Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help:Infected with win 7 internet security 2012 virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 maxim1

maxim1

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 03 December 2011 - 11:26 AM

i think i got the virus with abode update:
any help would be appreciated


here is my OTS file

OTS logfile created on: 12/3/2011 10:01:14 AM - Run 1
OTS by OldTimer - Version 3.1.46.0     Folder = C:\Users\Kirk\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.51 Gb Total Space | 216.91 Gb Free Space | 76.51% Space Free | Partition Type: NTFS
Drive D: | 14.29 Gb Total Space | 2.36 Gb Free Space | 16.50% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 83.25 Mb Free Space | 83.80% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KG
Current User Name: Kirk
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\Kirk\Desktop\OTS.exe -> [2011/12/03 09:44:32 | 000,646,144 | ---- | M] (OldTimer Tools)
ual.exe -> C:\Users\Kirk\AppData\Local\ual.exe -> [2011/12/01 23:00:23 | 000,284,672 | ---- | M] (Microsoft Corporation)
vsmon.exe -> C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -> [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD)
mbamservice.exe -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation)
rimbblaunchagent.exe -> C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe -> [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited)
pctsgui.exe -> C:\Program Files (x86)\PC Tools Security\pctsGui.exe -> [2010/12/01 14:49:56 | 001,589,208 | ---- | M] (PC Tools)
pctssvc.exe -> C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -> [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools)
acdaemon.exe -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe -> [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.)
arccon.ac -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac -> [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.)
nasvc.exe -> C:\Program Files (x86)\Nero\Update\NASvc.exe -> [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG)
acservice.exe -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.)
pctsauxs.exe -> C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -> [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools)
picturemover.exe -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe -> [2009/05/24 22:26:22 | 000,430,080 | ---- | M] (Hewlett-Packard Company)
ubbmonitor.exe -> C:\Program Files (x86)\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe -> [2008/12/31 13:46:20 | 000,286,720 | ---- | M] (ArcSoft, Inc.)
 
[Modules - No Company Name]
zlib1.dll -> C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll -> [2011/06/24 21:56:36 | 000,087,328 | ---- | M] ()
libxml2.dll -> C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll -> [2011/06/24 21:56:14 | 001,241,888 | ---- | M] ()
msjetoledb40.dll -> C:\Windows\SysWOW64\msjetoledb40.dll -> [2009/07/13 19:15:45 | 000,364,544 | ---- | M] ()
presentation.dll -> C:\Users\Kirk\AppData\Roaming\PictureMover\EN-US\Presentation.dll -> [2009/05/24 22:34:02 | 001,703,936 | ---- | M] ()
core.dll -> C:\Users\Kirk\AppData\Roaming\PictureMover\Bin\Core.dll -> [2009/05/24 22:25:22 | 003,760,128 | ---- | M] ()
fpxlib.dll -> C:\Program Files (x86)\ArcSoft\TotalMedia Extreme\BackUp & Recorder\fpxlib.dll -> [2006/11/08 13:58:38 | 000,449,280 | ---- | M] ()
 
[Win32 Services - Safe List]
64bit-(IswSvc)  [Auto | Running] -> C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -> [2011/11/03 08:44:42 | 000,827,520 | ---- | M] (Check Point Software Technologies)
64bit-(RtVOsdService)  [Auto | Running] -> C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -> [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.)
64bit-(AERTFilters)  [Auto | Running] -> C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -> [2009/11/17 20:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation)
(vsmon) TrueVector Internet Monitor [Auto | Running] -> C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -> [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD)
(MBAMService) MBAMService [Auto | Running] -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation)
(sdCoreService) PC Tools Security Service [Auto | Running] -> C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -> [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools)
(NAUpdate) Nero Update [Auto | Running] -> C:\Program Files (x86)\Nero\Update\NASvc.exe -> [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(ACDaemon) ArcSoft Connect Daemon [Auto | Running] -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.)
(sdAuxService) PC Tools Auxiliary Service [Auto | Running] -> C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -> [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools)
(GameConsoleService) GameConsoleService [On_Demand | Stopped] -> C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -> [2010/01/04 12:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
64bit-(ISWKL) ZoneAlarm ForceField ISWKL [Kernel | Auto | Running] -> C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -> [2011/11/03 08:44:22 | 000,033,672 | ---- | M] (Check Point Software Technologies)
64bit-(icsak) icsak [Kernel | On_Demand | Running] -> C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -> [2011/11/03 08:44:20 | 000,045,448 | ---- | M] (Check Point Software Technologies)
64bit-(MBAMProtector) MBAMProtector [File_System | On_Demand | Running] -> C:\Windows\SysNative\drivers\mbam.sys -> [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation)
64bit-(tbhsd) Tunebite High-Speed Dubbing [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\tbhsd.sys -> [2011/08/29 15:40:13 | 000,046,112 | ---- | M] (RapidSolution Software AG)
64bit-(USBAAPL64) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbaapl64.sys -> [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.)
64bit-(Vsdatant) Zone Alarm Firewall Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\vsdatant.sys -> [2011/05/07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD)
64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2011/03/21 12:22:06 | 000,452,200 | ---- | M] (Realtek                                            )
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices)
64bit-(RimUsb) BlackBerry Smartphone [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -> [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited)
64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2011/02/11 18:16:38 | 010,628,640 | ---- | M] (Intel Corporation)
64bit-(PCTCore) PCTools KDS [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\PCTCore64.sys -> [2010/11/25 10:43:26 | 000,257,232 | ---- | M] (PC Tools)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company)
64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation)
64bit-(sdbus) sdbus [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\sdbus.sys -> [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation)
64bit-(kl2) kl2 [Kernel | System | Running] -> C:\Windows\SysNative\drivers\kl2.sys -> [2010/10/14 17:08:38 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO)
64bit-(KL1) KL1 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\kl1.sys -> [2010/10/14 17:08:36 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO)
64bit-(KLIF) Kaspersky Lab Driver [File_System | System | Running] -> C:\Windows\SysNative\drivers\klif.sys -> [2010/09/21 16:51:56 | 000,362,072 | ---- | M] (Kaspersky Lab)
64bit-(pctEFA) PC Tools Extended File Attributes [File_System | Boot | Running] -> C:\Windows\SysNative\drivers\pctEFA64.sys -> [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools)
64bit-(pctDS) PC Tools Data Store [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\pctDS64.sys -> [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools)
64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SynTP.sys -> [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated)
64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2010/04/13 09:44:22 | 000,540,696 | ---- | M] (Intel Corporation)
64bit-(Svk2pl) GigawareX USB to Serial Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\Svk2pl64.sys -> [2010/04/01 06:54:22 | 000,097,280 | ---- | M] (Gigaware)
64bit-(IntcHdmiAddService) Intel(R) High Definition Audio HDMI [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\IntcHdmi.sys -> [2010/03/05 13:57:18 | 000,144,896 | ---- | M] (Intel(R) Corporation)
64bit-(rtl8192se) Realtek Wireless LAN 802.11n PCI-E NIC NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\rtl8192se.sys -> [2010/01/29 02:46:46 | 001,089,056 | ---- | M] (Realtek Semiconductor Corporation                           )
64bit-(RSUSBSTOR) RtsUStor.Sys Realtek USB Card Reader [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\RtsUStor.sys -> [2009/09/22 19:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(WSDPrintDevice) WSD Print Support via UMB [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\WSDPrint.sys -> [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation)
64bit-(ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\rootmdm.sys -> [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation)
64bit-(SrvHsfV92) SrvHsfV92 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VSTDPV6.SYS -> [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.)
64bit-(SrvHsfWinac) SrvHsfWinac [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VSTCNXT6.SYS -> [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.)
64bit-(SrvHsfHDA) SrvHsfHDA [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VSTAZL6.SYS -> [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.)
64bit-(yukonw7) NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\yk62x64.sys -> [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell)
64bit-(netw5v64) Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\netw5v64.sys -> [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\GEARAspiWDM.sys -> [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.)
64bit-(FTDIBUS) USB Serial Converter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ftdibus.sys -> [2009/02/17 11:18:48 | 000,069,192 | ---- | M] (FTDI Ltd.)
64bit-(RimVSerPort) RIM Virtual Serial Port v2 [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -> [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd)
(RSUSBSTOR) RtsUStor.Sys Realtek USB Card Reader [Kernel | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\RtsUStor.sys -> [2009/09/22 19:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://g.msn.com/HPNOT/1 -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://g.msn.com/HPNOT/1 -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://g.msn.com/HPNOT/1 -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://g.msn.com/HPNOT/1 -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://g.msn.com/HPNOT/1 -> 
HKEY_CURRENT_USER\: Main\\"Secondary Start Pages" -> http://www.yahoo.com/ [binary data] -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.facebook.com/ -> 
HKEY_CURRENT_USER\: URLSearchHooks\\"{472734EA-242A-422b-ADF8-83D1E48CC825}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_CURRENT_USER\: URLSearchHooks\\"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Users\Kirk\AppData\Roaming\Mozilla\FireFox\Profiles\5dz37lh9.default\prefs.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] -> [2010/05/14 23:56:14 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\WOW64\TRUSTCHECKER] -> [2011/12/01 23:53:27 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 6.0.2\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2011/12/02 00:02:41 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\Kirk\AppData\Roaming\mozilla\Extensions -> [2011/09/01 17:02:11 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2011/09/01 17:47:07 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} -> [2011/09/01 17:47:07 | 000,000,000 | ---D | M]
< HOSTS File > ([2011/12/03 08:38:03 | 000,000,098 | ---- | M] - 2 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
::1       localhost
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine Registrar] -> [2011/11/03 08:44:48 | 000,904,832 | ---- | M] (Check Point Software Technologies)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine Registrar] -> [2011/11/03 08:44:36 | 000,599,680 | ---- | M] (Check Point Software Technologies)
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [Microsoft Live Search Toolbar Helper] -> [2009/07/16 13:35:18 | 000,082,784 | ---- | M] (Microsoft Corp.)
{D4027C7F-154A-4066-A1AD-4243D8127440} [HKLM] -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [Nero Toolbar] -> [2011/05/17 12:29:36 | 001,490,312 | ---- | M] (Ask)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine] -> [2011/11/03 08:44:48 | 000,904,832 | ---- | M] (Check Point Software Technologies)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}" [HKLM] -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [Microsoft Live Search Toolbar] -> [2009/07/16 13:35:18 | 000,082,784 | ---- | M] (Microsoft Corp.)
"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [Nero Toolbar] -> [2011/05/17 12:29:36 | 001,490,312 | ---- | M] (Ask)
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine] -> [2011/11/03 08:44:36 | 000,599,680 | ---- | M] (Check Point Software Technologies)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{30F9B915-B755-4826-820B-08FBA6BD249D}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [Nero Toolbar] -> [2011/05/17 12:29:36 | 001,490,312 | ---- | M] (Ask)
64bit-WebBrowser\\"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine] -> [2011/11/03 08:44:48 | 000,904,832 | ---- | M] (Check Point Software Technologies)
WebBrowser\\"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine] -> [2011/11/03 08:44:36 | 000,599,680 | ---- | M] (Check Point Software Technologies)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2011/02/11 18:25:38 | 000,386,584 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2011/02/11 18:25:56 | 000,162,328 | ---- | M] (Intel Corporation)
"ISW" -> C:\Program Files\CheckPoint\ZAForceField\ForceField.exe ["C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"] -> [2011/11/03 08:44:38 | 001,125,504 | ---- | M] (Check Point Software Technologies)
"Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2011/02/11 18:25:46 | 000,417,304 | ---- | M] (Intel Corporation)
"RTHDVCPL" -> C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s] -> [2011/02/14 13:20:39 | 006,489,704 | ---- | M] (Realtek Semiconductor)
"RtkOSD" -> C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe] -> [2010/01/12 18:32:10 | 000,995,840 | ---- | M] (Realtek Semiconductor Corp.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"" ->  [] -> File not found
"APSDaemon" -> C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe ["C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"] -> [2011/11/01 23:25:58 | 000,059,240 | ---- | M] (Apple Inc.)
"ArcSoft Connection Service" -> C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe] -> [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.)
"ISTray" -> C:\Program Files (x86)\PC Tools Security\pctsGui.exe ["C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI] -> [2010/12/01 14:49:56 | 001,589,208 | ---- | M] (PC Tools)
"Malwarebytes' Anti-Malware" -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe ["C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray] -> [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation)
"Malwarebytes' Anti-Malware (reboot)" -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation)
"RIMBBLaunchAgent.exe" -> C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe] -> [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited)
"ZoneAlarm" -> C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe ["C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"] -> [2011/11/09 20:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD)
"ZoneAlarm Installer" -> C:\Program Files (x86)\CheckPoint\Install\Launcher.exe ["C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r download /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" /w] -> [2011/12/03 09:59:11 | 000,403,088 | ---- | M] (Check Point Software Technologies LTD)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"HPAdvisorDock" ->  [C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" ->  [1] -> File not found
\\"NoActiveDesktopChanges" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [5] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
\\"PromptOnSecureDesktop" ->  [0] -> File not found
\\"EnableLinkedConnections" ->  [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< 64bit-Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Download Video on This Page -> C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll [res://C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211] -> [2010/01/07 23:15:44 | 000,073,728 | ---- | M] (Tomato)
Download Video This Links To -> C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll [res://C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/212] -> [2010/01/07 23:15:44 | 000,073,728 | ---- | M] (Tomato)
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Download Video on This Page -> C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll [res://C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211] -> [2010/01/07 23:15:44 | 000,073,728 | ---- | M] (Tomato)
Download Video This Links To -> C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll [res://C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/212] -> [2010/01/07 23:15:44 | 000,073,728 | ---- | M] (Tomato)
Google Sidewiki... ->  [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{11F19C45-9675-488A-A8E0-8E8234DC245D}:res://C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211 [HKLM] -> C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll [Button: Download Video] -> [2010/01/07 23:15:44 | 000,073,728 | ---- | M] (Tomato)
{11F19C45-9675-488A-A8E0-8E8234DC245D}:res://C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211 [HKLM] -> C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll [Menu: Download Video on This Page] -> [2010/01/07 23:15:44 | 000,073,728 | ---- | M] (Tomato)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< 64bit-Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{1851174C-97BD-4217-A0CC-E908F60D5B7A} [HKLM] -> http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB [Hewlett-Packard Online Support Services] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll [Installation Support] -> 
{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [HKLM] -> http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab [GMNRev Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26] -> 
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 209.18.47.61 209.18.47.62 0.0.0.0 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{6162C4BF-316A-4B00-B858-B1E986EC7961}\\DhcpNameServer -> 209.18.47.61 209.18.47.62 0.0.0.0   (Realtek RTL8191SE 802.11b/g/n WiFi Adapter) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 19:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
userinit.exe -> C:\Windows\SysWow64\userinit.exe -> [2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\Windows\SysNative\igfxdev.dll -> [2011/02/11 17:45:30 | 000,272,896 | ---- | M] (Intel Corporation)
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{0E92D0F0-222A-4CB6-9B33-42AE951FAFBE} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | 
{12C0AB30-CAEE-47C7-8AE1-B6571A4DD637} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
{3BA827BB-0CDE-4FEF-A8D4-D83D03AACF0B} -> lport=808 | protocol=6 | dir=in | action=allow | name=@c:\windows\microsoft.net\framework64\v4.0.30319\\servicemodelevents.dll,-2000 | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | svc=nettcpactivator | 
{43E763C8-F7D2-443A-9FE8-5495131DD1F0} -> lport=4481 | profile=private | protocol=17 | dir=in | action=allow | name=blackberry desktop software wireless music sync discovery | 
{4E465BA7-DF82-450B-BFA0-D419FCB069F1} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | 
{53214825-5735-49A0-ADAE-58C45F051927} -> lport=4482 | profile=private | protocol=6 | dir=in | action=allow | name=blackberry desktop software wireless music sync data transfer | 
{58C7DB54-F855-4656-8D3E-666A75EF568C} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
{63526175-A2E1-49B7-BC7C-6CDF03324358} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | 
{6965BA32-2431-45B8-AA28-CD8C1CC967D6} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | 
{7C34031F-D173-4290-9561-D2247E0A9EE7} -> lport=4481 | profile=private | protocol=6 | dir=in | action=allow | name=blackberry desktop software wireless music sync data transfer | 
{7E891D7C-FF68-4D8A-861C-0BB7AAD2AE6B} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{84BE6C63-42B7-43D2-9360-DF99BE8B06E1} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | 
{8B84ED54-95D2-42BD-82B7-5202A83B14FA} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | 
{95CE9A63-C7C2-41DD-87FF-496EC00A6AC7} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | 
{9B7EE640-2CBD-489C-BF35-0CDF4B70DB51} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | 
{9B9A4673-CF8A-4A2D-9A11-BF45411C0DE0} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | 
{BC02FB66-FCAC-4379-8F83-096603B1E0DE} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | 
{BC4EC3EA-7173-4A15-8DD8-748091F36D33} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | 
{BE713ADC-B199-4C93-8D53-1F37E7FF3E4B} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | 
{BF5ACFE0-7C9B-4EF8-ABC8-F53DCFC1D4CD} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{D148469C-1931-42EA-B316-4C6BC1C9543B} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{D378C1DB-B67A-4782-9466-A0FF927591E4} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | 
{DB44819F-E825-4FAF-8AFC-0A1AAFF291FC} -> lport=4482 | profile=private | protocol=17 | dir=in | action=allow | name=blackberry desktop software wireless music sync discovery | 
{E0FFC704-25B8-4059-89A2-D15532A6CDB7} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{00B7A698-A899-44E7-AA1D-3FF65121B565} -> profile=private | protocol=6 | dir=in | action=allow | name=imesh | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
{0A8762E8-3219-4F44-8E83-889214C93307} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
{0B3F9137-1987-46B6-9FBA-3767A2A4BD81} -> profile=private | protocol=17 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | 
{10279F2D-EF17-4498-9F89-08D9AC2D8503} -> profile=private | protocol=17 | dir=in | action=allow | name=imesh | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
{10BD8429-783C-402A-8542-40E05CA26986} -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard launcher | app=c:\program files (x86)\world of warcraft\launcher.exe | 
{11307DCF-3615-44DA-B800-5AE525487C25} -> profile=private | protocol=17 | dir=in | action=allow | name=vsmon | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
{14BF94F6-9A40-4CA4-87FE-905D82A29560} -> profile=private | protocol=6 | dir=in | action=allow | name=vsmon | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
{152C6A50-2FD6-49C8-9691-81175C64949E} -> profile=private | protocol=6 | dir=in | action=allow | name=nexon game manager | app=c:\programdata\nexonus\ngm\ngm.exe | 
{16EBA1F3-E55A-4A0B-97C6-D214E483C7CB} -> dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | 
{173FBF4A-F5AE-43BF-BA6F-22E0452BF7AE} -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard launcher | app=c:\program files (x86)\world of warcraft\launcher.exe | 
{277FFF25-EAC2-4AC7-A048-6EABE3E60C5A} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{2914E933-3495-45C8-B3BB-35A2A168CA7C} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
{330D12F9-0551-48D2-BB56-56122E624ECF} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | 
{497EC972-8D1D-4845-8D5C-6E2596084872} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | 
{6EA90BD6-B019-44A6-BC51-27C8F5C55517} -> profile=private | protocol=17 | dir=in | action=allow | name=blackberry desktop software | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 
{7DE297D2-6333-4F6A-995D-1BEE186C911A} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{836CFAB3-B856-4085-A715-C24E1FCBD87D} -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard launcher | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
{8C21837F-549B-4E1B-A9BE-184953DE8E05} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
{9421A92F-DB2B-4268-8FAC-800CEE43B991} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | 
{A0A3262B-CBAC-42E3-99CD-1213E30E846E} -> profile=domain | protocol=17 | dir=in | action=allow | name=imesh | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
{A1A24846-7CF5-4FFF-AC67-306222AC2A15} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{A2793F49-A835-4BF4-9BFB-C9C4809DF2C7} -> profile=domain | protocol=6 | dir=in | action=allow | name=imesh | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
{A684D7FB-FC48-478E-B4B9-1BF118190FEF} -> profile=private | protocol=6 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | 
{AAA0C03C-6216-495C-889A-BD200CAE1923} -> dir=in | action=allow | name=cyberlink powerdirector | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
{BE2DBFDF-75BC-4E19-9F58-C3AE47F53EE2} -> profile=private | protocol=6 | dir=in | action=allow | name=blackberry desktop software | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 
{C24CC0E7-7FF1-4A35-BF62-EB1471B34F7A} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files\bonjour\mdnsresponder.exe | 
{D0EA018F-A5BF-4579-87FE-C38E6EDE7DBB} -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard launcher | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
{D4E32AAB-6D25-48D9-9DCD-59FE1E36B47E} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
{D73B015A-2349-4EB8-88A9-5AA367DD6FB6} -> profile=private | protocol=17 | dir=in | action=allow | name=nexon game manager | app=c:\programdata\nexonus\ngm\ngm.exe | 
{DA72E4DA-5253-42DE-B047-2AC5B2533C89} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
{DE92C289-B85F-409F-A230-127A3E123FD4} -> dir=in | action=allow | name=webkit | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
{E09DF94F-9950-4DC5-847D-737CAE0EE3A1} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | 
{F634C9A2-3A32-4BD9-A186-76733EC5F37F} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files\bonjour\mdnsresponder.exe | 
{FE0F8756-89DF-4241-B063-6B0FA63F0B30} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
TCP Query User{27F5FCDF-050D-4D42-894B-4E7FAC2F025C}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=6 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
TCP Query User{2F47C7AB-C95A-494D-B4C3-5F1DB602726F}C:\program files (x86)\utorrent\utorrent.exe -> profile=private | protocol=6 | dir=in | action=allow | name=μtorrent | app=c:\program files (x86)\utorrent\utorrent.exe | 
TCP Query User{3BB69D5F-90C0-4E4B-833C-F434662195FC}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe -> profile=private | protocol=6 | dir=in | action=allow | name=sid meier's civilization v | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe | 
TCP Query User{522EE63E-8870-41DD-8534-632DBFC778BD}C:\program files (x86)\world of warcraft\backgrounddownloader.exe -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard downloader | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
TCP Query User{9E4B2A8C-8736-48AE-996D-829B7686899E}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe -> profile=private | protocol=6 | dir=in | action=allow | name=blizzard downloader | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
TCP Query User{BA643D6B-0C37-4824-A6DC-74BBE0CF2329}C:\program files (x86)\the witcher 2\bin\witcher2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=the witcher 2: assasins of kings | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe | 
UDP Query User{012DC14E-0166-43D5-A91A-A63BD9E6DC27}C:\program files (x86)\world of warcraft\backgrounddownloader.exe -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard downloader | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
UDP Query User{335766B3-2D84-4247-8475-947DD1A530CA}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe -> profile=private | protocol=17 | dir=in | action=allow | name=blizzard downloader | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
UDP Query User{3BB7966A-3F14-4529-A45B-883A31D67C9F}C:\program files (x86)\utorrent\utorrent.exe -> profile=private | protocol=17 | dir=in | action=allow | name=μtorrent | app=c:\program files (x86)\utorrent\utorrent.exe | 
UDP Query User{58E599A2-1FFB-4CB0-B775-B6D4C092B042}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe -> profile=private | protocol=17 | dir=in | action=allow | name=sid meier's civilization v | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe | 
UDP Query User{7798379B-12B2-4705-8B85-893B6B1F3C32}C:\program files (x86)\the witcher 2\bin\witcher2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=the witcher 2: assasins of kings | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe | 
UDP Query User{F9DB1A06-DA01-4F5E-8829-9199DAD7066D}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=17 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [\SystemRoot\system32\drivers\cdrom.sys] -> File not found
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %*
64bit-exefile [open] -> "%1" %*
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>\ -> 
.exe [@ = ah] -> C:\Users\Kirk\AppData\Local\ual.exe -> [2011/12/01 23:00:23 | 000,284,672 | ---- | M] (Microsoft Corporation)
 
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Users\Kirk\Desktop\OTS.exe -> [2011/12/03 08:44:44 | 000,646,144 | ---- | C] (OldTimer Tools)
 _OTM -> C:\_OTM -> [2011/12/03 08:37:57 | 000,000,000 | ---D | C]
 OTM.exe -> C:\Users\Kirk\Desktop\OTM.exe -> [2011/12/03 08:34:40 | 000,523,264 | ---- | C] (OldTimer Tools)
 tdsskiller.exe -> C:\Users\Kirk\Desktop\tdsskiller.exe -> [2011/12/03 08:33:06 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO)
 Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/12/03 08:28:49 | 000,000,000 | ---D | C]
 mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2011/12/03 08:28:44 | 000,025,416 | ---- | C] (Malwarebytes Corporation)
 pctEFA64.sys -> C:\Windows\SysNative\drivers\pctEFA64.sys -> [2011/12/03 08:17:49 | 000,816,016 | ---- | C] (PC Tools)
 pctDS64.sys -> C:\Windows\SysNative\drivers\pctDS64.sys -> [2011/12/03 08:17:49 | 000,452,872 | ---- | C] (PC Tools)
 pctgntdi64.sys -> C:\Windows\SysNative\drivers\pctgntdi64.sys -> [2011/12/03 08:17:47 | 000,331,368 | ---- | C] (PC Tools)
 pctwfpfilter64.sys -> C:\Windows\SysNative\drivers\pctwfpfilter64.sys -> [2011/12/03 08:17:47 | 000,136,168 | ---- | C] (PC Tools)
 PCTCore64.sys -> C:\Windows\SysNative\drivers\PCTCore64.sys -> [2011/12/03 08:17:29 | 000,257,232 | ---- | C] (PC Tools)
 PC Tools Security -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security -> [2011/12/03 08:17:26 | 000,000,000 | ---D | C]
 pctplsg64.sys -> C:\Windows\SysNative\drivers\pctplsg64.sys -> [2011/12/03 08:17:21 | 000,092,896 | ---- | C] (PC Tools)
 eXplorer64.exe -> C:\Users\Kirk\Desktop\eXplorer64.exe -> [2011/12/03 08:15:13 | 001,047,880 | ---- | C] (Sysinternals - www.sysinternals.com)
 spdoc.exe -> C:\Users\Kirk\Desktop\spdoc.exe -> [2011/12/03 08:15:04 | 038,357,400 | ---- | C] (PC Tools                                                    )
 mbam-setup.exe -> C:\Users\Kirk\Desktop\mbam-setup.exe -> [2011/12/03 08:14:35 | 009,851,496 | ---- | C] (Malwarebytes Corporation                                    )
 Malwarebytes -> C:\Users\Kirk\AppData\Roaming\Malwarebytes -> [2011/12/02 17:25:37 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\ProgramData\Malwarebytes -> [2011/12/02 17:25:26 | 000,000,000 | ---D | C]
 Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2011/12/02 17:23:20 | 000,000,000 | ---D | C]
 PC Tools Security -> C:\Program Files (x86)\PC Tools Security -> [2011/12/02 17:17:36 | 000,000,000 | ---D | C]
 PC Tools -> C:\Users\Kirk\AppData\Roaming\PC Tools -> [2011/12/02 17:17:36 | 000,000,000 | ---D | C]
 PC Tools -> C:\ProgramData\PC Tools -> [2011/12/02 17:17:36 | 000,000,000 | ---D | C]
 PC Tools -> C:\Program Files (x86)\Common Files\PC Tools -> [2011/12/02 17:17:36 | 000,000,000 | ---D | C]
 Internet Logs -> C:\Windows\Internet Logs -> [2011/12/01 23:54:20 | 000,000,000 | ---D | C]
 Check Point -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point -> [2011/12/01 23:51:50 | 000,000,000 | ---D | C]
 CheckPoint -> C:\Program Files (x86)\CheckPoint -> [2011/12/01 23:36:44 | 000,000,000 | ---D | C]
 ual.exe -> C:\Users\Kirk\AppData\Local\ual.exe -> [2011/12/01 23:00:23 | 000,284,672 | ---- | C] (Microsoft Corporation)
 Macromed -> C:\Windows\SysNative\Macromed -> [2011/12/01 01:08:15 | 000,000,000 | ---D | C]
 iTunes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes -> [2011/12/01 00:35:27 | 000,000,000 | ---D | C]
 iPod -> C:\Program Files\iPod -> [2011/12/01 00:32:38 | 000,000,000 | ---D | C]
 iTunes -> C:\Program Files\iTunes -> [2011/12/01 00:32:37 | 000,000,000 | ---D | C]
 {F112F8D6-0FF8-4F57-8556-E02E88937515} -> C:\Users\Kirk\AppData\Local\{F112F8D6-0FF8-4F57-8556-E02E88937515} -> [2011/11/29 22:36:05 | 000,000,000 | ---D | C]
 8B8 -> C:\ProgramData\8B8 -> [2011/11/26 18:59:08 | 000,000,000 | ---D | C]
 pss -> C:\Windows\pss -> [2011/11/24 18:22:15 | 000,000,000 | ---D | C]
 {CFAE343D-3043-4B6F-B91E-2FC132B95B46} -> C:\Users\Kirk\AppData\Local\{CFAE343D-3043-4B6F-B91E-2FC132B95B46} -> [2011/11/18 18:44:15 | 000,000,000 | ---D | C]
 {EB1B999C-9A1B-495C-B843-99CFA8A44207} -> C:\Users\Kirk\AppData\Local\{EB1B999C-9A1B-495C-B843-99CFA8A44207} -> [2011/11/16 15:12:29 | 000,000,000 | ---D | C]
 Google Earth -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth -> [2011/11/10 22:34:52 | 000,000,000 | ---D | C]
 1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 476131j3y854x516k168w1ehc1n1 -> C:\Users\Kirk\AppData\Local\476131j3y854x516k168w1ehc1n1 -> [2011/12/03 10:07:51 | 000,012,328 | -HS- | M] ()
 476131j3y854x516k168w1ehc1n1 -> C:\ProgramData\476131j3y854x516k168w1ehc1n1 -> [2011/12/03 10:07:51 | 000,012,328 | -HS- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/12/03 10:04:33 | 000,023,248 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/12/03 10:04:33 | 000,023,248 | -H-- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2011/12/03 10:03:42 | 000,779,266 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2011/12/03 10:03:42 | 000,660,530 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2011/12/03 10:03:42 | 000,121,426 | ---- | M] ()
 Resume ZoneAlarm Security Install.lnk -> C:\Users\Kirk\Desktop\Resume ZoneAlarm Security Install.lnk -> [2011/12/03 09:59:17 | 000,001,372 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2011/12/03 09:56:34 | 000,000,890 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2011/12/03 09:56:12 | 000,067,584 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2011/12/03 09:56:03 | 2361,593,856 | -HS- | M] ()
 1.bmp -> C:\Users\Kirk\Desktop\1.bmp -> [2011/12/03 09:48:56 | 001,130,022 | ---- | M] ()
 123.bmp -> C:\Users\Kirk\Desktop\123.bmp -> [2011/12/03 09:47:02 | 002,081,862 | ---- | M] ()
 OTS.exe -> C:\Users\Kirk\Desktop\OTS.exe -> [2011/12/03 09:44:32 | 000,646,144 | ---- | M] (OldTimer Tools)
 OTM.exe -> C:\Users\Kirk\Desktop\OTM.exe -> [2011/12/03 09:34:38 | 000,523,264 | ---- | M] (OldTimer Tools)
 tdsskiller.exe -> C:\Users\Kirk\Desktop\tdsskiller.exe -> [2011/12/03 09:33:10 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO)
 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2011/12/03 09:15:59 | 000,000,894 | ---- | M] ()
 Hosts -> C:\Windows\SysNative\drivers\etc\Hosts -> [2011/12/03 08:38:03 | 000,000,098 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/12/03 08:28:50 | 000,001,109 | ---- | M] ()
 Cat.DB -> C:\Windows\SysNative\drivers\Cat.DB -> [2011/12/03 08:18:06 | 001,801,728 | ---- | M] ()
 Spyware Doctor.lnk -> C:\Users\Public\Desktop\Spyware Doctor.lnk -> [2011/12/03 08:17:27 | 000,002,074 | ---- | M] ()
 eXplorer64.exe -> C:\Users\Kirk\Desktop\eXplorer64.exe -> [2011/12/03 08:15:13 | 001,047,880 | ---- | M] (Sysinternals - www.sysinternals.com)
 spdoc.exe -> C:\Users\Kirk\Desktop\spdoc.exe -> [2011/12/02 18:16:30 | 038,357,400 | ---- | M] (PC Tools                                                    )
 mbam-setup.exe -> C:\Users\Kirk\Desktop\mbam-setup.exe -> [2011/12/02 18:15:10 | 009,851,496 | ---- | M] (Malwarebytes Corporation                                    )
 vsconfig.xml -> C:\Windows\SysNative\drivers\vsconfig.xml -> [2011/12/01 23:54:30 | 000,416,454 | ---- | M] ()
 pdfl.dat -> C:\Windows\SysWow64\pdfl.dat -> [2011/12/01 23:53:09 | 000,000,144 | ---- | M] ()
 ual.exe -> C:\Users\Kirk\AppData\Local\ual.exe -> [2011/12/01 23:00:23 | 000,284,672 | ---- | M] (Microsoft Corporation)
 QuickTime Player.lnk -> C:\Users\Kirk\Documents\QuickTime Player.lnk -> [2011/12/01 00:45:18 | 000,001,845 | ---- | M] ()
 Safari.lnk -> C:\Users\Kirk\Documents\Safari.lnk -> [2011/12/01 00:38:39 | 000,002,491 | ---- | M] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Kirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/12/01 00:19:07 | 000,031,232 | ---- | M] ()
 HPCeeScheduleForKirk.job -> C:\Windows\tasks\HPCeeScheduleForKirk.job -> [2011/11/28 15:36:37 | 000,000,328 | ---- | M] ()
 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2011/11/25 17:42:22 | 000,424,440 | ---- | M] ()
 85 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> 
 1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> 
 
[Files - No Company Name]
 1.bmp -> C:\Users\Kirk\Desktop\1.bmp -> [2011/12/03 09:48:56 | 001,130,022 | ---- | C] ()
 123.bmp -> C:\Users\Kirk\Desktop\123.bmp -> [2011/12/03 09:47:02 | 002,081,862 | ---- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/12/03 08:28:50 | 000,001,109 | ---- | C] ()
 Cat.DB -> C:\Windows\SysNative\drivers\Cat.DB -> [2011/12/03 08:17:49 | 001,801,728 | ---- | C] ()
 Spyware Doctor.lnk -> C:\Users\Public\Desktop\Spyware Doctor.lnk -> [2011/12/03 08:17:27 | 000,002,074 | ---- | C] ()
 Resume ZoneAlarm Security Install.lnk -> C:\Users\Kirk\Desktop\Resume ZoneAlarm Security Install.lnk -> [2011/12/02 00:10:35 | 000,001,372 | ---- | C] ()
 vsconfig.xml -> C:\Windows\SysNative\drivers\vsconfig.xml -> [2011/12/01 23:53:58 | 000,416,454 | ---- | C] ()
 476131j3y854x516k168w1ehc1n1 -> C:\Users\Kirk\AppData\Local\476131j3y854x516k168w1ehc1n1 -> [2011/12/01 23:00:29 | 000,012,324 | -HS- | C] ()
 476131j3y854x516k168w1ehc1n1 -> C:\ProgramData\476131j3y854x516k168w1ehc1n1 -> [2011/12/01 23:00:29 | 000,012,324 | -HS- | C] ()
 QuickTime Player.lnk -> C:\Users\Kirk\Documents\QuickTime Player.lnk -> [2011/12/01 00:45:18 | 000,001,845 | ---- | C] ()
 Safari.lnk -> C:\Users\Kirk\Documents\Safari.lnk -> [2011/12/01 00:38:39 | 000,002,491 | ---- | C] ()
 LogWorks3 Uninstaller.exe -> C:\Windows\LogWorks3 Uninstaller.exe -> [2011/10/16 14:11:11 | 000,126,769 | ---- | C] ()
 pool.bin -> C:\Windows\SysWow64\pool.bin -> [2011/09/12 14:00:54 | 000,000,256 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Kirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/09/11 03:55:10 | 000,031,232 | ---- | C] ()
 pdfl.dat -> C:\Windows\SysWow64\pdfl.dat -> [2011/09/04 00:51:01 | 000,000,144 | ---- | C] ()
 ibfl.dat -> C:\Windows\SysWow64\ibfl.dat -> [2011/09/04 00:51:01 | 000,000,080 | ---- | C] ()
 lkfl.dat -> C:\Windows\SysWow64\lkfl.dat -> [2011/09/01 23:03:29 | 000,000,144 | ---- | C] ()
 GhostObjGAFix.xml -> C:\Users\Kirk\AppData\Roaming\GhostObjGAFix.xml -> [2011/03/21 06:17:39 | 000,001,854 | ---- | C] ()
 ArcHlp.sys -> C:\Windows\SysWow64\drivers\ArcHlp.sys -> [2011/03/19 15:43:39 | 000,161,792 | ---- | C] ()
 unins000.exe -> C:\Windows\unins000.exe -> [2011/02/08 19:23:19 | 000,683,801 | ---- | C] ()
 unins000.dat -> C:\Windows\unins000.dat -> [2011/02/08 19:23:19 | 000,001,058 | ---- | C] ()
 PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2011/02/07 00:01:15 | 000,773,482 | ---- | C] ()
 ISSRemoveSP.exe -> C:\Windows\SysWow64\ISSRemoveSP.exe -> [2011/01/30 22:18:32 | 000,451,072 | ---- | C] ()
 RStoneLog2.ini -> C:\Windows\SysWow64\RStoneLog2.ini -> [2011/01/30 22:14:49 | 000,000,268 | ---- | C] ()
 RStoneLog.ini -> C:\Windows\SysWow64\RStoneLog.ini -> [2011/01/30 22:14:49 | 000,000,209 | ---- | C] ()
 igkrng500.bin -> C:\Windows\SysWow64\igkrng500.bin -> [2010/03/05 13:57:08 | 000,982,240 | ---- | C] ()
 igfcg500m.bin -> C:\Windows\SysWow64\igfcg500m.bin -> [2010/03/05 13:57:02 | 000,092,356 | ---- | C] ()
 igcompkrng500.bin -> C:\Windows\SysWow64\igcompkrng500.bin -> [2010/03/05 13:56:58 | 000,439,308 | ---- | C] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2009/07/13 23:38:36 | 000,067,584 | --S- | C] ()
 NOISE.DAT -> C:\Windows\SysWow64\NOISE.DAT -> [2009/07/13 20:35:51 | 000,000,741 | ---- | C] ()
 dssec.dat -> C:\Windows\SysWow64\dssec.dat -> [2009/07/13 20:34:42 | 000,215,943 | ---- | C] ()
 mib.bin -> C:\Windows\mib.bin -> [2009/07/13 18:10:29 | 000,043,131 | ---- | C] ()
 BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 17:42:10 | 000,064,000 | ---- | C] ()
 igkrng400.bin -> C:\Windows\SysWow64\igkrng400.bin -> [2009/07/13 15:59:36 | 001,498,564 | ---- | C] ()
 igfcg500.bin -> C:\Windows\SysWow64\igfcg500.bin -> [2009/07/13 15:59:36 | 000,139,824 | ---- | C] ()
 msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 15:03:59 | 000,364,544 | ---- | C] ()
 mlang.dat -> C:\Windows\SysWow64\mlang.dat -> [2009/06/10 15:26:10 | 000,673,088 | ---- | C] ()
 HPBroker.dll -> C:\Windows\HPBroker.dll -> [2008/01/14 16:47:06 | 000,099,712 | ---- | C] ()
 unzip.exe -> C:\Windows\unzip.exe -> [2005/08/26 14:28:34 | 000,143,360 | ---- | C] ()
 shortcut.exe -> C:\Windows\shortcut.exe -> [2005/08/26 14:28:20 | 000,024,576 | ---- | C] ()
 devenum.exe -> C:\Windows\devenum.exe -> [2005/08/26 14:27:58 | 000,045,056 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:01 AM

Posted 03 December 2011 - 05:53 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.


Then

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:01 AM

Posted 10 December 2011 - 08:03 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users