Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Remnants of Live Security Platinum on My Computer? [Solved]

Started by PantheraCantus , Jul 13 2012 03:09 PM

  • This topic is locked This topic is locked

#1
PantheraCantus
Posted 13 July 2012 - 03:09 PM

PantheraCantus

    Member

  • Member
  • PipPip
  • 19 posts
Hello!
Please forgive the length of the description of my problem, as I have been trying to deal with it myself for quite some time now, and I would like to be able to provide you with all of the information I can recall, and as accurately as possible.

Last Saturday (July 7th, around 3:15 pm CST), I visited a good friend's Tumblr page that only hosted her personal vacation images, and almost immediately afterward, fake alerts for Live Security Platinum began. My browser (Firefox) shut down shortly after that. I believed that my computer may have somehow contracted the Live Security Platinum virus through it, perhaps due to the music or background she used for the page, but I'm not quite sure. Since it was almost a week ago, I, regretfully, do not remember the exact processes I tried and in what order, but I began looking up more information on the virus online and trying some recommended programs. OTL has worked for me in the past, so I used it early on, but it detected nothing from a full scan. I also used MalwareBytes (including attempting the process that requires accessing the Chameleon file). Initially, it found some trojans and removed them, but the problem persisted, and future scans with that program turned up clean for a while. I also attempted Anvi Smart Defender and their personal fix for Live Security Platinum, which did not work. Like MalwareBytes, Anvi Smart Defender found trojans and removed them, but it did not change anything. I also purchased Spyware Doctor after I ran a trial scan and it found over twenty trojans that the other programs were missing. While it found and removed them, like the others, it fixed nothing. I also tried Registry Mechanic (which I already had purchased), and it removed the couple of malicious processes it found, but it didn't help. The same story with KingSoft's full malware scanner.

At some point, the fake alerts stopped, but I opened Internet Explorer (to download another cleaner, which I did not get the chance to do yet), and the alerts began again. So, following the advice of one removal guide I had found, I entered a fake registration key to end the alerts, which worked and left me to deal only with the virus, itself, once again. After this, almost all of those scans I've mentioned by name were finding trojans again, and on a regular basis. I believe it was sometime after this that I restarted after a scan with Spyware Doctor (which had found trojans and wanted to shut down to remove them) and Windows could not start normally. It said that it could either go ahead and take me to the user login with these problems or try to fix the problem. I allowed it to go ahead and try to fix the problem, and it asked if I wanted to return to a restoration point. I refused, and it continued to try to fix it. Eventually, it rebooted itself and Windows was able to begin normally. When I logged in, scans were still turning up with trojans.

Finally, after running these programs several times and attempting some others that I downloaded for a short time and then deleted afterward (because they either required purchasing to do any removal processes or they were ineffective), I used GridinSoft's Trojan Killer program (in trial mode) on Monday (July 9), and it appeared to have removed everything, as scans were coming up clean and I was able to use the web without any trouble.

However, while using Firefox on July 11th, Adobe Flash wanted to update. I was leery and refused, but it came back up two more times, so I finally gave in and let it update. Immediately, Spyware Doctor began going off, telling me that a worm had infected my computer (and, if memory serves, ".rootkit" was in the name). Spyware Doctor began running, and my computer blue screened and restarted itself. After logging in, my computer was slow, so I went to restart it again, and Windows wanted to update. It installed 11 updates on my computer (which is more than I'm used to - the most it's ever installed on this laptop or my previous one was three at a time), then shut down. Upon startup, I saw something I'd never seen before. When the animated Windows icon was on (my OP is Windows 7), several file names were displayed below the icon, along with a message saying that the operations were being changed. I could not catch the names, since they were cut off, but I saw several registry files. It said that 29,000-something files were changed.

After this, I hit my computer with some of those programs aforementioned (MalwareBytes, Kingsoft PC Defender and Kingsoft Antivirus, Anvi Smart Defender, Spyware Doctor, Registry Mechanic, and OTL), with most of them finding and removing trojans, only to find them back on my computer the next time I scan with them. The Trojan-Killer program that I thought had been effective before now requires me to purchase the program to use it, but the free scan continues to find several trojans even after MalwareBytes and the others are run and clean off several trojans. Once again, Windows did not start normally and I asked it to run a fix. This time, I approved a restoration point, but the trojan is still there, and Windows underwent that same process of downloading the 11 updates and changing some 29,000 files. I have run no scans or fixes today, but I was still coming up with trojans on scans late last night, so I do not expect that it is gone. However, my browsers are not slow, nor is my computer, itself.

I am terribly sorry for not paying more attention to exactly what programs I ran, in what order, or exactly when some of these events occurred, as I honestly thought I'd be able to remove it without having to trouble you on the forums. But if you are able to help in any way at all, I would greatly appreciate it!



Here is my OTL logfile:

OTL logfile created on: 7/13/2012 3:59:55 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Destiny\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 4.89 Gb Available Physical Memory | 61.49% Memory free
15.90 Gb Paging File | 12.22 Gb Available in Paging File | 76.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.39 Gb Total Space | 581.31 Gb Free Space | 84.57% Space Free | Partition Type: NTFS

Computer Name: ALCHEMIST | User Name: Destiny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/13 13:35:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Destiny\Downloads\OTL.exe
PRC - [2012/07/11 19:53:38 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012/07/11 18:53:11 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
PRC - [2012/07/10 04:12:48 | 001,217,712 | ---- | M] (Kingsoft Corporation) -- C:\Program Files (x86)\Kingsoft\kingsoft antivirus\kxetray.exe
PRC - [2012/07/10 04:12:48 | 000,123,992 | ---- | M] (Kingsoft Corporation) -- c:\Program Files (x86)\Kingsoft\kingsoft antivirus\kxescore.exe
PRC - [2012/06/25 01:07:36 | 000,710,912 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
PRC - [2012/06/25 01:07:36 | 000,224,000 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
PRC - [2012/06/16 19:14:47 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/06/14 12:31:06 | 000,575,448 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/05/11 11:13:38 | 002,670,520 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe
PRC - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
PRC - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
PRC - [2012/04/10 23:26:24 | 001,308,064 | ---- | M] (Kingsoft Corporation) -- C:\Program Files (x86)\Kingsoft\PCDoctor\KSafeTray.exe
PRC - [2012/04/10 23:26:22 | 000,452,512 | ---- | M] (Kingsoft Corporation) -- C:\Program Files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe
PRC - [2012/04/09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/03/21 12:23:14 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012/03/21 12:23:12 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2012/02/28 22:41:15 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\AlienRespawn\SftService.exe
PRC - [2011/08/01 12:59:48 | 000,315,712 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
PRC - [2011/03/08 17:06:10 | 001,635,696 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
PRC - [2010/11/10 10:51:20 | 000,014,792 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
PRC - [2010/11/10 10:45:08 | 000,069,584 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2010/11/10 10:40:28 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 18:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/11 19:53:38 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012/06/25 01:07:36 | 000,784,640 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\sqlite3.dll
MOD - [2012/06/16 19:14:47 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/13 16:12:49 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09557e6c5a83a1cb68c7c50a841c8064\IAStorUtil.ni.dll
MOD - [2012/06/13 13:41:51 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/13 13:41:29 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 13:41:23 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/13 03:06:20 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
MOD - [2012/06/13 03:06:09 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
MOD - [2012/06/13 03:06:06 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012/06/13 03:06:00 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MOD - [2012/06/13 03:05:59 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012/05/14 23:19:18 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/09 22:40:13 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll
MOD - [2012/05/09 22:38:48 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\94b346f2ab12d38efb1331ded5783396\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 22:38:17 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012/05/09 22:36:16 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll
MOD - [2012/05/09 22:22:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 22:21:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/09 22:21:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/09 22:21:31 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/09 22:21:26 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/09 22:10:14 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll
MOD - [2012/05/09 22:10:09 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/05/09 22:10:07 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/09 22:10:04 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012/05/09 22:10:03 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/09 22:09:59 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\7b7719d46a4da2e91e8c501347e48ab9\System.Numerics.ni.dll
MOD - [2012/05/09 22:09:58 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011/10/21 04:01:48 | 000,140,664 | ---- | M] () -- C:\Program Files (x86)\Kingsoft\PCDoctor\zlib1.dll
MOD - [2011/10/21 04:01:40 | 000,075,160 | ---- | M] () -- C:\Program Files (x86)\Kingsoft\PCDoctor\json.dll
MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
MOD - [2011/03/08 17:06:10 | 001,635,696 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
MOD - [2010/11/10 10:40:28 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
MOD - [2009/12/18 11:07:06 | 000,577,536 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/17 06:14:56 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/12/02 13:30:26 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/10 10:40:46 | 000,015,296 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2009/03/03 04:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/07/11 19:53:39 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/10 04:12:48 | 000,123,992 | ---- | M] (Kingsoft Corporation) [Auto | Running] -- c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe -- (kxescore)
SRV - [2012/06/25 01:07:36 | 000,224,000 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
SRV - [2012/06/16 19:14:47 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/14 12:31:06 | 000,575,448 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/04/10 23:26:22 | 000,452,512 | ---- | M] (Kingsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe -- (KSafeSvc)
SRV - [2012/03/21 12:23:14 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2012/01/22 09:15:32 | 002,230,416 | ---- | M] (Giraffic) [On_Demand | Stopped] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2011/11/06 23:21:03 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\AlienRespawn\SftService.exe -- (SftService)
SRV - [2010/11/25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/10 04:12:49 | 000,208,216 | ---- | M] (Kingsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\kisknl.sys -- (kisknl)
DRV:64bit: - [2012/07/10 04:12:49 | 000,031,848 | ---- | M] (Kingsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kavbootc64.sys -- (kavbootc)
DRV:64bit: - [2012/07/07 20:55:41 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36)
DRV:64bit: - [2012/06/18 01:42:14 | 000,023,296 | ---- | M] (Anvisoft) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\asdrs.sys -- (asdrs)
DRV:64bit: - [2012/06/18 01:42:12 | 000,018,688 | ---- | M] (Anvisoft) [File_System | System | Running] -- C:\Windows\SysNative\drivers\asdrm.sys -- (asdrm)
DRV:64bit: - [2012/06/14 12:31:44 | 000,085,224 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2012/05/11 11:14:50 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2012/05/11 11:14:26 | 000,251,528 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2012/05/11 11:08:58 | 000,341,168 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2012/04/23 12:36:50 | 000,426,616 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/04 09:28:36 | 000,016,640 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011/07/19 02:02:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/19 02:02:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/05/03 21:39:26 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2011/03/17 06:14:56 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/03 19:18:22 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/03/03 19:18:22 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/20 11:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/12/09 11:38:18 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/12/02 15:05:22 | 008,123,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/12/02 12:55:00 | 000,288,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/30 08:48:38 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/11/30 08:32:36 | 000,326,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/29 11:03:06 | 001,395,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/04 10:36:24 | 012,178,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/09/24 11:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/09/13 18:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/09/07 08:41:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/08/20 13:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/08/17 08:17:46 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/08/17 08:17:46 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/08/17 08:17:46 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/15 07:59:30 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/26 15:43:42 | 000,016,752 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EMSC.sys -- (EMSC)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/07/10 04:12:49 | 000,164,696 | ---- | M] (Kingsoft Corporation) [Kernel | System | Running] -- c:\Program Files (x86)\Kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys -- (KDHacker)
DRV - [2012/04/10 23:26:58 | 000,021,320 | ---- | M] (Kingsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Kingsoft\PCDoctor\ksfmonsys64.sys -- (ksfmonsys)
DRV - [2011/12/19 20:58:08 | 000,133,096 | ---- | M] (Kingsoft Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Kingsoft\PCDoctor\kmodurl64.sys -- (kmodurl)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 15:43:42 | 000,013,680 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\EMSC.sys -- (EMSC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1375248461-4089892005-1521417111-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://AlienwareArena.com
IE - HKU\S-1-5-21-1375248461-4089892005-1521417111-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.geekstogo...timers-list-it/
IE - HKU\S-1-5-21-1375248461-4089892005-1521417111-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.geekstogo...timers-list-it/
IE - HKU\S-1-5-21-1375248461-4089892005-1521417111-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-1375248461-4089892005-1521417111-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1375248461-4089892005-1521417111-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGNI_enUS442
IE - HKU\S-1-5-21-1375248461-4089892005-1521417111-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1375248461-4089892005-1521417111-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.c...e=2&from=login"
FF - prefs.js..keyword.URL: "http://www.startnow....6.1-x64-SP1&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012/07/07 15:40:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 19:14:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/18 12:29:23 | 000,000,000 | ---D | M]

[2011/07/26 16:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Destiny\AppData\Roaming\mozilla\Extensions
[2012/07/09 13:29:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Destiny\AppData\Roaming\mozilla\Firefox\Profiles\66fgyw4v.default\extensions
[2012/06/21 13:06:30 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Users\Destiny\AppData\Roaming\mozilla\Firefox\Profiles\66fgyw4v.default\extensions\[email protected]
[2012/06/20 20:52:00 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\Destiny\AppData\Roaming\mozilla\Firefox\Profiles\66fgyw4v.default\extensions\[email protected]
[2012/05/15 22:52:21 | 000,000,000 | ---D | M] (MP3 Rocket Toolbar) -- C:\Users\Destiny\AppData\Roaming\mozilla\Firefox\Profiles\66fgyw4v.default\extensions\[email protected]
[2011/08/01 16:24:17 | 000,002,259 | ---- | M] () -- C:\Users\Destiny\AppData\Roaming\Mozilla\Firefox\Profiles\66fgyw4v.default\searchplugins\bing-zugo.xml
[2012/05/05 23:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/05 22:10:34 | 000,030,312 | ---- | M] () (No name found) -- C:\USERS\DESTINY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\66FGYW4V.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
[1832/11/28 23:44:26 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\DESTINY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\66FGYW4V.DEFAULT\EXTENSIONS\[email protected]
[2012/06/16 19:14:47 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/11/09 17:07:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1375248461-4089892005-1521417111-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Microsoft)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Integrated Webcam Live! Central] C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [KSafeTray] C:\Program files (x86)\Kingsoft\PCDoctor\KSafeTray.exe (Kingsoft Corporation)
O4 - HKLM..\Run: [kxesc] c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe (Kingsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1375248461-4089892005-1521417111-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1375248461-4089892005-1521417111-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1375248461-4089892005-1521417111-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DC12889-B7C1-491F-AAD2-34351363AC01}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{502F97DC-F1BA-46C0-B856-9190B84350D5}: DhcpNameServer = 184.63.0.68 184.63.0.69
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/12 00:32:17 | 000,000,000 | -HSD | C] -- C:\KRECYCLE
[2012/07/10 04:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingsoft Antivirus
[2012/07/10 04:12:49 | 000,208,216 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl64.sys
[2012/07/10 04:12:49 | 000,208,216 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl.sys
[2012/07/10 04:12:49 | 000,164,696 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kdhacker64.sys
[2012/07/10 04:12:49 | 000,125,784 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kdhacker.sys
[2012/07/10 04:12:49 | 000,031,848 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kavbootc64.sys
[2012/07/10 04:12:49 | 000,027,240 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kavbootc.sys
[2012/07/10 04:12:49 | 000,024,472 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\bc.sys
[2012/07/10 04:12:49 | 000,019,352 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksskrpr.sys
[2012/07/10 04:12:48 | 000,082,264 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksapi.sys
[2012/07/09 17:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012/07/09 17:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2012/07/09 03:02:11 | 000,023,296 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrs.sys
[2012/07/09 03:02:10 | 000,018,688 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrm.sys
[2012/07/09 02:42:55 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\DriverCure
[2012/07/09 02:42:54 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\SpeedyPC Software
[2012/07/09 02:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/07/08 21:19:08 | 000,057,976 | R--- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/07/08 19:01:03 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\Registry Mechanic
[2012/07/08 17:15:37 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx
[2012/07/08 17:15:37 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx
[2012/07/08 17:15:37 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx
[2012/07/08 17:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Registry Mechanic
[2012/07/08 17:04:27 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\Product_RM
[2012/07/08 01:25:08 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\Anvisoft
[2012/07/08 01:25:02 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2012/07/08 01:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2012/07/07 23:27:57 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/07 23:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/07/07 23:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/07/07 23:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/07 20:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/07 15:40:00 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/07/07 15:40:00 | 001,681,368 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/07/07 15:40:00 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/07/07 15:40:00 | 000,085,224 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
[2012/07/07 15:39:41 | 000,341,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012/07/07 15:39:41 | 000,145,432 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012/07/07 15:39:40 | 000,014,776 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2012/07/07 15:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/07/07 15:39:38 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012/07/07 15:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/07/07 15:37:50 | 001,096,176 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012/07/07 15:37:50 | 000,453,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012/07/07 15:37:49 | 000,426,616 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012/07/07 15:37:48 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/07/07 15:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/07/07 15:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/07/07 15:37:34 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\TestApp
[2012/07/07 15:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/07/07 15:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\99058D9B000C1446001E904EB4EB2367
[2012/07/07 13:09:29 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/02 21:56:49 | 000,659,456 | ---- | C] (Speed Guide Inc.) -- C:\Users\Destiny\Desktop\TCPOptimizer.exe
[2012/06/17 18:58:50 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Local\Diagnostics
[2012/06/14 14:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/14 14:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/14 14:56:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/14 14:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/13 15:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/13 15:41:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/13 12:56:23 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/13 12:56:23 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/13 12:49:11 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
[2012/07/13 12:48:44 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/13 12:48:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/13 12:48:19 | 2106,449,919 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/13 12:47:39 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\KsafeDelay.job
[2012/07/11 23:43:00 | 000,394,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 16:54:48 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/11 16:54:48 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/11 16:54:48 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/10 04:12:58 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Kingsoft Antivirus.lnk
[2012/07/10 04:12:49 | 000,208,216 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl64.sys
[2012/07/10 04:12:49 | 000,208,216 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl.sys
[2012/07/10 04:12:49 | 000,164,696 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kdhacker64.sys
[2012/07/10 04:12:49 | 000,125,784 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kdhacker.sys
[2012/07/10 04:12:49 | 000,031,848 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kavbootc64.sys
[2012/07/10 04:12:49 | 000,027,240 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kavbootc.sys
[2012/07/10 04:12:49 | 000,024,472 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\bc.sys
[2012/07/10 04:12:49 | 000,019,352 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksskrpr.sys
[2012/07/10 04:12:48 | 000,082,264 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksapi.sys
[2012/07/09 17:03:10 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012/07/09 13:44:20 | 000,000,049 | ---- | M] () -- C:\Users\Destiny\Desktop\AnviSoft.url
[2012/07/09 03:02:11 | 000,001,190 | ---- | M] () -- C:\Users\Destiny\Desktop\Anvi Smart Defender.lnk
[2012/07/09 02:37:17 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/08 17:15:37 | 000,001,331 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
[2012/07/07 20:55:41 | 000,030,496 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/07/07 20:53:32 | 000,004,302 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/07/07 19:51:15 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/02 21:56:51 | 000,659,456 | ---- | M] (Speed Guide Inc.) -- C:\Users\Destiny\Desktop\TCPOptimizer.exe
[2012/07/01 12:32:04 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/18 12:29:23 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/06/18 01:42:14 | 000,023,296 | ---- | M] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrs.sys
[2012/06/18 01:42:12 | 000,018,688 | ---- | M] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrm.sys
[2012/06/14 14:56:37 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/14 12:31:44 | 000,085,224 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
[2012/06/14 12:31:22 | 002,267,096 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/06/14 12:31:22 | 001,681,368 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/06/14 12:31:22 | 000,149,464 | ---- | M] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/06/14 12:31:00 | 000,767,960 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2012/06/14 11:03:42 | 000,003,488 | ---- | M] () -- C:\Windows\UDB.zip
[2012/06/14 11:03:42 | 000,000,882 | ---- | M] () -- C:\Windows\RegSDImport.xml
[2012/06/14 11:03:42 | 000,000,879 | ---- | M] () -- C:\Windows\RegISSImport.xml
[2012/06/14 11:03:42 | 000,000,131 | ---- | M] () -- C:\Windows\IDB.zip
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/12 16:11:25 | 000,000,294 | ---- | C] () -- C:\Windows\tasks\KsafeDelay.job
[2012/07/11 20:28:21 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{a63bf910-6c25-07dc-6dfa-eba668780ef2}\L\00000004.@
[2012/07/11 20:17:12 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{a63bf910-6c25-07dc-6dfa-eba668780ef2}\U\80000064.@
[2012/07/10 04:12:58 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Kingsoft Antivirus.lnk
[2012/07/09 17:03:10 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012/07/09 03:02:11 | 000,001,190 | ---- | C] () -- C:\Users\Destiny\Desktop\Anvi Smart Defender.lnk
[2012/07/09 02:59:28 | 000,000,049 | ---- | C] () -- C:\Users\Destiny\Desktop\AnviSoft.url
[2012/07/09 00:22:02 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/07/08 17:16:21 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\RMAutoUpdate.job
[2012/07/08 17:15:37 | 000,040,408 | ---- | C] () -- C:\Windows\SysNative\CleanMFT64.exe
[2012/07/08 17:15:37 | 000,001,331 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
[2012/07/08 01:28:10 | 000,080,896 | ---- | C] () -- C:\Users\Destiny\AppData\Local\{a63bf910-6c25-07dc-6dfa-eba668780ef2}\U\80000064.@
[2012/07/08 01:28:10 | 000,000,804 | ---- | C] () -- C:\Users\Destiny\AppData\Local\{a63bf910-6c25-07dc-6dfa-eba668780ef2}\L\00000004.@
[2012/07/07 20:55:41 | 000,030,496 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/07/07 20:53:32 | 000,004,302 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/07/07 15:40:00 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/07/07 15:40:00 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012/07/07 15:40:00 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/07/07 15:40:00 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/07/07 15:40:00 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/06/14 14:56:37 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/27 16:26:26 | 000,000,021 | ---- | C] () -- C:\Windows\KA.INI
[2012/01/27 01:07:33 | 000,000,300 | ---- | C] () -- C:\Windows\EReg515.dat
[2012/01/27 01:07:24 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012/01/27 01:05:51 | 000,001,459 | ---- | C] () -- C:\Windows\disney.ini
[2012/01/26 23:30:07 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2012/01/10 20:52:07 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{a63bf910-6c25-07dc-6dfa-eba668780ef2}\@
[2012/01/10 20:52:07 | 000,002,048 | -HS- | C] () -- C:\Users\Destiny\AppData\Local\{a63bf910-6c25-07dc-6dfa-eba668780ef2}\@
[2011/07/19 01:50:56 | 000,960,812 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/19 01:50:55 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/07/19 01:50:53 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/07/19 01:50:50 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/19 00:47:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/19 00:39:23 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/02/10 11:10:51 | 000,773,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/10 10:50:38 | 000,098,232 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll

========== LOP Check ==========

[2012/07/08 01:25:08 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\Anvisoft
[2012/07/09 02:42:55 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\DriverCure
[2011/07/26 19:45:06 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\IDT
[2012/02/14 21:41:38 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\kingsoft
[2012/02/14 21:19:02 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\KSafe
[2012/07/11 04:23:33 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\MP3Rocket
[2011/07/27 11:02:42 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\Origin
[2012/07/08 17:04:27 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\Product_RM
[2012/07/08 19:01:03 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\Registry Mechanic
[2012/07/09 02:42:54 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\SpeedyPC Software
[2012/07/07 15:37:34 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\TestApp
[2012/07/02 21:58:19 | 000,000,000 | ---D | M] -- C:\Users\E n d i n g\AppData\Roaming\KSafe
[2012/07/13 12:47:39 | 000,000,294 | ---- | M] () -- C:\Windows\Tasks\KsafeDelay.job
[2012/07/13 12:49:11 | 000,000,306 | ---- | M] () -- C:\Windows\Tasks\RMAutoUpdate.job
[2012/07/09 02:10:23 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 14 July 2012 - 08:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi you actually have a sirfef rootkit

Your friends page has probably been hacked with a redirect inserted. If you PM me the link I will get someone to check it out

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

    :Files
    C:\Windows\Installer\{a63bf910-6c25-07dc-6dfa-eba668780ef2}
    C:\Users\Destiny\AppData\Local\{a63bf910-6c25-07dc-6dfa-eba668780ef2}

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
PantheraCantus
Posted 14 July 2012 - 04:19 PM

PantheraCantus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thank you so much for your response!
I followed the process you requested and have an OTL logfile, but the ComboFix has been stuck on this message (on a window with a blue background, titled “Administrator: .”) for about three hours now:
“Please wait.
ComboFix is preparing to run.

Attempting to create a new System Restore point”
With a typing underscore blinking in the line directly below it.

So, I suspect that something might have interfered with it and caused it to stall. I did not click the application, but I did manually create a desktop icon for it as it began running, which is probably what caused it to stall. I’m sorry about this.

Also, I will PM you the link to my friend’s page. I was talking with her earlier today, and she told me that her desktop icons were randomly rearranged. I had the same problem shortly after the Live Security Platinum alerts began, so I told her that and she began running a scan on her computer. She is out right now, so I have not heard back from her about the results of her scan. I think your theory about her Tumblr page being hacked is probably correct.



OTL logfile created on: 7/14/2012 2:11:03 PM - Run 3
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Destiny\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 5.64 Gb Available Physical Memory | 70.98% Memory free
15.90 Gb Paging File | 13.14 Gb Available in Paging File | 82.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.39 Gb Total Space | 583.04 Gb Free Space | 84.82% Space Free | Partition Type: NTFS

Computer Name: ALCHEMIST | User Name: Destiny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/13 13:35:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Destiny\Downloads\OTL.exe
PRC - [2012/07/11 18:53:11 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
PRC - [2012/07/10 04:12:48 | 001,217,712 | ---- | M] (Kingsoft Corporation) -- C:\Program Files (x86)\Kingsoft\kingsoft antivirus\kxetray.exe
PRC - [2012/07/10 04:12:48 | 000,123,992 | ---- | M] (Kingsoft Corporation) -- c:\Program Files (x86)\Kingsoft\kingsoft antivirus\kxescore.exe
PRC - [2012/06/25 01:07:36 | 000,710,912 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
PRC - [2012/06/25 01:07:36 | 000,224,000 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
PRC - [2012/06/14 12:31:06 | 000,575,448 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/05/11 11:13:38 | 002,670,520 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe
PRC - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
PRC - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
PRC - [2012/04/10 23:26:24 | 001,308,064 | ---- | M] (Kingsoft Corporation) -- C:\Program Files (x86)\Kingsoft\PCDoctor\KSafeTray.exe
PRC - [2012/04/10 23:26:22 | 000,452,512 | ---- | M] (Kingsoft Corporation) -- C:\Program Files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe
PRC - [2012/04/09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/03/21 12:23:14 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012/03/21 12:23:12 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2012/02/28 22:41:15 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/09/06 12:29:18 | 003,970,880 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\AlienRespawn\Toaster.exe
PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\AlienRespawn\SftService.exe
PRC - [2011/08/01 12:59:48 | 000,315,712 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
PRC - [2011/03/08 17:06:10 | 001,635,696 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
PRC - [2010/11/10 10:51:20 | 000,014,792 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
PRC - [2010/11/10 10:45:08 | 000,069,584 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2010/11/10 10:40:28 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 18:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/25 01:07:36 | 000,784,640 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\sqlite3.dll
MOD - [2012/06/13 16:12:49 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09557e6c5a83a1cb68c7c50a841c8064\IAStorUtil.ni.dll
MOD - [2012/06/13 13:41:41 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/13 13:41:29 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 13:41:23 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/13 13:41:22 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/06/13 03:06:20 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
MOD - [2012/06/13 03:06:09 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
MOD - [2012/06/13 03:06:06 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012/06/13 03:06:00 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MOD - [2012/06/13 03:05:59 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012/05/14 23:19:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/14 23:19:18 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/09 22:40:13 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll
MOD - [2012/05/09 22:38:48 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\94b346f2ab12d38efb1331ded5783396\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 22:38:17 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012/05/09 22:36:16 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll
MOD - [2012/05/09 22:36:03 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/09 22:22:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 22:21:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/09 22:21:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/09 22:21:31 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/09 22:21:26 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/09 22:10:14 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll
MOD - [2012/05/09 22:10:09 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/05/09 22:10:07 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/09 22:10:04 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012/05/09 22:10:03 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/09 22:09:59 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\7b7719d46a4da2e91e8c501347e48ab9\System.Numerics.ni.dll
MOD - [2012/05/09 22:09:58 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011/10/21 04:01:48 | 000,140,664 | ---- | M] () -- C:\Program Files (x86)\Kingsoft\PCDoctor\zlib1.dll
MOD - [2011/10/21 04:01:40 | 000,075,160 | ---- | M] () -- C:\Program Files (x86)\Kingsoft\PCDoctor\json.dll
MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
MOD - [2011/03/08 17:06:10 | 001,635,696 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
MOD - [2010/11/10 10:40:28 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
MOD - [2009/12/18 11:07:06 | 000,577,536 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/17 06:14:56 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/12/02 13:30:26 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/10 10:40:46 | 000,015,296 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2009/03/03 04:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/07/11 19:53:39 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/10 04:12:48 | 000,123,992 | ---- | M] (Kingsoft Corporation) [Auto | Running] -- c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe -- (kxescore)
SRV - [2012/06/25 01:07:36 | 000,224,000 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
SRV - [2012/06/16 19:14:47 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/14 12:31:06 | 000,575,448 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/04/10 23:26:22 | 000,452,512 | ---- | M] (Kingsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe -- (KSafeSvc)
SRV - [2012/03/21 12:23:14 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2012/01/22 09:15:32 | 002,230,416 | ---- | M] (Giraffic) [On_Demand | Stopped] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2011/11/06 23:21:03 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\AlienRespawn\SftService.exe -- (SftService)
SRV - [2010/11/25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/10 04:12:49 | 000,208,216 | ---- | M] (Kingsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\kisknl.sys -- (kisknl)
DRV:64bit: - [2012/07/10 04:12:49 | 000,031,848 | ---- | M] (Kingsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kavbootc64.sys -- (kavbootc)
DRV:64bit: - [2012/07/07 20:55:41 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36)
DRV:64bit: - [2012/06/18 01:42:14 | 000,023,296 | ---- | M] (Anvisoft) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\asdrs.sys -- (asdrs)
DRV:64bit: - [2012/06/18 01:42:12 | 000,018,688 | ---- | M] (Anvisoft) [File_System | System | Running] -- C:\Windows\SysNative\drivers\asdrm.sys -- (asdrm)
DRV:64bit: - [2012/06/14 12:31:44 | 000,085,224 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2012/05/11 11:14:50 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2012/05/11 11:14:26 | 000,251,528 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2012/05/11 11:08:58 | 000,341,168 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2012/04/23 12:36:50 | 000,426,616 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/04 09:28:36 | 000,016,640 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011/07/19 02:02:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/19 02:02:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/05/03 21:39:26 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2011/03/17 06:14:56 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/03 19:18:22 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/03/03 19:18:22 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/20 11:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/12/09 11:38:18 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/12/02 15:05:22 | 008,123,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/12/02 12:55:00 | 000,288,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/30 08:48:38 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/11/30 08:32:36 | 000,326,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/29 11:03:06 | 001,395,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/04 10:36:24 | 012,178,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/09/24 11:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/09/13 18:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/09/07 08:41:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/08/20 13:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/08/17 08:17:46 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/08/17 08:17:46 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/08/17 08:17:46 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/15 07:59:30 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/26 15:43:42 | 000,016,752 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EMSC.sys -- (EMSC)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/07/10 04:12:49 | 000,164,696 | ---- | M] (Kingsoft Corporation) [Kernel | System | Running] -- c:\Program Files (x86)\Kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys -- (KDHacker)
DRV - [2012/04/10 23:26:58 | 000,021,320 | ---- | M] (Kingsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Kingsoft\PCDoctor\ksfmonsys64.sys -- (ksfmonsys)
DRV - [2011/12/19 20:58:08 | 000,133,096 | ---- | M] (Kingsoft Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Kingsoft\PCDoctor\kmodurl64.sys -- (kmodurl)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 15:43:42 | 000,013,680 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\EMSC.sys -- (EMSC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://AlienwareArena.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.geekstogo...timers-list-it/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.geekstogo...timers-list-it/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGNI_enUS442
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.c...e=2&from=login"
FF - prefs.js..keyword.URL: "http://www.startnow....6.1-x64-SP1&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012/07/07 15:40:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 19:14:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/18 12:29:23 | 000,000,000 | ---D | M]

[2011/07/26 16:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Destiny\AppData\Roaming\mozilla\Extensions
[2012/07/09 13:29:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Destiny\AppData\Roaming\mozilla\Firefox\Profiles\66fgyw4v.default\extensions
[2012/06/21 13:06:30 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Users\Destiny\AppData\Roaming\mozilla\Firefox\Profiles\66fgyw4v.default\extensions\[email protected]
[2012/06/20 20:52:00 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\Destiny\AppData\Roaming\mozilla\Firefox\Profiles\66fgyw4v.default\extensions\[email protected]
[2012/05/15 22:52:21 | 000,000,000 | ---D | M] (MP3 Rocket Toolbar) -- C:\Users\Destiny\AppData\Roaming\mozilla\Firefox\Profiles\66fgyw4v.default\extensions\[email protected]
[2011/08/01 16:24:17 | 000,002,259 | ---- | M] () -- C:\Users\Destiny\AppData\Roaming\Mozilla\Firefox\Profiles\66fgyw4v.default\searchplugins\bing-zugo.xml
[2012/05/05 23:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/05 22:10:34 | 000,030,312 | ---- | M] () (No name found) -- C:\USERS\DESTINY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\66FGYW4V.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
[1832/11/28 23:44:26 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\DESTINY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\66FGYW4V.DEFAULT\EXTENSIONS\[email protected]
[2012/06/16 19:14:47 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/11/09 17:07:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/14 14:03:43 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Microsoft)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Integrated Webcam Live! Central] C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [KSafeTray] C:\Program files (x86)\Kingsoft\PCDoctor\KSafeTray.exe (Kingsoft Corporation)
O4 - HKLM..\Run: [kxesc] c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe (Kingsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DC12889-B7C1-491F-AAD2-34351363AC01}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{502F97DC-F1BA-46C0-B856-9190B84350D5}: DhcpNameServer = 184.63.0.68 184.63.0.69
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/14 14:03:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/12 00:32:17 | 000,000,000 | -HSD | C] -- C:\KRECYCLE
[2012/07/10 04:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingsoft Antivirus
[2012/07/10 04:12:49 | 000,208,216 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl64.sys
[2012/07/10 04:12:49 | 000,208,216 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl.sys
[2012/07/10 04:12:49 | 000,164,696 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kdhacker64.sys
[2012/07/10 04:12:49 | 000,125,784 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kdhacker.sys
[2012/07/10 04:12:49 | 000,031,848 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kavbootc64.sys
[2012/07/10 04:12:49 | 000,027,240 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kavbootc.sys
[2012/07/10 04:12:49 | 000,024,472 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\bc.sys
[2012/07/10 04:12:49 | 000,019,352 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksskrpr.sys
[2012/07/10 04:12:48 | 000,082,264 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksapi.sys
[2012/07/09 17:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012/07/09 17:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2012/07/09 03:02:11 | 000,023,296 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrs.sys
[2012/07/09 03:02:10 | 000,018,688 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrm.sys
[2012/07/09 02:42:55 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\DriverCure
[2012/07/09 02:42:54 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\SpeedyPC Software
[2012/07/09 02:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/07/08 21:19:08 | 000,057,976 | R--- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/07/08 19:01:03 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\Registry Mechanic
[2012/07/08 17:15:37 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx
[2012/07/08 17:15:37 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx
[2012/07/08 17:15:37 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx
[2012/07/08 17:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Registry Mechanic
[2012/07/08 17:04:27 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\Product_RM
[2012/07/08 01:25:08 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\Anvisoft
[2012/07/08 01:25:02 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2012/07/08 01:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2012/07/07 23:27:57 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/07 23:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/07/07 23:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/07/07 23:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/07 20:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/07 15:40:00 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/07/07 15:40:00 | 001,681,368 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/07/07 15:40:00 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/07/07 15:40:00 | 000,085,224 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
[2012/07/07 15:39:41 | 000,341,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012/07/07 15:39:41 | 000,145,432 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012/07/07 15:39:40 | 000,014,776 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2012/07/07 15:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/07/07 15:39:38 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012/07/07 15:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/07/07 15:37:50 | 001,096,176 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012/07/07 15:37:50 | 000,453,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012/07/07 15:37:49 | 000,426,616 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012/07/07 15:37:48 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/07/07 15:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/07/07 15:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/07/07 15:37:34 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\TestApp
[2012/07/07 15:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/07/07 15:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\99058D9B000C1446001E904EB4EB2367
[2012/07/07 13:09:29 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/02 21:56:49 | 000,659,456 | ---- | C] (Speed Guide Inc.) -- C:\Users\Destiny\Desktop\TCPOptimizer.exe
[2012/06/17 18:58:50 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Local\Diagnostics
[2012/06/14 14:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/14 14:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/14 14:56:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/14 14:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

========== Files - Modified Within 30 Days ==========

[2012/07/14 14:14:20 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/14 14:14:20 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/14 14:06:34 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
[2012/07/14 14:06:26 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/14 14:06:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/14 14:06:00 | 2106,449,919 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/14 14:03:43 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/07/14 13:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/14 13:41:35 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/13 23:34:28 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/13 23:34:28 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/13 23:34:28 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/13 12:47:39 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\KsafeDelay.job
[2012/07/11 23:43:00 | 000,394,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/10 04:12:58 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Kingsoft Antivirus.lnk
[2012/07/10 04:12:49 | 000,208,216 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl64.sys
[2012/07/10 04:12:49 | 000,208,216 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl.sys
[2012/07/10 04:12:49 | 000,164,696 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kdhacker64.sys
[2012/07/10 04:12:49 | 000,125,784 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kdhacker.sys
[2012/07/10 04:12:49 | 000,031,848 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kavbootc64.sys
[2012/07/10 04:12:49 | 000,027,240 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kavbootc.sys
[2012/07/10 04:12:49 | 000,024,472 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\bc.sys
[2012/07/10 04:12:49 | 000,019,352 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksskrpr.sys
[2012/07/10 04:12:48 | 000,082,264 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksapi.sys
[2012/07/09 17:03:10 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012/07/09 13:44:20 | 000,000,049 | ---- | M] () -- C:\Users\Destiny\Desktop\AnviSoft.url
[2012/07/09 03:02:11 | 000,001,190 | ---- | M] () -- C:\Users\Destiny\Desktop\Anvi Smart Defender.lnk
[2012/07/09 02:37:17 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/08 17:15:37 | 000,001,331 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
[2012/07/07 20:55:41 | 000,030,496 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/07/07 20:53:32 | 000,004,302 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/07/07 19:51:15 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/02 21:56:51 | 000,659,456 | ---- | M] (Speed Guide Inc.) -- C:\Users\Destiny\Desktop\TCPOptimizer.exe
[2012/07/01 12:32:04 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/18 12:29:23 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/06/18 01:42:14 | 000,023,296 | ---- | M] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrs.sys
[2012/06/18 01:42:12 | 000,018,688 | ---- | M] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrm.sys
[2012/06/14 14:56:37 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/07/12 16:11:25 | 000,000,294 | ---- | C] () -- C:\Windows\tasks\KsafeDelay.job
[2012/07/10 04:12:58 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Kingsoft Antivirus.lnk
[2012/07/09 17:03:10 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012/07/09 03:02:11 | 000,001,190 | ---- | C] () -- C:\Users\Destiny\Desktop\Anvi Smart Defender.lnk
[2012/07/09 02:59:28 | 000,000,049 | ---- | C] () -- C:\Users\Destiny\Desktop\AnviSoft.url
[2012/07/09 00:22:02 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/07/08 17:16:21 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\RMAutoUpdate.job
[2012/07/08 17:15:37 | 000,040,408 | ---- | C] () -- C:\Windows\SysNative\CleanMFT64.exe
[2012/07/08 17:15:37 | 000,001,331 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
[2012/07/07 20:55:41 | 000,030,496 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/07/07 20:53:32 | 000,004,302 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/07/07 15:40:00 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/07/07 15:40:00 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012/07/07 15:40:00 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/07/07 15:40:00 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/07/07 15:40:00 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/06/14 14:56:37 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/27 16:26:26 | 000,000,021 | ---- | C] () -- C:\Windows\KA.INI
[2012/01/27 01:07:33 | 000,000,300 | ---- | C] () -- C:\Windows\EReg515.dat
[2012/01/27 01:07:24 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012/01/27 01:05:51 | 000,001,459 | ---- | C] () -- C:\Windows\disney.ini
[2012/01/26 23:30:07 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2011/07/19 01:50:56 | 000,960,812 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/19 01:50:55 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/07/19 01:50:53 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/07/19 01:50:50 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/19 00:47:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/19 00:39:23 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/02/10 11:10:51 | 000,773,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/10 10:50:38 | 000,098,232 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll

========== LOP Check ==========

[2012/07/08 01:25:08 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\Anvisoft
[2012/07/09 02:42:55 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\DriverCure
[2011/07/26 19:45:06 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\IDT
[2012/02/14 21:41:38 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\kingsoft
[2012/02/14 21:19:02 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\KSafe
[2012/07/11 04:23:33 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\MP3Rocket
[2011/07/27 11:02:42 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\Origin
[2012/07/08 17:04:27 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\Product_RM
[2012/07/08 19:01:03 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\Registry Mechanic
[2012/07/09 02:42:54 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\SpeedyPC Software
[2012/07/07 15:37:34 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\TestApp
[2012/07/13 12:47:39 | 000,000,294 | ---- | M] () -- C:\Windows\Tasks\KsafeDelay.job
[2012/07/14 14:06:34 | 000,000,306 | ---- | M] () -- C:\Windows\Tasks\RMAutoUpdate.job
[2012/07/09 02:10:23 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >
  • 0

#4
Essexboy
Posted 15 July 2012 - 04:29 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you stop Combofix if it has not run and we will approach this a different way

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    [2012/07/07 15:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\99058D9B000C1446001E904EB4EB2367

    :Commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Delete the current copy of combofix from your desktop
Download a fresh copy but rename it to Gotcha on saving
Reboot to safe mode and run the renamed Combofix
  • 0

#5
PantheraCantus
Posted 15 July 2012 - 12:51 PM

PantheraCantus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I did everything you asked, but there was an error message when running the renamed ComboFix in SafeMode:

Error saving file
C:\Windows\erdnt\Hiv-backup\BCD !

Continue with the next file?

[ RegCreateKeyEx: 5 - Access is denied ]


I have not clicked anything yet.

My latest OTL log:

OTL logfile created on: 7/15/2012 1:18:02 PM - Run 4
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Destiny\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 5.69 Gb Available Physical Memory | 71.62% Memory free
15.90 Gb Paging File | 13.23 Gb Available in Paging File | 83.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.39 Gb Total Space | 582.58 Gb Free Space | 84.75% Space Free | Partition Type: NTFS

Computer Name: ALCHEMIST | User Name: Destiny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/13 13:35:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Destiny\Downloads\OTL.exe
PRC - [2012/07/11 18:53:11 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
PRC - [2012/07/10 04:12:48 | 001,217,712 | ---- | M] (Kingsoft Corporation) -- C:\Program Files (x86)\Kingsoft\kingsoft antivirus\kxetray.exe
PRC - [2012/07/10 04:12:48 | 000,123,992 | ---- | M] (Kingsoft Corporation) -- c:\Program Files (x86)\Kingsoft\kingsoft antivirus\kxescore.exe
PRC - [2012/06/25 01:07:36 | 000,710,912 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
PRC - [2012/06/25 01:07:36 | 000,224,000 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
PRC - [2012/06/14 12:31:06 | 000,575,448 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/04/10 23:26:24 | 001,308,064 | ---- | M] (Kingsoft Corporation) -- C:\Program Files (x86)\Kingsoft\PCDoctor\KSafeTray.exe
PRC - [2012/04/10 23:26:22 | 000,452,512 | ---- | M] (Kingsoft Corporation) -- C:\Program Files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe
PRC - [2012/04/09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/03/21 12:23:14 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012/03/21 12:23:12 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2012/02/28 22:41:15 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/09/06 12:29:18 | 003,970,880 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\AlienRespawn\Toaster.exe
PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\AlienRespawn\SftService.exe
PRC - [2011/08/01 12:59:48 | 000,315,712 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
PRC - [2011/03/08 17:06:10 | 001,635,696 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
PRC - [2010/11/10 10:51:20 | 000,014,792 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
PRC - [2010/11/10 10:45:08 | 000,069,584 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2010/11/10 10:40:28 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 18:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/25 01:07:36 | 000,784,640 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\sqlite3.dll
MOD - [2012/06/13 16:12:49 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09557e6c5a83a1cb68c7c50a841c8064\IAStorUtil.ni.dll
MOD - [2012/06/13 13:41:41 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/13 13:41:29 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 13:41:23 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/13 13:41:22 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/06/13 03:06:20 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
MOD - [2012/06/13 03:06:09 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
MOD - [2012/06/13 03:06:06 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012/06/13 03:06:00 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MOD - [2012/06/13 03:05:59 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012/05/14 23:19:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/14 23:19:18 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/09 22:40:13 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll
MOD - [2012/05/09 22:38:48 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\94b346f2ab12d38efb1331ded5783396\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 22:38:17 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012/05/09 22:36:16 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll
MOD - [2012/05/09 22:36:03 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/09 22:22:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 22:21:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/09 22:21:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/09 22:21:31 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/09 22:21:26 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/09 22:10:14 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll
MOD - [2012/05/09 22:10:09 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/05/09 22:10:07 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/09 22:10:04 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012/05/09 22:10:03 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/09 22:09:59 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\7b7719d46a4da2e91e8c501347e48ab9\System.Numerics.ni.dll
MOD - [2012/05/09 22:09:58 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011/10/21 04:01:48 | 000,140,664 | ---- | M] () -- C:\Program Files (x86)\Kingsoft\PCDoctor\zlib1.dll
MOD - [2011/10/21 04:01:40 | 000,075,160 | ---- | M] () -- C:\Program Files (x86)\Kingsoft\PCDoctor\json.dll
MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
MOD - [2011/03/08 17:06:10 | 001,635,696 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
MOD - [2010/11/10 10:40:28 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
MOD - [2009/12/18 11:07:06 | 000,577,536 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/17 06:14:56 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/12/02 13:30:26 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/10 10:40:46 | 000,015,296 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 04:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/07/11 19:53:39 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/10 04:12:48 | 000,123,992 | ---- | M] (Kingsoft Corporation) [Auto | Running] -- c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe -- (kxescore)
SRV - [2012/06/25 01:07:36 | 000,224,000 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
SRV - [2012/06/16 19:14:47 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/14 12:31:06 | 000,575,448 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/04/10 23:26:22 | 000,452,512 | ---- | M] (Kingsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe -- (KSafeSvc)
SRV - [2012/03/21 12:23:14 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2012/01/22 09:15:32 | 002,230,416 | ---- | M] (Giraffic) [On_Demand | Stopped] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2011/11/06 23:21:03 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\AlienRespawn\SftService.exe -- (SftService)
SRV - [2010/11/25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/10 04:12:49 | 000,208,216 | ---- | M] (Kingsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\kisknl.sys -- (kisknl)
DRV:64bit: - [2012/07/10 04:12:49 | 000,031,848 | ---- | M] (Kingsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kavbootc64.sys -- (kavbootc)
DRV:64bit: - [2012/07/07 20:55:41 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36)
DRV:64bit: - [2012/06/18 01:42:14 | 000,023,296 | ---- | M] (Anvisoft) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\asdrs.sys -- (asdrs)
DRV:64bit: - [2012/06/18 01:42:12 | 000,018,688 | ---- | M] (Anvisoft) [File_System | System | Running] -- C:\Windows\SysNative\drivers\asdrm.sys -- (asdrm)
DRV:64bit: - [2012/06/14 12:31:44 | 000,085,224 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2012/05/11 11:14:50 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2012/05/11 11:14:26 | 000,251,528 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2012/05/11 11:08:58 | 000,341,168 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2012/04/23 12:36:50 | 000,426,616 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/04 09:28:36 | 000,016,640 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011/07/19 02:02:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/19 02:02:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/05/03 21:39:26 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2011/03/17 06:14:56 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/03 19:18:22 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/03/03 19:18:22 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/20 11:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/12/09 11:38:18 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/12/02 15:05:22 | 008,123,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/12/02 12:55:00 | 000,288,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/30 08:48:38 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/11/30 08:32:36 | 000,326,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/29 11:03:06 | 001,395,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/04 10:36:24 | 012,178,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/09/24 11:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/09/13 18:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/09/07 08:41:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/08/20 13:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/08/17 08:17:46 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/08/17 08:17:46 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/08/17 08:17:46 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/15 07:59:30 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/26 15:43:42 | 000,016,752 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EMSC.sys -- (EMSC)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/07/10 04:12:49 | 000,164,696 | ---- | M] (Kingsoft Corporation) [Kernel | System | Running] -- c:\Program Files (x86)\Kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys -- (KDHacker)
DRV - [2012/04/10 23:26:58 | 000,021,320 | ---- | M] (Kingsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Kingsoft\PCDoctor\ksfmonsys64.sys -- (ksfmonsys)
DRV - [2011/12/19 20:58:08 | 000,133,096 | ---- | M] (Kingsoft Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Kingsoft\PCDoctor\kmodurl64.sys -- (kmodurl)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 15:43:42 | 000,013,680 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\EMSC.sys -- (EMSC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://AlienwareArena.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.geekstogo...timers-list-it/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.geekstogo...timers-list-it/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGNI_enUS442
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.c...e=2&from=login"
FF - prefs.js..keyword.URL: "http://www.startnow....6.1-x64-SP1&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012/07/07 15:40:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 19:14:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/18 12:29:23 | 000,000,000 | ---D | M]

[2011/07/26 16:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Destiny\AppData\Roaming\mozilla\Extensions
[2012/07/09 13:29:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Destiny\AppData\Roaming\mozilla\Firefox\Profiles\66fgyw4v.default\extensions
[2012/06/21 13:06:30 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Users\Destiny\AppData\Roaming\mozilla\Firefox\Profiles\66fgyw4v.default\extensions\[email protected]
[2012/06/20 20:52:00 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\Destiny\AppData\Roaming\mozilla\Firefox\Profiles\66fgyw4v.default\extensions\[email protected]
[2012/05/15 22:52:21 | 000,000,000 | ---D | M] (MP3 Rocket Toolbar) -- C:\Users\Destiny\AppData\Roaming\mozilla\Firefox\Profiles\66fgyw4v.default\extensions\[email protected]
[2011/08/01 16:24:17 | 000,002,259 | ---- | M] () -- C:\Users\Destiny\AppData\Roaming\Mozilla\Firefox\Profiles\66fgyw4v.default\searchplugins\bing-zugo.xml
[2012/05/05 23:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/05 22:10:34 | 000,030,312 | ---- | M] () (No name found) -- C:\USERS\DESTINY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\66FGYW4V.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
[1832/11/28 23:44:26 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\DESTINY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\66FGYW4V.DEFAULT\EXTENSIONS\[email protected]
[2012/06/16 19:14:47 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/11/09 17:07:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/14 14:03:43 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Microsoft)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Integrated Webcam Live! Central] C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [KSafeTray] C:\Program files (x86)\Kingsoft\PCDoctor\KSafeTray.exe (Kingsoft Corporation)
O4 - HKLM..\Run: [kxesc] c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe (Kingsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DC12889-B7C1-491F-AAD2-34351363AC01}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{502F97DC-F1BA-46C0-B856-9190B84350D5}: DhcpNameServer = 184.63.0.68 184.63.0.69
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/14 14:23:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/14 14:23:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/14 14:23:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/14 14:23:32 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/07/14 14:23:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/14 14:23:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/14 14:23:15 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/07/14 14:03:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/12 00:32:17 | 000,000,000 | -HSD | C] -- C:\KRECYCLE
[2012/07/10 04:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingsoft Antivirus
[2012/07/10 04:12:49 | 000,208,216 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl64.sys
[2012/07/10 04:12:49 | 000,208,216 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl.sys
[2012/07/10 04:12:49 | 000,164,696 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kdhacker64.sys
[2012/07/10 04:12:49 | 000,125,784 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kdhacker.sys
[2012/07/10 04:12:49 | 000,031,848 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kavbootc64.sys
[2012/07/10 04:12:49 | 000,027,240 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kavbootc.sys
[2012/07/10 04:12:49 | 000,024,472 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\bc.sys
[2012/07/10 04:12:49 | 000,019,352 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksskrpr.sys
[2012/07/10 04:12:48 | 000,082,264 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksapi.sys
[2012/07/09 17:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012/07/09 17:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2012/07/09 03:02:11 | 000,023,296 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrs.sys
[2012/07/09 03:02:10 | 000,018,688 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrm.sys
[2012/07/09 02:42:55 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\DriverCure
[2012/07/09 02:42:54 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\SpeedyPC Software
[2012/07/09 02:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/07/08 21:19:08 | 000,057,976 | R--- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/07/08 19:01:03 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\Registry Mechanic
[2012/07/08 17:15:37 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx
[2012/07/08 17:15:37 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx
[2012/07/08 17:15:37 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx
[2012/07/08 17:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Registry Mechanic
[2012/07/08 17:04:27 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\Product_RM
[2012/07/08 01:25:08 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\Anvisoft
[2012/07/08 01:25:02 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2012/07/08 01:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2012/07/07 23:27:57 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/07 23:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/07/07 23:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/07/07 23:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/07 20:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/07 15:40:00 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/07/07 15:40:00 | 001,681,368 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/07/07 15:40:00 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/07/07 15:40:00 | 000,085,224 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
[2012/07/07 15:39:41 | 000,341,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012/07/07 15:39:41 | 000,145,432 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012/07/07 15:39:40 | 000,014,776 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2012/07/07 15:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/07/07 15:39:38 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012/07/07 15:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/07/07 15:37:50 | 001,096,176 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012/07/07 15:37:50 | 000,453,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012/07/07 15:37:49 | 000,426,616 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012/07/07 15:37:48 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/07/07 15:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/07/07 15:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/07/07 15:37:34 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\TestApp
[2012/07/07 15:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/07/07 15:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\99058D9B000C1446001E904EB4EB2367
[2012/07/07 13:09:29 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/02 21:56:49 | 000,659,456 | ---- | C] (Speed Guide Inc.) -- C:\Users\Destiny\Desktop\TCPOptimizer.exe
[2012/06/17 18:58:50 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Local\Diagnostics

========== Files - Modified Within 30 Days ==========

[2012/07/15 13:20:59 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/15 13:20:59 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/15 13:14:05 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
[2012/07/15 13:14:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/15 13:13:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/15 13:13:34 | 2106,449,919 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/15 03:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/15 03:41:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/14 14:23:59 | 000,013,943 | ---- | M] () -- C:\Users\Destiny\Desktop\ComboFix - Shortcut.lnk
[2012/07/14 14:03:43 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/07/13 23:34:28 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/13 23:34:28 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/13 23:34:28 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/13 12:47:39 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\KsafeDelay.job
[2012/07/11 23:43:00 | 000,394,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/10 04:12:58 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Kingsoft Antivirus.lnk
[2012/07/10 04:12:49 | 000,208,216 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl64.sys
[2012/07/10 04:12:49 | 000,208,216 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl.sys
[2012/07/10 04:12:49 | 000,164,696 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kdhacker64.sys
[2012/07/10 04:12:49 | 000,125,784 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kdhacker.sys
[2012/07/10 04:12:49 | 000,031,848 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kavbootc64.sys
[2012/07/10 04:12:49 | 000,027,240 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kavbootc.sys
[2012/07/10 04:12:49 | 000,024,472 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\bc.sys
[2012/07/10 04:12:49 | 000,019,352 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksskrpr.sys
[2012/07/10 04:12:48 | 000,082,264 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksapi.sys
[2012/07/09 17:03:10 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012/07/09 13:44:20 | 000,000,049 | ---- | M] () -- C:\Users\Destiny\Desktop\AnviSoft.url
[2012/07/09 03:02:11 | 000,001,190 | ---- | M] () -- C:\Users\Destiny\Desktop\Anvi Smart Defender.lnk
[2012/07/09 02:37:17 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/08 17:15:37 | 000,001,331 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
[2012/07/07 20:55:41 | 000,030,496 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/07/07 20:53:32 | 000,004,302 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/07/07 19:51:15 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/02 21:56:51 | 000,659,456 | ---- | M] (Speed Guide Inc.) -- C:\Users\Destiny\Desktop\TCPOptimizer.exe
[2012/07/01 12:32:04 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/18 12:29:23 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/06/18 01:42:14 | 000,023,296 | ---- | M] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrs.sys
[2012/06/18 01:42:12 | 000,018,688 | ---- | M] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrm.sys

========== Files Created - No Company Name ==========

[2012/07/14 14:23:59 | 000,013,943 | ---- | C] () -- C:\Users\Destiny\Desktop\ComboFix - Shortcut.lnk
[2012/07/14 14:23:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/14 14:23:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/14 14:23:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/14 14:23:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/14 14:23:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/12 16:11:25 | 000,000,294 | ---- | C] () -- C:\Windows\tasks\KsafeDelay.job
[2012/07/10 04:12:58 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Kingsoft Antivirus.lnk
[2012/07/09 17:03:10 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012/07/09 03:02:11 | 000,001,190 | ---- | C] () -- C:\Users\Destiny\Desktop\Anvi Smart Defender.lnk
[2012/07/09 02:59:28 | 000,000,049 | ---- | C] () -- C:\Users\Destiny\Desktop\AnviSoft.url
[2012/07/09 00:22:02 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/07/08 17:16:21 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\RMAutoUpdate.job
[2012/07/08 17:15:37 | 000,040,408 | ---- | C] () -- C:\Windows\SysNative\CleanMFT64.exe
[2012/07/08 17:15:37 | 000,001,331 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
[2012/07/07 20:55:41 | 000,030,496 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/07/07 20:53:32 | 000,004,302 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/07/07 15:40:00 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/07/07 15:40:00 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012/07/07 15:40:00 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/07/07 15:40:00 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/07/07 15:40:00 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/01/27 16:26:26 | 000,000,021 | ---- | C] () -- C:\Windows\KA.INI
[2012/01/27 01:07:33 | 000,000,300 | ---- | C] () -- C:\Windows\EReg515.dat
[2012/01/27 01:07:24 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012/01/27 01:05:51 | 000,001,459 | ---- | C] () -- C:\Windows\disney.ini
[2012/01/26 23:30:07 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2011/07/19 01:50:56 | 000,960,812 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/19 01:50:55 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/07/19 01:50:53 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/07/19 01:50:50 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/19 00:47:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/19 00:39:23 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/02/10 11:10:51 | 000,773,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/10 10:50:38 | 000,098,232 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll

========== LOP Check ==========

[2012/07/08 01:25:08 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\Anvisoft
[2012/07/09 02:42:55 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\DriverCure
[2011/07/26 19:45:06 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\IDT
[2012/02/14 21:41:38 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\kingsoft
[2012/02/14 21:19:02 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\KSafe
[2012/07/11 04:23:33 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\MP3Rocket
[2011/07/27 11:02:42 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\Origin
[2012/07/08 17:04:27 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\Product_RM
[2012/07/08 19:01:03 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\Registry Mechanic
[2012/07/09 02:42:54 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\SpeedyPC Software
[2012/07/07 15:37:34 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\TestApp
[2012/07/13 12:47:39 | 000,000,294 | ---- | M] () -- C:\Windows\Tasks\KsafeDelay.job
[2012/07/15 13:14:05 | 000,000,306 | ---- | M] () -- C:\Windows\Tasks\RMAutoUpdate.job
[2012/07/09 02:10:23 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >
  • 0

#6
Essexboy
Posted 15 July 2012 - 02:01 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you stop Combofix, then right click the file and select "Run as Administrator" please
  • 0

#7
PantheraCantus
Posted 15 July 2012 - 02:11 PM

PantheraCantus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I selected "No" and then closed the program and reran it as administrator. Two error messages popped up, after the program began:

Error opening file for writing:

C:\32788R22FWJFW\NirCmd.3XE

Click Abort to stop the installation,
Retry to try again, or
Ignore to skip this file.


And:

Windows cannot find 'NircmdV.exe'. Make sure you typed the name correctly, and then try again.


The only option for the second pop up is "Ok", but the first one has "Abort", "Retry", and "Ignore".
  • 0

#8
Essexboy
Posted 15 July 2012 - 02:16 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK so it does not want to play

Lets go another route.. Do you have a USB drive that you can reformat

Download the following three programmes to your desktop :

1. WiNTobootic
2. Windows 7 64bit RC
3. Farbar Recovery Scan Tool x64

Extract wintoboot to your desktop
Insert a USB drive of at least 4GB
Run Wintoboot

Posted Image

Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing

Posted Image

It will let you know when it is done
Then copy FRST to the same USB

Posted Image


Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here


When you reboot you will see this although yours will say windows 7. Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]]Here[/color][/url]
  • 0

#9
PantheraCantus
Posted 15 July 2012 - 03:08 PM

PantheraCantus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
The files are all on the flash drive and ready to go, but I cannot seem to get my computer to boot from the USB. I read the article you sent me on how to do it, and I can change boot options, but my choices under the Boot Manager page are as follows:

Hard Drive
CD/DVD/BD
Network
Diagnostics
Enter Setup


I tried the "CD/DVD/BD" option first, and it booted normally with the USB. Same when I tried the "Hard Drive" option with the USB in. So, I tried "Enter Setup" and manually scrolled over to the boot options, and the option for a USB or external hardrive is still not there. The options are still only for a Hard Drive, DC/DVD/BD, or Network.
  • 0

#10
Essexboy
Posted 15 July 2012 - 03:19 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hm weird all windows 7 systems I have come across have that option in the BIOS which was why I used it

OK next step then

Resrt the computer and press F8 to get to safe mode, is there an option repair my computer ?

If there is then select that followed by command prompt
Insert the USB with FRST64 on it
Then do the following

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
  • 0

Advertisements

#11
PantheraCantus
Posted 15 July 2012 - 03:28 PM

PantheraCantus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I thought it was strange, too, since my computer is not very old.

Yes, the option is there. I selected it, and it's giving me system recovery options, beginning with "Select a language", which is auto-selected for English, and then "Select a keyboard input method", which I am able to change. Should I go through with those?
  • 0

#12
Essexboy
Posted 15 July 2012 - 03:34 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes it should be the same as the screenshot that were posted with the wintbootic
  • 0

#13
PantheraCantus
Posted 15 July 2012 - 03:41 PM

PantheraCantus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ah, alright. Sorry about that! It is scanning now.
  • 0

#14
Essexboy
Posted 15 July 2012 - 03:45 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Not a problem.. At least you now have the recovery console installed
  • 0

#15
PantheraCantus
Posted 15 July 2012 - 03:52 PM

PantheraCantus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here is the log from my flash drive:

Scan result of Farbar Recovery Scan Tool Version: 15-07-2012
Ran by SYSTEM at 15-07-2012 16:41:16
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2392872 2010-11-29] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-17] (IDT, Inc.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [13256 2010-11-10] (Microsoft)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2010-11-04] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2010-11-04] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1635696 2011-03-08] ()
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2010-12-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [KSafeTray] "C:\Program files (x86)\Kingsoft\PCDoctor\KSafeTray.exe" -autorun [1308064 2012-04-10] (Kingsoft Corporation)
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1557160 2012-04-09] (Ask)
HKLM-x32\...\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2012-03-21] (PC Tools)
HKLM-x32\...\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe [710912 2012-06-25] (Anvisoft)
HKLM-x32\...\Run: [kxesc] "c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe" -autorun [1217712 2012-07-10] (Kingsoft Corporation)
HKU\Destiny\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-07-26] (Google Inc.)
HKU\E n d i n g\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-07-26] (Google Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ======

2 asdsrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [224000 2012-06-25] (Anvisoft)
2 Browser Defender Update Service; "C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe" [575448 2012-06-14] (Threat Expert Ltd.)
2 KSafeSvc; "C:\Program files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe" -svc [452512 2012-04-10] (Kingsoft Corporation)
2 kxescore; "C:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe" /service kxescore [123992 2012-07-10] (Kingsoft Corporation)
2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2012-03-21] (PC Tools)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
3 sdAuxService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [402336 2012-05-11] (PC Tools)
3 sdCoreService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [1118648 2012-05-11] (PC Tools)
3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2010-11-08] (MicroVision Development, Inc.)

========================== Drivers (Whitelisted) =============

1 asdrm; C:\Windows\System32\Drivers\asdrm.sys [18688 2012-06-18] (Anvisoft)
2 asdrs; C:\Windows\System32\Drivers\asdrs.sys [23296 2012-06-18] (Anvisoft)
3 hitmanpro36; C:\Windows\System32\Drivers\hitmanpro36.sys [30496 2012-07-07] ()
0 kavbootc; C:\Windows\System32\Drivers\kavbootc.sys [27240 2012-07-10] (Kingsoft Corporation)
1 KDHacker; C:\Windows\System32\Drivers\KDHacker.sys [125784 2012-07-10] (Kingsoft Corporation)
2 kisknl; C:\Windows\System32\Drivers\kisknl.sys [208216 2012-07-10] (Kingsoft Corporation)
1 kmodurl; \??\C:\Program files (x86)\Kingsoft\PCDoctor\kmodurl64.sys [133096 2011-12-19] (Kingsoft Corporation)
3 ksfmonsys; \??\C:\Program Files (x86)\Kingsoft\PCDoctor\ksfmonsys64.sys [21320 2012-04-10] (Kingsoft Corporation)
3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [85224 2012-06-14] (PC Tools)
0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [426616 2012-04-23] (PC Tools)
0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [453896 2012-02-28] (PC Tools)
1 pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi64.sys [341168 2012-05-11] (PC Tools)
3 pctplsg; \??\C:\Windows\System32\drivers\pctplsg64.sys [92896 2012-05-11] (PC Tools)
1 PCTSD; C:\Windows\System32\Drivers\PCTSD64.sys [251528 2012-05-11] (PC Tools)
3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2012-01-04] (Windows ® Win 7 DDK provider)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-15 16:41 - 2012-07-15 16:41 - 00000000 ____D C:\FRST
2012-07-15 13:28 - 2012-07-15 13:28 - 04579346 ____R (Swearware) C:\Users\Destiny\Desktop\Gotcha.exe
2012-07-14 14:23 - 2012-07-15 15:04 - 00000000 ___SD C:\32788R22FWJFW
2012-07-14 14:23 - 2012-07-14 14:23 - 00000000 ____D C:\Windows\erdnt
2012-07-14 14:23 - 2012-07-14 14:23 - 00000000 ____D C:\Qoobox
2012-07-14 14:23 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-14 14:23 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-14 14:23 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-14 14:23 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-14 14:23 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-14 14:23 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-14 14:23 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-14 14:23 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-14 14:03 - 2012-07-14 14:03 - 00000000 ____D C:\_OTL
2012-07-13 15:58 - 2012-07-13 15:58 - 00042566 ____A C:\Users\Destiny\Downloads\Extras.Txt
2012-07-13 15:57 - 2012-07-15 13:22 - 00112226 ____A C:\Users\Destiny\Downloads\OTL.Txt
2012-07-13 13:35 - 2012-07-13 13:35 - 00596480 ____A (OldTimer Tools) C:\Users\Destiny\Downloads\OTL.exe
2012-07-13 12:48 - 2012-07-15 16:22 - 00000616 ____A C:\Windows\setupact.log
2012-07-13 12:48 - 2012-07-13 12:48 - 00000000 ____A C:\Windows\setuperr.log
2012-07-13 03:11 - 2012-07-15 13:31 - 00082899 ____A C:\Windows\WindowsUpdate.log
2012-07-12 16:11 - 2012-07-13 12:47 - 00000294 ____A C:\Windows\Tasks\KsafeDelay.job
2012-07-12 00:32 - 2012-07-12 00:32 - 00000000 __SHD C:\KRECYCLE
2012-07-11 23:39 - 2012-06-11 22:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 23:37 - 2012-06-02 07:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 23:37 - 2012-06-02 07:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 23:37 - 2012-06-02 07:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 23:37 - 2012-06-02 07:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 23:37 - 2012-06-02 07:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 23:37 - 2012-06-02 07:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 23:37 - 2012-06-02 07:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 23:37 - 2012-06-02 07:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 23:37 - 2012-06-02 07:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 23:37 - 2012-06-02 07:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 23:37 - 2012-06-02 06:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 23:37 - 2012-06-02 06:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 23:37 - 2012-06-02 06:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 23:37 - 2012-06-02 06:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 23:37 - 2012-06-02 04:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 23:37 - 2012-06-02 03:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 23:37 - 2012-06-02 03:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 23:37 - 2012-06-02 03:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 23:37 - 2012-06-02 03:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 23:37 - 2012-06-02 03:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 23:37 - 2012-06-02 03:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 23:37 - 2012-06-02 03:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 23:37 - 2012-06-02 03:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 23:37 - 2012-06-02 03:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 23:37 - 2012-06-02 03:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 23:37 - 2012-06-02 03:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 23:37 - 2012-06-02 03:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 23:37 - 2012-06-02 03:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 23:35 - 2012-06-09 00:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 23:35 - 2012-06-08 23:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 23:35 - 2012-06-06 01:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 23:35 - 2012-06-06 01:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 23:35 - 2012-06-06 00:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 23:35 - 2012-06-06 00:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 23:35 - 2010-06-25 22:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 23:35 - 2010-06-25 22:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-11 23:34 - 2012-06-06 01:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 23:34 - 2012-06-06 00:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-11 23:34 - 2012-06-02 00:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 23:34 - 2012-06-02 00:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 23:34 - 2012-06-02 00:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 23:34 - 2012-06-02 00:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 23:34 - 2012-06-02 00:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 23:34 - 2012-06-01 23:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 23:34 - 2012-06-01 23:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 23:34 - 2012-06-01 23:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 23:34 - 2012-06-01 23:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 04:12 - 2012-07-10 04:12 - 00208216 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kisknl64.sys
2012-07-10 04:12 - 2012-07-10 04:12 - 00208216 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kisknl.sys
2012-07-10 04:12 - 2012-07-10 04:12 - 00164696 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kdhacker64.sys
2012-07-10 04:12 - 2012-07-10 04:12 - 00125784 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kdhacker.sys
2012-07-10 04:12 - 2012-07-10 04:12 - 00082264 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\ksapi.sys
2012-07-10 04:12 - 2012-07-10 04:12 - 00031848 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kavbootc64.sys
2012-07-10 04:12 - 2012-07-10 04:12 - 00027240 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kavbootc.sys
2012-07-10 04:12 - 2012-07-10 04:12 - 00024472 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\bc.sys
2012-07-10 04:12 - 2012-07-10 04:12 - 00019352 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\ksskrpr.sys
2012-07-10 04:12 - 2012-07-10 04:12 - 00001105 ____A C:\Users\Public\Desktop\Kingsoft Antivirus.lnk
2012-07-10 04:12 - 2012-07-10 04:12 - 00001105 ____A C:\Users\All Users\Desktop\Kingsoft Antivirus.lnk
2012-07-09 17:03 - 2012-07-09 19:12 - 00000000 ____D C:\Program Files (x86)\GridinSoft Trojan Killer
2012-07-09 17:03 - 2012-07-09 17:03 - 00001145 ____A C:\Users\Public\Desktop\Trojan Killer.lnk
2012-07-09 17:03 - 2012-07-09 17:03 - 00001145 ____A C:\Users\All Users\Desktop\Trojan Killer.lnk
2012-07-09 17:02 - 2012-07-09 17:02 - 29505952 ____A (GridinSoft LLC) C:\Users\Destiny\Downloads\gtk2122-setup.exe
2012-07-09 17:01 - 2012-07-09 17:02 - 00407872 ____A C:\Users\Destiny\Downloads\pkiller.exe
2012-07-09 03:57 - 2012-07-09 03:57 - 00128000 ____A (Anvisoft Corporation) C:\Users\Destiny\Downloads\live-security-platinum-killer (1).exe
2012-07-09 03:02 - 2012-07-09 03:02 - 00001190 ____A C:\Users\Destiny\Desktop\Anvi Smart Defender.lnk
2012-07-09 03:02 - 2012-06-18 01:42 - 00023296 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrs.sys
2012-07-09 03:02 - 2012-06-18 01:42 - 00018688 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrm.sys
2012-07-09 03:01 - 2012-07-09 03:02 - 11646768 ____A C:\Users\Destiny\Downloads\asdsetup_102.exe
2012-07-09 02:59 - 2012-07-09 13:44 - 00000049 ____A C:\Users\Destiny\Desktop\AnviSoft.url
2012-07-09 02:59 - 2012-07-09 02:59 - 00128000 ____A (Anvisoft Corporation) C:\Users\Destiny\Downloads\live-security-platinum-killer.exe
2012-07-09 02:42 - 2012-07-09 02:47 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-07-09 02:42 - 2012-07-09 02:47 - 00000000 ____D C:\Users\All Users\Application Data\SpeedyPC Software
2012-07-09 02:42 - 2012-07-09 02:42 - 04819616 ____A (SpeedyPC Software Inc.) C:\Users\Destiny\Downloads\SpeedyPC Pro Installer.exe
2012-07-09 02:42 - 2012-07-09 02:42 - 00000000 ____D C:\Users\Destiny\Application Data\SpeedyPC Software
2012-07-09 02:42 - 2012-07-09 02:42 - 00000000 ____D C:\Users\Destiny\Application Data\DriverCure
2012-07-09 02:42 - 2012-07-09 02:42 - 00000000 ____D C:\Users\Destiny\AppData\Roaming\SpeedyPC Software
2012-07-09 02:42 - 2012-07-09 02:42 - 00000000 ____D C:\Users\Destiny\AppData\Roaming\DriverCure
2012-07-09 02:41 - 2012-07-09 02:41 - 00001205 ____A C:\Users\Destiny\Downloads\FixNCR (1).reg
2012-07-09 02:40 - 2012-07-09 02:40 - 00001205 ____A C:\Users\Destiny\Downloads\FixNCR.reg
2012-07-09 02:35 - 2012-07-09 02:35 - 12621696 ____A (Microsoft Corporation) C:\Users\Destiny\Downloads\mseinstall.exe
2012-07-09 00:22 - 2012-07-09 02:37 - 00002052 ____A C:\Windows\epplauncher.mif
2012-07-08 23:45 - 2012-07-08 23:45 - 00388608 ____A (Trend Micro Inc.) C:\Users\Destiny\Downloads\HijackThis.exe
2012-07-08 23:06 - 2012-07-08 23:06 - 00000016 ____A C:\Windows\System32\config\software.szfi
2012-07-08 21:19 - 2012-01-12 09:28 - 00057976 ___RA (GFI Software) C:\Windows\System32\Drivers\SBREDrv.sys
2012-07-08 20:07 - 2012-07-08 20:07 - 00000000 ____D C:\Users\E n d i n g\Application Data\Malwarebytes
2012-07-08 20:07 - 2012-07-08 20:07 - 00000000 ____D C:\Users\E n d i n g\AppData\Roaming\Malwarebytes
2012-07-08 19:01 - 2012-07-08 19:01 - 00000000 ____D C:\Users\Destiny\Application Data\Registry Mechanic
2012-07-08 19:01 - 2012-07-08 19:01 - 00000000 ____D C:\Users\Destiny\AppData\Roaming\Registry Mechanic
2012-07-08 19:00 - 2012-07-10 19:00 - 00056844 ____A C:\Windows\SysWOW64\AppLog.log
2012-07-08 17:16 - 2012-07-15 13:14 - 00000306 ____A C:\Windows\Tasks\RMAutoUpdate.job
2012-07-08 17:15 - 2012-07-08 17:15 - 00001331 ____A C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
2012-07-08 17:15 - 2012-07-08 17:15 - 00001331 ____A C:\Users\All Users\Desktop\PC Tools Registry Mechanic.lnk
2012-07-08 17:15 - 2012-03-21 12:23 - 00512472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml.dll
2012-07-08 17:15 - 2012-03-21 12:23 - 00040408 ____A C:\Windows\System32\CleanMFT64.exe
2012-07-08 17:15 - 2008-04-02 16:54 - 01101824 ____A (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox210.ocx
2012-07-08 17:15 - 2008-04-02 16:53 - 00880640 ____A (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox10.ocx
2012-07-08 17:15 - 2008-04-02 16:53 - 00212992 ____A (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBoxVB12.ocx
2012-07-08 17:04 - 2012-07-08 17:04 - 17824216 ____A (PC Tools) C:\Users\Destiny\Downloads\rminstall.exe
2012-07-08 17:04 - 2012-07-08 17:04 - 00000000 ____D C:\Users\Destiny\Application Data\Product_RM
2012-07-08 17:04 - 2012-07-08 17:04 - 00000000 ____D C:\Users\Destiny\AppData\Roaming\Product_RM
2012-07-08 01:25 - 2012-07-08 01:25 - 00000000 ____D C:\Users\Destiny\Application Data\Anvisoft
2012-07-08 01:25 - 2012-07-08 01:25 - 00000000 ____D C:\Users\Destiny\AppData\Roaming\Anvisoft
2012-07-08 01:25 - 2012-07-08 01:25 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2012-07-07 23:27 - 2012-07-08 15:39 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-07-07 23:27 - 2012-07-07 23:27 - 00000000 ____D C:\Users\Destiny\Application Data\SUPERAntiSpyware.com
2012-07-07 23:27 - 2012-07-07 23:27 - 00000000 ____D C:\Users\Destiny\AppData\Roaming\SUPERAntiSpyware.com
2012-07-07 23:27 - 2012-07-07 23:27 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-07-07 23:27 - 2012-07-07 23:27 - 00000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-07-07 21:08 - 2012-06-03 23:35 - 56731752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-07-07 20:55 - 2012-07-07 20:55 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
2012-07-07 20:53 - 2012-07-07 20:53 - 00004302 ____A C:\Windows\System32\.crusader
2012-07-07 20:31 - 2012-07-07 20:53 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-07-07 20:31 - 2012-07-07 20:53 - 00000000 ____D C:\Users\All Users\Application Data\HitmanPro
2012-07-07 20:31 - 2012-07-07 20:31 - 08834304 ____A (SurfRight B.V.) C:\Users\Destiny\Downloads\HitmanPro36_x64.exe
2012-07-07 20:30 - 2012-07-07 20:30 - 07718272 ____A (SurfRight B.V.) C:\Users\Destiny\Downloads\HitmanPro36.exe
2012-07-07 19:50 - 2012-07-07 19:50 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Destiny\Downloads\mbam-setup-1.61.0.1400.exe
2012-07-07 19:49 - 2012-07-07 19:49 - 00000361 ____A C:\rkill.log
2012-07-07 15:40 - 2012-06-14 12:31 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2012-07-07 15:40 - 2012-06-14 12:31 - 01681368 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2012-07-07 15:40 - 2012-06-14 12:31 - 00767960 ____A C:\Windows\BDTSupport.dll
2012-07-07 15:40 - 2012-06-14 12:31 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2012-07-07 15:40 - 2012-06-14 12:31 - 00085224 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD64.sys
2012-07-07 15:40 - 2012-06-14 11:03 - 00003488 ____A C:\Windows\UDB.zip
2012-07-07 15:40 - 2012-06-14 11:03 - 00000882 ____A C:\Windows\RegSDImport.xml
2012-07-07 15:40 - 2012-06-14 11:03 - 00000879 ____A C:\Windows\RegISSImport.xml
2012-07-07 15:40 - 2012-06-14 11:03 - 00000131 ____A C:\Windows\IDB.zip
2012-07-07 15:39 - 2012-07-08 17:15 - 00000000 ____D C:\Program Files (x86)\PC Tools
2012-07-07 15:39 - 2012-05-11 11:14 - 00092896 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
2012-07-07 15:39 - 2012-05-11 11:13 - 00014776 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix64.sys
2012-07-07 15:39 - 2012-05-11 11:09 - 00145432 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
2012-07-07 15:39 - 2012-05-11 11:08 - 00341168 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
2012-07-07 15:37 - 2012-07-07 15:39 - 00000000 ____D C:\Users\All Users\PC Tools
2012-07-07 15:37 - 2012-07-07 15:39 - 00000000 ____D C:\Users\All Users\Application Data\PC Tools
2012-07-07 15:37 - 2012-07-07 15:37 - 00000000 ____D C:\Users\Destiny\Application Data\TestApp
2012-07-07 15:37 - 2012-07-07 15:37 - 00000000 ____D C:\Users\Destiny\AppData\Roaming\TestApp
2012-07-07 15:37 - 2012-05-11 11:14 - 00251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-07-07 15:37 - 2012-04-23 12:36 - 00426616 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
2012-07-07 15:37 - 2012-02-28 11:43 - 01096176 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA64.sys
2012-07-07 15:37 - 2012-02-28 11:43 - 00453896 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS64.sys
2012-07-07 15:10 - 2012-07-09 17:09 - 00000000 ____D C:\Users\All Users\Application Data\99058D9B000C1446001E904EB4EB2367
2012-07-07 15:10 - 2012-07-09 17:09 - 00000000 ____D C:\Users\All Users\99058D9B000C1446001E904EB4EB2367
2012-07-07 13:09 - 2012-07-07 13:09 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-04 15:58 - 2012-07-04 15:58 - 00232430 ____A C:\Users\Destiny\Downloads\Sp06v2_720p.rar
2012-07-02 22:01 - 2012-07-02 22:01 - 00000000 ____D C:\Users\E n d i n g\Application Data\Roxio Burn
2012-07-02 22:01 - 2012-07-02 22:01 - 00000000 ____D C:\Users\E n d i n g\AppData\Roaming\Roxio Burn
2012-07-02 21:59 - 2012-07-02 21:59 - 00659456 ____A (Speed Guide Inc.) C:\Users\E n d i n g\Downloads\TCPOptimizer (1).exe
2012-07-02 21:58 - 2012-07-02 21:58 - 00659456 ____A (Speed Guide Inc.) C:\Users\E n d i n g\Desktop\TCPOptimizer.exe
2012-07-02 21:58 - 2012-07-02 21:58 - 00000000 ____D C:\Users\E n d i n g\Application Data\KSafe
2012-07-02 21:58 - 2012-07-02 21:58 - 00000000 ____D C:\Users\E n d i n g\Application Data\Apple Computer
2012-07-02 21:58 - 2012-07-02 21:58 - 00000000 ____D C:\Users\E n d i n g\AppData\Roaming\KSafe
2012-07-02 21:58 - 2012-07-02 21:58 - 00000000 ____D C:\Users\E n d i n g\AppData\Roaming\Apple Computer
2012-07-02 21:56 - 2012-07-02 21:56 - 00659456 ____A (Speed Guide Inc.) C:\Users\Destiny\Desktop\TCPOptimizer.exe
2012-07-01 12:31 - 2012-07-01 12:31 - 03889704 ____A (Piriform Ltd) C:\Users\Destiny\Downloads\ccsetup320.exe
2012-06-21 16:28 - 2012-06-02 17:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 16:28 - 2012-06-02 17:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 16:28 - 2012-06-02 17:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 16:28 - 2012-06-02 17:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 16:28 - 2012-06-02 17:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 16:28 - 2012-06-02 17:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 16:28 - 2012-06-02 17:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 16:28 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 16:28 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

============ 3 Months Modified Files ========================

2012-07-15 16:22 - 2012-07-13 12:48 - 00000616 ____A C:\Windows\setupact.log
2012-07-15 16:22 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-15 13:31 - 2012-07-13 03:11 - 00082899 ____A C:\Windows\WindowsUpdate.log
2012-07-15 13:28 - 2012-07-15 13:28 - 04579346 ____R (Swearware) C:\Users\Destiny\Desktop\Gotcha.exe
2012-07-15 13:22 - 2012-07-13 15:57 - 00112226 ____A C:\Users\Destiny\Downloads\OTL.Txt
2012-07-15 13:20 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-15 13:20 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-15 13:14 - 2012-07-08 17:16 - 00000306 ____A C:\Windows\Tasks\RMAutoUpdate.job
2012-07-15 13:14 - 2011-07-26 16:21 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-15 03:53 - 2012-03-30 13:26 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-15 03:41 - 2011-07-26 16:21 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-13 23:34 - 2009-07-14 00:13 - 00779266 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-13 15:58 - 2012-07-13 15:58 - 00042566 ____A C:\Users\Destiny\Downloads\Extras.Txt
2012-07-13 13:35 - 2012-07-13 13:35 - 00596480 ____A (OldTimer Tools) C:\Users\Destiny\Downloads\OTL.exe
2012-07-13 12:48 - 2012-07-13 12:48 - 00000000 ____A C:\Windows\setuperr.log
2012-07-13 12:47 - 2012-07-12 16:11 - 00000294 ____A C:\Windows\Tasks\KsafeDelay.job
2012-07-11 23:43 - 2009-07-13 23:45 - 00394296 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 23:38 - 2011-08-02 18:31 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-11 19:53 - 2012-03-30 13:26 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-11 19:53 - 2011-07-19 00:18 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-10 19:00 - 2012-07-08 19:00 - 00056844 ____A C:\Windows\SysWOW64\AppLog.log
2012-07-10 04:12 - 2012-07-10 04:12 - 00208216 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kisknl64.sys
2012-07-10 04:12 - 2012-07-10 04:12 - 00208216 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kisknl.sys
2012-07-10 04:12 - 2012-07-10 04:12 - 00164696 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kdhacker64.sys
2012-07-10 04:12 - 2012-07-10 04:12 - 00125784 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kdhacker.sys
2012-07-10 04:12 - 2012-07-10 04:12 - 00082264 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\ksapi.sys
2012-07-10 04:12 - 2012-07-10 04:12 - 00031848 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kavbootc64.sys
2012-07-10 04:12 - 2012-07-10 04:12 - 00027240 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kavbootc.sys
2012-07-10 04:12 - 2012-07-10 04:12 - 00024472 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\bc.sys
2012-07-10 04:12 - 2012-07-10 04:12 - 00019352 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\ksskrpr.sys
2012-07-10 04:12 - 2012-07-10 04:12 - 00001105 ____A C:\Users\Public\Desktop\Kingsoft Antivirus.lnk
2012-07-10 04:12 - 2012-07-10 04:12 - 00001105 ____A C:\Users\All Users\Desktop\Kingsoft Antivirus.lnk
2012-07-09 17:03 - 2012-07-09 17:03 - 00001145 ____A C:\Users\Public\Desktop\Trojan Killer.lnk
2012-07-09 17:03 - 2012-07-09 17:03 - 00001145 ____A C:\Users\All Users\Desktop\Trojan Killer.lnk
2012-07-09 17:02 - 2012-07-09 17:02 - 29505952 ____A (GridinSoft LLC) C:\Users\Destiny\Downloads\gtk2122-setup.exe
2012-07-09 17:02 - 2012-07-09 17:01 - 00407872 ____A C:\Users\Destiny\Downloads\pkiller.exe
2012-07-09 13:44 - 2012-07-09 02:59 - 00000049 ____A C:\Users\Destiny\Desktop\AnviSoft.url
2012-07-09 03:57 - 2012-07-09 03:57 - 00128000 ____A (Anvisoft Corporation) C:\Users\Destiny\Downloads\live-security-platinum-killer (1).exe
2012-07-09 03:02 - 2012-07-09 03:02 - 00001190 ____A C:\Users\Destiny\Desktop\Anvi Smart Defender.lnk
2012-07-09 03:02 - 2012-07-09 03:01 - 11646768 ____A C:\Users\Destiny\Downloads\asdsetup_102.exe
2012-07-09 02:59 - 2012-07-09 02:59 - 00128000 ____A (Anvisoft Corporation) C:\Users\Destiny\Downloads\live-security-platinum-killer.exe
2012-07-09 02:42 - 2012-07-09 02:42 - 04819616 ____A (SpeedyPC Software Inc.) C:\Users\Destiny\Downloads\SpeedyPC Pro Installer.exe
2012-07-09 02:41 - 2012-07-09 02:41 - 00001205 ____A C:\Users\Destiny\Downloads\FixNCR (1).reg
2012-07-09 02:40 - 2012-07-09 02:40 - 00001205 ____A C:\Users\Destiny\Downloads\FixNCR.reg
2012-07-09 02:37 - 2012-07-09 00:22 - 00002052 ____A C:\Windows\epplauncher.mif
2012-07-09 02:35 - 2012-07-09 02:35 - 12621696 ____A (Microsoft Corporation) C:\Users\Destiny\Downloads\mseinstall.exe
2012-07-09 02:10 - 2009-07-14 00:08 - 00032634 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-08 23:45 - 2012-07-08 23:45 - 00388608 ____A (Trend Micro Inc.) C:\Users\Destiny\Downloads\HijackThis.exe
2012-07-08 23:06 - 2012-07-08 23:06 - 00000016 ____A C:\Windows\System32\config\software.szfi
2012-07-08 17:15 - 2012-07-08 17:15 - 00001331 ____A C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
2012-07-08 17:15 - 2012-07-08 17:15 - 00001331 ____A C:\Users\All Users\Desktop\PC Tools Registry Mechanic.lnk
2012-07-08 17:04 - 2012-07-08 17:04 - 17824216 ____A (PC Tools) C:\Users\Destiny\Downloads\rminstall.exe
2012-07-07 20:55 - 2012-07-07 20:55 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
2012-07-07 20:53 - 2012-07-07 20:53 - 00004302 ____A C:\Windows\System32\.crusader
2012-07-07 20:31 - 2012-07-07 20:31 - 08834304 ____A (SurfRight B.V.) C:\Users\Destiny\Downloads\HitmanPro36_x64.exe
2012-07-07 20:30 - 2012-07-07 20:30 - 07718272 ____A (SurfRight B.V.) C:\Users\Destiny\Downloads\HitmanPro36.exe
2012-07-07 19:51 - 2012-04-05 20:50 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-07 19:51 - 2012-04-05 20:50 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-07 19:50 - 2012-07-07 19:50 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Destiny\Downloads\mbam-setup-1.61.0.1400.exe
2012-07-07 19:49 - 2012-07-07 19:49 - 00000361 ____A C:\rkill.log
2012-07-04 15:58 - 2012-07-04 15:58 - 00232430 ____A C:\Users\Destiny\Downloads\Sp06v2_720p.rar
2012-07-02 21:59 - 2012-07-02 21:59 - 00659456 ____A (Speed Guide Inc.) C:\Users\E n d i n g\Downloads\TCPOptimizer (1).exe
2012-07-02 21:58 - 2012-07-02 21:58 - 00659456 ____A (Speed Guide Inc.) C:\Users\E n d i n g\Desktop\TCPOptimizer.exe
2012-07-02 21:56 - 2012-07-02 21:56 - 00659456 ____A (Speed Guide Inc.) C:\Users\Destiny\Desktop\TCPOptimizer.exe
2012-07-01 12:32 - 2011-07-27 11:34 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-07-01 12:32 - 2011-07-27 11:34 - 00000824 ____A C:\Users\All Users\Desktop\CCleaner.lnk
2012-07-01 12:31 - 2012-07-01 12:31 - 03889704 ____A (Piriform Ltd) C:\Users\Destiny\Downloads\ccsetup320.exe
2012-06-18 12:29 - 2012-01-21 03:23 - 00002016 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-06-18 12:29 - 2012-01-21 03:23 - 00002016 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk
2012-06-18 01:42 - 2012-07-09 03:02 - 00023296 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrs.sys
2012-06-18 01:42 - 2012-07-09 03:02 - 00018688 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrm.sys
2012-06-14 14:56 - 2012-06-14 14:56 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-14 14:56 - 2012-06-14 14:56 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-06-14 12:31 - 2012-07-07 15:40 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2012-06-14 12:31 - 2012-07-07 15:40 - 01681368 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2012-06-14 12:31 - 2012-07-07 15:40 - 00767960 ____A C:\Windows\BDTSupport.dll
2012-06-14 12:31 - 2012-07-07 15:40 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2012-06-14 12:31 - 2012-07-07 15:40 - 00085224 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD64.sys
2012-06-14 11:03 - 2012-07-07 15:40 - 00003488 ____A C:\Windows\UDB.zip
2012-06-14 11:03 - 2012-07-07 15:40 - 00000882 ____A C:\Windows\RegSDImport.xml
2012-06-14 11:03 - 2012-07-07 15:40 - 00000879 ____A C:\Windows\RegISSImport.xml
2012-06-14 11:03 - 2012-07-07 15:40 - 00000131 ____A C:\Windows\IDB.zip
2012-06-11 22:08 - 2012-07-11 23:39 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-10 12:57 - 2012-06-10 12:57 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-10 12:57 - 2012-06-10 12:57 - 00001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
2012-06-09 00:43 - 2012-07-11 23:35 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 23:41 - 2012-07-11 23:35 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 01:06 - 2012-07-11 23:35 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 01:06 - 2012-07-11 23:35 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 01:02 - 2012-07-11 23:34 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-06 00:05 - 2012-07-11 23:35 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 00:05 - 2012-07-11 23:35 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 00:03 - 2012-07-11 23:34 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-03 23:35 - 2012-07-07 21:08 - 56731752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-06-02 17:19 - 2012-06-21 16:28 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-06-21 16:28 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-06-21 16:28 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-06-21 16:28 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-06-21 16:28 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:15 - 2012-06-21 16:28 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:15 - 2012-06-21 16:28 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:19 - 2012-06-21 16:28 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:15 - 2012-06-21 16:28 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 07:49 - 2012-07-11 23:37 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 07:17 - 2012-07-11 23:37 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 07:12 - 2012-07-11 23:37 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 07:05 - 2012-07-11 23:37 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 07:05 - 2012-07-11 23:37 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 07:04 - 2012-07-11 23:37 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 07:04 - 2012-07-11 23:37 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 07:03 - 2012-07-11 23:37 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 07:01 - 2012-07-11 23:37 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 07:00 - 2012-07-11 23:37 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 06:59 - 2012-07-11 23:37 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 06:57 - 2012-07-11 23:37 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 06:57 - 2012-07-11 23:37 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 06:54 - 2012-07-11 23:37 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 04:07 - 2012-07-11 23:37 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 03:43 - 2012-07-11 23:37 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 03:33 - 2012-07-11 23:37 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 03:26 - 2012-07-11 23:37 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 03:25 - 2012-07-11 23:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 03:25 - 2012-07-11 23:37 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 03:23 - 2012-07-11 23:37 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 03:21 - 2012-07-11 23:37 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 03:20 - 2012-07-11 23:37 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 03:19 - 2012-07-11 23:37 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 03:19 - 2012-07-11 23:37 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 03:17 - 2012-07-11 23:37 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 03:16 - 2012-07-11 23:37 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 03:14 - 2012-07-11 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-02 00:50 - 2012-07-11 23:34 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 00:48 - 2012-07-11 23:34 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 00:48 - 2012-07-11 23:34 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 00:45 - 2012-07-11 23:34 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 00:44 - 2012-07-11 23:34 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 23:40 - 2012-07-11 23:34 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 23:40 - 2012-07-11 23:34 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 23:39 - 2012-07-11 23:34 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 23:34 - 2012-07-11 23:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 12:25 - 2010-11-20 22:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-25 12:24 - 2012-05-25 12:24 - 03862112 ____A (Piriform Ltd) C:\Users\Destiny\Downloads\ccsetup319(1).exe
2012-05-25 12:21 - 2012-05-25 12:21 - 03862112 ____A (Piriform Ltd) C:\Users\Destiny\Downloads\ccsetup319.exe
2012-05-15 22:52 - 2012-05-15 22:52 - 00001988 ____A C:\Users\Destiny\Desktop\MP3 Rocket 6.1.3.lnk
2012-05-15 22:50 - 2012-05-15 22:49 - 13120360 ____A C:\Users\Destiny\Downloads\mp3rocket(1).exe
2012-05-11 11:14 - 2012-07-07 15:39 - 00092896 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
2012-05-11 11:14 - 2012-07-07 15:37 - 00251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-05-11 11:13 - 2012-07-07 15:39 - 00014776 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix64.sys
2012-05-11 11:09 - 2012-07-07 15:39 - 00145432 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
2012-05-11 11:08 - 2012-07-07 15:39 - 00341168 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
2012-05-04 06:06 - 2012-06-12 18:25 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 05:03 - 2012-06-12 18:25 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 05:03 - 2012-06-12 18:25 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-01 18:11 - 2012-05-01 18:11 - 03654896 ____A (Piriform Ltd) C:\Users\Destiny\Downloads\ccsetup318.exe
2012-05-01 00:40 - 2012-06-12 18:26 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-29 02:02 - 2012-01-18 14:01 - 00025139 ____A C:\Users\Destiny\My Documents\SCA NHS Contact Info.lnk
2012-04-29 02:02 - 2012-01-18 14:01 - 00025139 ____A C:\Users\Destiny\Documents\SCA NHS Contact Info.lnk
2012-04-27 22:55 - 2012-06-12 18:24 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 16:28 - 2012-02-14 21:18 - 00001143 ____A C:\Users\Public\Desktop\Kingsoft PC Doctor.lnk
2012-04-27 16:28 - 2012-02-14 21:18 - 00001143 ____A C:\Users\All Users\Desktop\Kingsoft PC Doctor.lnk
2012-04-26 00:41 - 2012-06-12 18:27 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 00:41 - 2012-06-12 18:27 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 00:34 - 2012-06-12 18:27 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 00:37 - 2012-06-12 18:23 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-24 00:37 - 2012-06-12 18:23 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-24 00:37 - 2012-06-12 18:23 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 23:36 - 2012-06-12 18:23 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 23:36 - 2012-06-12 18:23 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 23:36 - 2012-06-12 18:23 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 12:36 - 2012-07-07 15:37 - 00426616 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
2012-04-18 20:56 - 2012-04-18 20:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 20:56 - 2012-04-18 20:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts

========================= Known DLLs (Whitelisted) ============

[2009-07-13 19:18] - [2009-07-13 20:41] - 0083456 ____A (Microsoft Corporation) C:\Windows\System32\msacm32.dll
[2009-07-13 19:03] - [2009-07-13 20:15] - 0072192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msacm32.dll
[2009-07-13 18:21] - [2009-07-13 20:41] - 0006656 ____A (Microsoft Corporation) C:\Windows\System32\shimeng.dll
[2009-07-13 18:12] - [2009-07-13 20:16] - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
[2009-07-13 18:55] - [2009-07-13 20:41] - 0332288 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
[2009-07-13 18:39] - [2009-07-13 20:11] - 0245760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8139.82 MB
Available physical RAM: 7352.28 MB
Total Pagefile: 8138.02 MB
Available Pagefile: 7336.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:687.39 GB) (Free:584.6 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:11.2 GB) (Free:4.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:3.73 GB) (Free:3.52 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 3072 KB
Disk 1 Online 3819 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 11 GB 40 MB
Partition 3 Primary 687 GB 11 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E RECOVERY NTFS Partition 11 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 687 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3819 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F NTFS Removable 3819 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-09 17:54

======================= End Of Log ==========================
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP