
Razer Lycosa
Realtek High Definition Audio Driver
RuneScape Launcher 1.0.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype™ 4.1
SwiftKit
TeamSpeak 3 Client
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
Windows Driver Package - Razer (HidUsb) HIDClass (01/11/2007 1.0)
Windows Driver Package - Razer (HidUsb) HIDClass (05/10/2007 1.00)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver
Wise Registry Cleaner Free 5.61
wall
Active Member
 
Posts: 10
Joined: September 6th, 2011, 5:32 pm
Advertisement
Register to Remove

Re: Trouble removing Key Mouse Genie

Unread postby deltalima » September 9th, 2011, 5:26 am

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Trouble removing Key Mouse Genie

Unread postby deltalima » September 9th, 2011, 5:32 am

Hi wall,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Trouble removing Key Mouse Genie

Unread postby wall » September 9th, 2011, 10:51 pm

Thanks and the computer is used for home use.


CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.AJFNIG
----- EOF -----


and


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-4QTVT-T3BV2-C96V8
Windows Product Key Hash: Sv7INy2VH4NRrkl/y2qnEiQEt44=
Windows Product ID: 76487-OEM-2211906-00103
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {58B9CC39-5920-48B4-AF1D-6A09F1872352}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Small Business Edition 2003 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-800a_E2AD56EA-766-191_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{58B9CC39-5920-48B4-AF1D-6A09F1872352}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-C96V8</PKey><PID>76487-OEM-2211906-00103</PID><PIDType>2</PIDType><SID>S-1-5-21-3372777191-685033089-2663186257</SID><SYSTEM><Manufacturer>Gateway</Manufacturer><Model>E-2600D SB</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>W7248AG2 2.0B</Version><SMBIOSVersion major="2" minor="4"/><Date>20061011000000.000000+000</Date><SLPBIOS>Gateway,Gateway,Gateway,Gateway</SLPBIOS></BIOS><HWID>362D33D70184C076</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Gateway</name><model>E-2600D SB</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91CA0409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Small Business Edition 2003</Name><Ver>11</Ver><Val>2DE150CCBE09F2C</Val><Hash>mTJ8LQBZcrU9Z5VCW5h9gSLnn3M=</Hash><Pid>70160-OEM-5691806-19945</Pid><PidType>6</PidType></Product></Products><Applications><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1CBF0:emachines inc|1CBF0:Gateway, Inc|1E840:Gateway, Inc
Marker string from OEMBIOS.DAT: Gateway,Gateway,Gateway,Gateway

OEM Activation 2.0 Data-->
N/A
wall
Active Member
 
Posts: 10
Joined: September 6th, 2011, 5:32 pm

Re: Trouble removing Key Mouse Genie

Unread postby deltalima » September 10th, 2011, 4:00 am

Hi wall,

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Trouble removing Key Mouse Genie

Unread postby wall » September 10th, 2011, 4:53 pm

Here you go


OTL logfile created on: 9/10/2011 11:22:08 AM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.71 Gb Available Physical Memory | 35.74% Memory free
3.34 Gb Paging File | 2.14 Gb Available in Paging File | 64.11% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.44 Gb Total Space | 120.33 Gb Free Space | 83.31% Space Free | Partition Type: NTFS
Drive D: | 4.59 Gb Total Space | 1.53 Gb Free Space | 33.23% Space Free | Partition Type: FAT32
Drive E: | 227.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: FAMILY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\cacaoweb\cacaoweb.exe ()
PRC - C:\Program Files\Rainmeter\Rainmeter.exe ()
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\mIRC\mirc.exe (mIRC Co. Ltd.)
PRC - C:\Documents and Settings\Administrator\Local Settings\Application Data\jagexlauncher\bin\JagexLauncher.exe ()
PRC - C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
PRC - C:\Program Files\Razer\Lachesis\razertra.exe ()
PRC - C:\Program Files\Razer\Lachesis\razerhid.exe ()
PRC - C:\Program Files\Razer\Lachesis\OSD.exe (razercfg MFC Application)
PRC - C:\Program Files\Razer\Lachesis\razerofa.exe (Razer Inc.)
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\.jagex_cache_32\runescape\hw3d.dll ()
MOD - C:\WINDOWS\.jagex_cache_32\runescape\jagdx.dll ()
MOD - C:\WINDOWS\.jagex_cache_32\runescape\jagmisc.dll ()
MOD - C:\WINDOWS\.jagex_cache_32\runescape\jaclib.dll ()
MOD - C:\WINDOWS\.jagex_cache_32\runescape\browsercontrol.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\cacaoweb\cacaoweb.exe ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Program Files\Rainmeter\Plugins\WebParser.dll ()
MOD - C:\Program Files\Rainmeter\Rainmeter.exe ()
MOD - C:\Program Files\Rainmeter\Rainmeter.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avzkrnl.dll ()
MOD - C:\Documents and Settings\Administrator\Local Settings\Application Data\jagexlauncher\bin\JagexLauncher.exe ()
MOD - C:\Documents and Settings\Administrator\Local Settings\Application Data\jagexlauncher\bin\jvm.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3632.28218__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3632.28245__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3632.28238__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3632.28229__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3632.28362__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3632.28362__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3632.28368__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3632.28362__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3632.28243__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3632.28326__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3632.28319__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3632.28307__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3632.28345__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3632.28229__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3632.28290__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3632.28277__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3632.28346__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3632.28244__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3632.28244__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3632.28389__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3632.28298__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3632.28299__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3632.28298__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3632.28360__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3632.28359__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3632.28280__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3632.28312__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3632.28246__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3632.28279__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3632.28287__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3632.28286__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3632.28321__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3632.28247__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3632.28232__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3632.28252__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3632.28273__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3632.28278__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3632.28288__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3632.28293__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3632.28279__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3632.28279__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3621.42212__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3621.42210__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3621.42227__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3621.42278__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3621.42271__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3621.42225__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3621.42271__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3621.42190__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3621.42192__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3621.42223__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3621.42196__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3621.42329__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3621.42213__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3621.42217__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3621.42209__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3621.42228__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3621.42211__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3621.42240__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3621.42202__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3621.42246__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3621.42267__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3621.42268__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3621.42241__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3621.42221__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3621.42274__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3621.42226__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3621.42247__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3621.42226__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3621.42243__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3621.42214__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3621.42224__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3621.42241__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3621.42229__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3621.42244__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3621.42226__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3632.28381__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3621.42211__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3621.42225__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3621.42213__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3632.28338__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3632.28353__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3621.42192__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3621.42200__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3621.42221__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3632.28212__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3632.28331__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3632.28237__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3632.28336__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3632.28215__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3632.28217__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3621.42219__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3621.42205__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3621.42221__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3621.42221__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3632.28224__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3621.42217__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3621.42249__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3632.28215__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3632.28213__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3632.28338__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Documents and Settings\Administrator\Local Settings\Application Data\jagexlauncher\bin\zlib1.dll ()
MOD - C:\Program Files\Razer\Lachesis\razertra.exe ()
MOD - C:\Program Files\Razer\Lachesis\razerhid.exe ()


========== Win32 Services (SafeList) ==========

SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)


========== Driver Services (SafeList) ==========

DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\WINDOWS\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab ZAO)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (LycoFltr) -- C:\WINDOWS\system32\drivers\Lycosa.sys (Razer USA Ltd.)
DRV - (LachesisFltr) -- C:\WINDOWS\system32\drivers\Lachesis.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (WUSB54GPV4SRV) -- C:\WINDOWS\system32\drivers\rt2500usb.sys (Ralink Technology Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sharewareisland.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.sharewareisland.com/quicksearch.aspx


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html ... &M=E-2600D SB
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html ... &M=E-2600D SB
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-3372777191-685033089-2663186257-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3372777191-685033089-2663186257-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3372777191-685033089-2663186257-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
IE - HKU\S-1-5-21-3372777191-685033089-2663186257-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3372777191-685033089-2663186257-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3372777191-685033089-2663186257-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.youtube.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.3
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: clipconverter@clipconverter.cc:1.0.0
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Administrator\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Administrator\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/05/31 15:24:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru [2011/05/31 15:24:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/06 17:59:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/07 18:23:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Administrator\Application Data\Move Networks [2010/06/13 13:16:31 | 000,000,000 | ---D | M]

[2009/06/04 17:56:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/09/08 00:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bd1jookd.default\extensions
[2010/09/22 17:19:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bd1jookd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/22 17:19:47 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bd1jookd.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2009/10/22 22:10:00 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bd1jookd.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(2)
[2011/06/14 19:15:50 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bd1jookd.default\extensions\cacaoweb@cacaoweb.org
[2011/01/26 22:31:53 | 000,000,000 | ---D | M] (ClipConverter) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bd1jookd.default\extensions\clipconverter@clipconverter.cc
[2011/08/11 10:18:46 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bd1jookd.default\extensions\foxyproxy@eric.h.jung
[2011/05/05 18:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bd1jookd.default\extensions\nostmp
[2011/08/30 15:10:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/31 23:46:44 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/08/30 15:10:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/01/23 13:20:08 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BD1JOOKD.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BD1JOOKD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2009/02/07 13:45:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/06 17:59:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/05 18:26:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/01/24 13:05:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-3372777191-685033089-2663186257-500\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()
O4 - HKLM..\Run: [Lycosa] C:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3372777191-685033089-2663186257-500..\Run: [cacaoweb] C:\Program Files\cacaoweb\cacaoweb.exe ()
O4 - HKU\S-1-5-21-3372777191-685033089-2663186257-500..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKU\S-1-5-21-3372777191-685033089-2663186257-500..\Run: [updateMgr] File not found
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3372777191-685033089-2663186257-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3372777191-685033089-2663186257-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3372777191-685033089-2663186257-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3372777191-685033089-2663186257-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/fl ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E809778-A2A5-47D4-A5FF-D8E5F4C2218D}: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/31 23:32:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/10 11:19:45 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/09/09 16:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\RuneScape
[2011/09/07 18:23:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/09/06 18:18:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2011/09/06 17:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\HJT123
[2011/09/06 16:50:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\AntiVirus
[2011/08/30 17:24:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/08/30 15:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/30 15:09:59 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/08/30 15:09:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/08/30 15:09:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/08/30 15:09:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/08/28 17:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\RSBuddy
[2011/08/27 16:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GhostMouse
[2011/08/18 11:06:16 | 000,000,000 | R--D | C] -- C:\Program Files\Skypee
[2011/08/18 10:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/08/11 14:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/10 11:25:20 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2011/09/10 11:24:26 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2011/09/10 11:24:20 | 000,000,024 | ---- | M] () -- C:\Documents and Settings\Administrator\jagexappletviewer.preferences
[2011/09/10 11:20:23 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/09/10 11:20:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3372777191-685033089-2663186257-500UA.job
[2011/09/10 08:19:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/10 08:18:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/10 08:18:30 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/09 16:21:47 | 000,002,091 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RuneScape.lnk
[2011/09/08 23:55:31 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/09/08 22:20:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3372777191-685033089-2663186257-500Core.job
[2011/09/07 21:42:44 | 001,082,739 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RSBuddy.jar
[2011/09/06 17:01:00 | 000,290,465 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2011/09/06 16:59:53 | 000,181,593 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2011/09/06 16:46:13 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2011/09/06 15:47:14 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2011/09/06 15:47:13 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2011/09/04 12:21:45 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2011/09/04 12:21:45 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/03 06:17:37 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/02 09:01:19 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/28 16:24:09 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\iTunes.lnk
[2011/08/27 18:08:28 | 000,053,648 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/08/27 16:12:22 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GhostMouse.lnk
[2011/08/25 20:12:45 | 237,659,165 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AP Physics C 2011-12.pdf
[2011/08/18 11:06:33 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/08/14 11:09:20 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/14 02:00:46 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Copy of iTunes.lnk
[2011/08/12 12:24:29 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/09 16:22:07 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Administrator\jagexappletviewer.preferences
[2011/09/09 16:21:47 | 000,002,091 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RuneScape.lnk
[2011/09/07 18:24:00 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/09/07 17:41:30 | 237,659,165 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AP Physics C 2011-12.pdf
[2011/09/06 17:01:00 | 000,290,465 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2011/09/06 16:59:53 | 000,181,593 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2011/09/06 16:46:13 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2011/09/02 09:01:19 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/31 15:21:18 | 001,082,739 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RSBuddy.jar
[2011/08/27 16:12:22 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GhostMouse.lnk
[2011/08/18 11:06:19 | 000,002,273 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/02/19 14:34:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/22 14:35:03 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/01/22 14:35:03 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/02/14 15:10:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/02/14 15:10:39 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/02/14 15:10:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/02/14 15:10:38 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/02/14 15:10:38 | 000,197,982 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/02/14 15:10:38 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/01/24 12:46:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/24 12:46:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/24 12:46:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/24 12:46:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/24 12:46:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009/08/05 12:39:29 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/04 22:12:27 | 000,053,648 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/04 17:56:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/22 20:40:58 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/11/26 21:51:40 | 000,001,668 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/11/04 10:16:41 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/06/14 14:19:38 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/05 11:37:52 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/11/17 16:04:13 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/11/17 16:04:10 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/11/17 16:04:10 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/11/17 16:04:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/11/17 16:04:04 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/11/17 16:04:03 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/11/17 16:03:59 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/11/17 16:03:59 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/11/17 15:44:05 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/11/17 15:41:02 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/11/17 15:41:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/11/17 15:31:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/17 15:31:22 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2006/06/30 06:27:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/30 05:53:00 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2006/05/31 23:35:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/05/31 23:29:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/05/31 23:17:16 | 000,001,238 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/31 23:17:16 | 000,000,499 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/05/31 23:16:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/05/31 23:16:58 | 000,496,084 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/05/31 23:16:58 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/05/31 23:16:58 | 000,092,654 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/05/31 23:16:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/05/31 23:16:57 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/05/31 23:16:57 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/05/31 23:16:57 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/05/31 23:16:57 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/05/31 23:16:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/05/31 23:16:52 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/05/31 23:16:51 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/05/31 16:24:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/05/31 16:23:17 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files - Unicode (All) ==========
[2011/08/01 13:21:26 | 000,000,000 | ---D | M](C:\???????æ) -- C:\て앸튤㟁æ
[2011/08/01 13:21:26 | 000,000,000 | ---D | C](C:\???????æ) -- C:\て앸튤㟁æ

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
wall
Active Member
 
Posts: 10
Joined: September 6th, 2011, 5:32 pm

Re: Trouble removing Key Mouse Genie

Unread postby wall » September 10th, 2011, 4:54 pm

OTL Extras logfile created on: 9/10/2011 11:22:08 AM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.71 Gb Available Physical Memory | 35.74% Memory free
3.34 Gb Paging File | 2.14 Gb Available in Paging File | 64.11% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.44 Gb Total Space | 120.33 Gb Free Space | 83.31% Space Free | Partition Type: NTFS
Drive D: | 4.59 Gb Total Space | 1.53 Gb Free Space | 33.23% Space Free | Partition Type: FAT32
Drive E: | 227.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: FAMILY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3372777191-685033089-2663186257-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"14534:TCP" = 14534:TCP:*:Enabled:TeamSpeak
"51234:TCP" = 51234:TCP:*:Enabled:TeamSpeak
"8767:UDP" = 8767:UDP:*:Enabled:TeamSpeak
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Disabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\cacaoweb\cacaoweb.exe" = C:\Program Files\cacaoweb\cacaoweb.exe:*:Enabled:cacaoweb -- ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
"C:\Program Files\Skypee\Phone\Skype.exe" = C:\Program Files\Skypee\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03030CB1-AEA1-90F8-6442-AC063AA1AE20}" = ccc-core-static
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{1A5F9CD3-7BD3-F68F-1267-7C1157AFE531}" = Catalyst Control Center Graphics Full New
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29082A9B-0144-5189-78B3-1E8D47DD644D}" = ccc-core-preinstall
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.0.4
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D923E0-1244-0F60-6108-2B154B0462D0}" = Comcast Access
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71CFE572-6C01-96C4-F90E-36C147C98123}" = Catalyst Control Center InstallProxy
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{870FB7F0-59C3-099B-4ABF-A9F977393EE9}" = ccc-utility
"{885DDF98-4E4C-4D80-59C9-B785F2D314E4}" = Catalyst Control Center Graphics Previews Common
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6EB4CB7-DA32-2FAA-7078-7C0C2882D9DF}" = CCC Help English
"{A816AE22-1878-CACA-7541-47C56F9A96F7}" = ATI Catalyst Install Manager
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B918272C-7E6E-194F-53E9-D3B566480686}" = Catalyst Control Center Graphics Light
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8A92B59-E083-7715-F78F-FDD77B121C3C}" = Catalyst Control Center HydraVision Full
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1BCD1EA-73CE-B1BF-70DC-A1A6EF3132EE}" = Catalyst Control Center Graphics Full Existing
"{F2E92959-8856-6656-BE20-4E2F6685F170}" = Catalyst Control Center Core Implementation
"593AFD5277FA19E67C70E56534B45B0DDD9ED9FE" = Windows Driver Package - Razer (HidUsb) HIDClass (01/11/2007 1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.1.10
"CCleaner" = CCleaner
"com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1" = Comcast Access
"D44822B3621EFD220D3A7DDA72DE5A4B6476748F" = Windows Driver Package - Razer (HidUsb) HIDClass (05/10/2007 1.00)
"Gadwin PrintScreen" = Gadwin PrintScreen
"GhostMouse_is1" = GhostMouse
"gtw_logo" = gtw_logo
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"KeyTweak" = KeyTweak - Keyboard Remapper (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenSSL Light_is1" = OpenSSL 0.9.8g Light
"Rainmeter" = Rainmeter
"SwiftKit" = SwiftKit
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.61
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3372777191-685033089-2663186257-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/18/2011 12:15:14 AM | Computer Name = FAMILY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2000

Error - 6/18/2011 12:15:16 AM | Computer Name = FAMILY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/18/2011 12:15:16 AM | Computer Name = FAMILY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4000

Error - 6/18/2011 12:15:16 AM | Computer Name = FAMILY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4000

Error - 6/18/2011 12:15:18 AM | Computer Name = FAMILY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/18/2011 12:15:18 AM | Computer Name = FAMILY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5953

Error - 6/18/2011 12:15:18 AM | Computer Name = FAMILY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5953

Error - 6/19/2011 9:52:39 AM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/19/2011 1:43:17 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8326.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/19/2011 8:29:27 PM | Computer Name = FAMILY | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 9/5/2011 8:32:13 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/5/2011 9:06:33 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/6/2011 10:10:45 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/7/2011 3:11:36 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/8/2011 3:32:28 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/9/2011 12:48:21 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/9/2011 3:14:35 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/9/2011 4:19:01 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/9/2011 10:33:17 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/10/2011 8:19:02 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126


< End of report >





GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-10 16:48:07
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 WDC_WD1600JS-22MHB0 rev.02.01C03
Running: oyqhwwur.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdypod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xAE1495FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xAE149EFE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xAE14AD32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xAE14B27C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xAE14A1DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xAE14846A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xAE14B162]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xAE1491E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xAE14B036]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xAE149390]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xAE14B39C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xAE149B86]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xAE14B0CC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xAE14CA84]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xAE148A74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xAE148E28]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xAE14A65C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xAE14DC90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xAE148F74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xAE14900C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xAE14A46A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xAE14CB76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xAE148446]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xAE148458]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xAE14D2DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xAE149138]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xAE14B312]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xAE149F80]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xAE14862A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xAE14B1F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xAE149836]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xAE14D078]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xAE14B432]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xAE149728]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xAE1490A4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xAE148CDC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xAE14D618]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xAE148906]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xAE14CF0A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xAE148B96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xAE147E80]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xAE14B796]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xAE14B65C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xAE14C81E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xAE1481F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xAE14DB32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xAE147E18]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xAE14AA78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xAE149DA2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xAE14C0BE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xAE14CD14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xAE14D768]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xAE148780]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xAE14D85A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xAE14D994]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xAE14C9A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xAE1499D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xAE149932]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xAE14D4BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xAE149ABC]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP AE13BFEC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP AE13C3C8 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 12 Bytes [76, CB, 14, AE, 46, 84, 14, ...] {JBE 0xffffffffffffffcd; ADC AL, 0xae; INC ESI; TEST [ESI+EBP*4], DL; POP EAX; TEST [ESI+EBP*4], DL}
.text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80504780 16 Bytes [96, 8B, 14, AE, 80, 7E, 14, ...] {XCHG ESI, EAX; MOV EDX, [ESI+EBP*4]; CMP BYTE [ESI+0x14], 0xae; XCHG ESI, EAX; MOV BH, 0x14; SCASB ; POP ESP; MOV DH, 0x14; SCASB }
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [5A, D8, 14, AE, 94, D9, 14, ...] {POP EDX; FCOM DWORD [ESI+EBP*4]; XCHG ESP, EAX; FST DWORD [ESI+EBP*4]; TEST AL, 0xc9; ADC AL, 0xae}
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF5C57000, 0x223937, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] USER32.dll!AlignRects 7E412A78 4 Bytes [E0, 13, 48, 6C] {LOOPNZ 0x15; DEC EAX; INSB }
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] USER32.dll!AlignRects 7E412A78 4 Bytes [E0, 13, 48, 6C] {LOOPNZ 0x15; DEC EAX; INSB }

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F6C72DA0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F6C72DA0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 011A0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 011A02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 011A0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 011A0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 013D04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 013D0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 013D05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 013D0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 013D06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 011A0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 011A09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 011A0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 011A0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 011A0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 013D08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 011A0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 013D0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 013D09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 013D0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 013D0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 013D0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] 011A0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 011A0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 011A0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 011A0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7D1E0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 013D0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 013D0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 013D0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7D1E0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 013D0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 7D1E05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 7D1E0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7D1E06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7D1E0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 013D0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 013D0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 013D0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 013D0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7D1E0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7D1E07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 013D0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 013D0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7D1E0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7D1E08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7D1F0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7D1F06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7D1E0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7D1F0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7D1F07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7D1E0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 7D1F0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 011B0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 7D1F0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 013E0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 013E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 011B04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 013E02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!FreeLibrary] 013E0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!GetProcAddress] 013E0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!CreateThread] 011B05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!RtlAllocateHeap] 011B0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!RtlFreeHeap] 011B0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 013E0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 013E05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 013E0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 013E06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 013E0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 013E0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 013E07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 013E0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 011B0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 011B0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 011B0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 013E08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 013E0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 013E0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 013E0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 011C00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 011C0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 013E0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 011C01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 011C0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 013E0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 011C0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 011C0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 011C0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 013F0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 013F0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 013F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 013F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 011C06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 013F01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 011C0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7D1E0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7D1E02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7D1F0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7D1F0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[192] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00ED0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00ED02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 00ED0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00ED0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 011A04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 011A0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 011A05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 011A0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 011A06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 00ED0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 00ED09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 00ED0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 00ED0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 00ED0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 011A08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 00ED0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 011A0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 011A09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 011A0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 011A0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 011A0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] 00ED0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00ED0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 00ED0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 00ED0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7D1E0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 011A0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 011A0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 011A0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7D1E0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 011A0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 7D1E05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 7D1E0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7D1E06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7D1E0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 011A0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 011A0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 011A0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 011A0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7D1E0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7D1E07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 011A0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 011A0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7D1E0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7D1F04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7D1E08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7D1F0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7D1F06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7D1E0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7D1F0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7D1F07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7D1E0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7D1E0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 7D1F0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 00EE0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 7D1F0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 011B0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 011B0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 00EE04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 011B02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!FreeLibrary] 011B0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!GetProcAddress] 011B0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!CreateThread] 00EE05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!RtlAllocateHeap] 00EE0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!RtlFreeHeap] 00EE0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 011B0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 011B05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 011B0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 011B06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 011B0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 011B0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 011B07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 011B0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00EE0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 00EE0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 00EE0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 011B08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 011B0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 011B0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 011B0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00EF00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 00EF0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 011B0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00EF01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 00EF0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 011B0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 00EF0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 00EF0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 00EF0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 011C0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 011C0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 011C00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 011C0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 00EF06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 011C01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 00EF0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7D1E0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7D1E02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7D1F0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7D1F0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 7D1F0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapCreate] 7D1E0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapDestroy] 7D1E02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7D1E0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7D1E0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] 7D1E01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 7D1F0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 7D1F00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 7D1F01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7D1F0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7D1F0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualFree] 7D1E0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[676] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualAlloc] 7D1E0320

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:1560] A8FD41F0

---- EOF - GMER 1.0.15 ----
wall
Active Member
 
Posts: 10
Joined: September 6th, 2011, 5:32 pm

Re: Trouble removing Key Mouse Genie

Unread postby deltalima » September 10th, 2011, 5:15 pm

Hi wall,

Registry Cleaners

Re. Wise Registry Cleaner Free 5.61

I don't personally recommend the use of ANY registry cleaners. Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't bad as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.


This post by Bill Castner is veryinformative: WhatTheTech Forum

Please uninstall Wise Registry Cleaner Free 5.61

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    :otl
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
    O4 - HKU\S-1-5-21-3372777191-685033089-2663186257-500..\Run: [updateMgr] File not found
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    :commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

F-Secure Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go HERE to run an online scan from F-Secure
  • Click on Start scanning
  • This will open a new window
        In Interner Explorer
      • It will require an activex control, please install it
      • Click Accept

        In Firefox
      • It will require an Add-on to be installed, please install it
      • Order to install the Add-on Firefox needs to be restarted, please do so
  • Click Full System Scan
  • It will now download the scanner this may take a while please be patient
  • It will then start scanning wait for the scan to finish
  • Click Automatic cleaning (recommended)
  • Wait for it finish the cleaning process
  • Click show report
  • This will open up a window with the results of the scan copy and paste those results as a reply to this topic

Now run a quick scan with Malwarebytes and post the log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Trouble removing Key Mouse Genie

Unread postby wall » September 11th, 2011, 1:05 pm

Scanned:

Files: 69524
System: 3620
Not scanned: 57

Actions:

Disinfected: 1
Renamed: 0
Deleted: 0
Not cleaned: 1
Submitted: 0

Files not scanned:

C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\FILE_CACHE\META
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\868
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\881
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\886
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\887
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\888
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\883
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\884
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\892
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\891
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\890
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\894
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\895
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\897
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\903
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\909
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\911
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\912
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\914
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\917
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\916
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\920
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\919
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\918
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\922
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\921
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\930
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\929
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\928
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\935
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\936
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\931
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\937
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\940
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\941
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\944
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\943
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\947
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\950
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\951
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\948
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\945
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\954
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\958
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\960
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\956
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\959
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\974
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\KASPERSKY LAB\AVP11\SYSWHIST\AMLOGS\976
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\HSPERFDATA_ADMINISTRATOR\3128








All processes killed
========== PROCESSES ==========
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
Registry value HKEY_USERS\S-1-5-21-3372777191-685033089-2663186257-500\Software\Microsoft\Windows\CurrentVersion\Run\\updateMgr deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 640291479 bytes
->Temporary Internet Files folder emptied: 871086 bytes
->Java cache emptied: 2249686 bytes
->FireFox cache emptied: 233908326 bytes
->Google Chrome cache emptied: 254676524 bytes
->Flash cache emptied: 3890381 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 348 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

User: username

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 716401 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2246035 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 65427552 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1328120 bytes

Total Files Cleaned = 1,150.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner

User: username

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.27.0 log created on 09112011_125543

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\kls3229.tmp not found!

Registry entries deleted on Reboot...
wall
Active Member
 
Posts: 10
Joined: September 6th, 2011, 5:32 pm

Re: Trouble removing Key Mouse Genie

Unread postby deltalima » September 11th, 2011, 1:13 pm

Did the F-Secure log give details of the file disinfected and not cleaned?

Please post the Malwarebytes log when ready.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Trouble removing Key Mouse Genie

Unread postby wall » September 11th, 2011, 3:32 pm

The log didnt said anything about the two files, i took a quick look at the drop down, i dont remember the one which was disinfected file but the not cleaned one was OYQWWUR.EXE. should i run another f-secure scan?

and heres the Malwarebytes log


Malwarebytes' Anti-Malware 1.44
Database version: 3627
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9/11/2011 3:29:35 PM
mbam-log-2011-09-11 (15-29-35).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 195659
Time elapsed: 56 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
wall
Active Member
 
Posts: 10
Joined: September 6th, 2011, 5:32 pm

Re: Trouble removing Key Mouse Genie

Unread postby deltalima » September 11th, 2011, 3:43 pm

Hi wall,

the one which was disinfected file but the not cleaned one was OYQWWUR.EXE. should i run another f-secure scan?


No that's fine, let's see if that file is still on the computer.

Download SystemLook and save it to your Desktop.

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    OYQWWUR.EXE
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Trouble removing Key Mouse Genie

Unread postby wall » September 11th, 2011, 3:52 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 15:50 on 11/09/2011 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "OYQWWUR.EXE"
No files found.

-= EOF =-
wall
Active Member
 
Posts: 10
Joined: September 6th, 2011, 5:32 pm

Re: Trouble removing Key Mouse Genie

Unread postby deltalima » September 11th, 2011, 3:58 pm

Hi wall,

Searching for "OYQWWUR.EXE"
No files found.


Ok, let's run one final scan to make sure

PANDA ONLINE SCAN

Please go Here to run Panda's ActiveScan
  • Once you are on the Panda site, click the Scan your PC button
  • A new window will open...click the Scan Now button
  • Allow the ActiveX control to be installed. It will start downloading the files it requires for the scan. Note: This may take a couple of minutes
  • Run the ActiveX control, if requested. The screen will then show the scanning progress - the scan will take a while to finish. Please be patient.
  • When the scan has finished, click on Export To
  • Save the file as Activescan.txt to your Desktop
  • Close the Activescan window then go to your Desktop
  • Double-click on Activescan.txt and it will open in Notepad
  • In Notepad, click Edit > Select all, then Edit > Copy
  • Reply to this thread and click Ctrl+V to paste the log in your reply

If Panda finds nothing then please run F-Secure again to see if it still detects anything.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Trouble removing Key Mouse Genie

Unread postby wall » September 12th, 2011, 12:37 am

I did the scan but after several hours and after scanning 770k files it was only at 18% so i dont know if there was something wrong or what.
I will run another tomorrow but heres what i got after canceling.



;***********************************************************************************************************************************************************************************
ANALYSIS: 2011-09-12 00:35:01
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Kaspersky Anti-Virus 11.0.2.556 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\x8qg0pow.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\k63ix2o4.txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\jr5wherb.txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\6flagb0r.txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\t12im324.txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
wall
Active Member
 
Posts: 10
Joined: September 6th, 2011, 5:32 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware