1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

How to get rid of win32-gen malware?

Discussion in 'Virus & Other Malware Removal' started by leo92, Jun 30, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. leo92

    leo92 Thread Starter

    Joined:
    Jun 30, 2010
    Messages:
    17
    Hello helper,

    i have recently being encountering malware (svchost.exe) in windows temp folder.This virus keeps creating .tmp files in this particular directory(c\windows\temp) and avast deletes them automatically.For example toro.tmp,wavt.tmp and etc are file that i have encountered so far.Also they have some sort of {UPX} symbol after them.Here is my hijack scan:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:13:03, on 30-06-2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18928)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files\CyberLink\Shared files\brs.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Program Files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\CometBird\CometBird.exe
    C:\Program Files\CometBird\plugin-container.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.4.13.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
    O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
    O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
    O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
    O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
    O4 - HKCU\..\Run: [googletalk] C:\Users\SACHIN\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
    O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: CCC.lnk = ?
    O4 - Global Startup: Bitcomet Ultra Accelerator.lnk = C:\Program Files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe
    O4 - Global Startup: LimeWire Ultra Accelerator.lnk = C:\Program Files\LimeWire Ultra Accelerator\LimeWire Ultra Accelerator.exe
    O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.4.13.dll/206 (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe

    --
    End of file - 8694 bytes
     
  2. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    Download ComboFix here :

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

      Click me

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
     
  3. leo92

    leo92 Thread Starter

    Joined:
    Jun 30, 2010
    Messages:
    17
    Avast is still detecting some malware in temp folder of windows,the problem isn't solved yet.I think now i have to reinstall vista.Anyways
    Here is my log:

    ComboFix 10-07-01.02 - SACHIN 02-07-2010 10:51:53.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.91.1033.18.2046.1206 [GMT 5.5:30]
    Running from: c:\users\SACHIN\Desktop\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\msconfig.exe
    c:\windows\UA000106.DLL

    c:\windows\system32\drivers\beep.sys . . . is infected!!

    c:\windows\system32\srsvc.dll . . . is infected!!

    .
    ((((((((((((((((((((((((( Files Created from 2010-06-02 to 2010-07-02 )))))))))))))))))))))))))))))))
    .

    2010-07-01 17:44 . 2010-07-01 17:57 -------- d-----w- c:\program files\Need for Speed Carbon
    2010-07-01 15:26 . 2010-07-01 15:26 -------- d-----w- c:\program files\uTorrent
    2010-07-01 15:25 . 2010-07-01 15:31 -------- d-----w- c:\users\SACHIN\AppData\Roaming\uTorrent
    2010-07-01 14:03 . 2010-05-17 17:23 6630912 ----a-w- c:\windows\system32\drivers\NETw5v32.sys
    2010-07-01 10:54 . 2010-07-01 10:47 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-07-01 10:47 . 2010-07-01 10:47 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-07-01 10:36 . 2010-07-01 10:36 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    2010-07-01 10:36 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
    2010-07-01 10:35 . 2010-07-01 10:39 -------- d-----w- c:\programdata\Lavasoft
    2010-07-01 10:35 . 2010-07-01 10:36 -------- d-----w- c:\program files\Lavasoft
    2010-07-01 08:13 . 2010-07-01 08:13 1152 ----a-w- c:\windows\system32\windrv.sys
    2010-07-01 08:00 . 2010-07-01 08:00 -------- d-----w- c:\users\SACHIN\AppData\Roaming\CleanMyPC Software
    2010-07-01 08:00 . 2010-07-01 08:00 -------- d-----w- c:\program files\CleanMyPC
    2010-06-30 08:28 . 2010-06-30 08:28 0 ----a-w- c:\windows\ativpsrm.bin
    2010-06-30 08:04 . 2008-06-02 22:04 262144 ----a-w- c:\windows\system32\Oemdspif.dll
    2010-06-30 08:04 . 2008-06-02 21:18 10043392 ----a-w- c:\windows\system32\atioglxx.dll
    2010-06-30 08:04 . 2008-06-03 00:52 3695104 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2010-06-30 08:04 . 2008-04-28 15:39 172033 ----a-w- c:\windows\system32\atiicdxx.dat
    2010-06-30 08:04 . 2008-03-05 19:08 90112 ----a-w- c:\windows\system32\atibrtmon.exe
    2010-06-30 08:04 . 2008-06-02 21:19 32256 ----a-w- c:\windows\system32\atiadlxx.dll
    2010-06-30 08:04 . 2008-06-02 21:04 49152 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2010-06-30 08:04 . 2008-06-02 21:20 49664 ----a-w- c:\windows\system32\amdpcom32.dll
    2010-06-30 07:42 . 2010-06-30 07:42 -------- d-----w- c:\program files\Trend Micro
    2010-06-30 07:15 . 2007-11-16 15:31 818688 ----a-w- c:\windows\system32\drivers\ti21sony.sys
    2010-06-30 06:25 . 2010-06-30 06:25 -------- d-----w- c:\users\SACHIN\AppData\Roaming\Malwarebytes
    2010-06-30 06:25 . 2010-04-29 10:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-06-30 06:25 . 2010-04-29 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-06-30 06:25 . 2010-06-30 06:25 -------- d-----w- c:\programdata\Malwarebytes
    2010-06-30 06:25 . 2010-06-30 07:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-06-30 05:17 . 2010-06-30 05:17 -------- d-----w- c:\users\SACHIN\AppData\Roaming\GlarySoft
    2010-06-30 05:14 . 2010-06-30 05:14 -------- d-----w- c:\program files\Glary Utilities
    2010-06-30 04:50 . 2010-06-30 04:50 -------- d-----w- c:\program files\Sophos
    2010-06-30 04:17 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
    2010-06-29 14:40 . 2010-06-29 14:40 -------- dc----w- c:\programdata\{9DF77379-A83D-46CF-968D-03CBC652096D}
    2010-06-29 09:56 . 2010-05-21 08:44 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-06-29 09:52 . 2010-06-29 09:52 -------- d-----w- c:\program files\Microsoft.NET
    2010-06-29 09:49 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
    2010-06-29 09:23 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
    2010-06-29 07:52 . 2010-06-29 07:53 477184 ----a-w- c:\users\SACHIN\AppData\Roaming\Xilisoft\DVD Creator 6\x-dvd-creator6.exe
    2010-06-29 07:36 . 2010-06-29 07:36 -------- d-----w- c:\users\SACHIN\AppData\Roaming\Publish Providers
    2010-06-29 07:32 . 2010-06-29 07:32 -------- d-----w- c:\users\SACHIN\AppData\Local\Sony
    2010-06-29 07:26 . 2010-06-29 07:26 -------- d-----w- c:\programdata\Sony
    2010-06-29 07:23 . 2010-06-29 15:34 -------- d-----w- c:\users\SACHIN\AppData\Roaming\Sony
    2010-06-29 06:50 . 2010-05-31 06:13 252008 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
    2010-06-29 06:50 . 2009-12-03 11:57 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
    2010-06-29 06:40 . 2010-06-29 06:42 2869784 ----a-w- c:\users\SACHIN\AppData\Roaming\Easeware\DriverEasy\drivers\1yjj4fol.do2\INF_allOS_9.1.2.1007_PV.exe
    2010-06-29 05:20 . 2010-07-01 10:34 -------- d-----w- c:\users\SACHIN\AppData\Roaming\Media Player Classic
    2010-06-29 04:57 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
    2010-06-29 04:57 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
    2010-06-29 04:57 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-06-29 04:57 . 2010-06-02 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-06-29 04:57 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
    2010-06-29 04:57 . 2010-06-29 04:57 -------- d-----w- c:\program files\K-Lite Codec Pack
    2010-06-28 19:34 . 2010-06-29 04:54 -------- d-----w- c:\programdata\VistaCodecs
    2010-06-28 19:01 . 2010-06-28 19:01 -------- d-----w- c:\programdata\Apple Computer
    2010-06-28 18:53 . 2010-06-28 18:53 36864 ----a-w- c:\programdata\Temp\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\PostBuild.exe
    2010-06-28 18:52 . 2009-11-02 08:47 34088 ----a-w- c:\programdata\CyberLink\Power2Go\P2GoGadget.dll
    2010-06-28 18:48 . 2010-06-28 18:48 53319 ----a-w- c:\programdata\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
    2010-06-28 13:04 . 2010-06-28 13:04 -------- d-----w- c:\users\SACHIN\AppData\Local\Ares
    2010-06-28 13:03 . 2010-06-28 13:11 -------- d-----w- c:\program files\Ares
    2010-06-28 12:46 . 2010-06-28 12:46 -------- d-----w- c:\users\SACHIN\AppData\Local\Xilisoft
    2010-06-28 12:46 . 2010-06-28 12:46 -------- d-----w- c:\users\SACHIN\AppData\Roaming\Xilisoft
    2010-06-28 12:44 . 2010-06-28 12:44 -------- d-----w- c:\program files\Xilisoft
    2010-06-28 07:32 . 2010-06-28 07:32 -------- d-----w- c:\users\SACHIN\AppData\Roaming\InstallShield
    2010-06-28 07:19 . 2010-06-28 07:29 -------- d-----w- c:\program files\Bitcomet Ultra Accelerator
    2010-06-28 04:49 . 2010-06-28 04:49 -------- d-----w- c:\program files\Windows Portable Devices
    2010-06-28 04:44 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
    2010-06-28 04:44 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
    2010-06-28 04:44 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
    2010-06-28 04:44 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
    2010-06-28 04:44 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
    2010-06-28 04:44 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
    2010-06-28 04:44 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
    2010-06-28 04:44 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
    2010-06-28 04:44 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
    2010-06-28 04:44 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
    2010-06-28 04:44 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
    2010-06-28 04:44 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
    2010-06-28 04:43 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2010-06-28 04:43 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2010-06-28 04:43 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
    2010-06-27 05:18 . 2010-06-27 05:18 -------- d-----w- c:\users\SACHIN\Cyberlink
    2010-06-27 03:59 . 2010-06-27 03:59 -------- d-----w- c:\users\SACHIN\AppData\Local\Power2Go
    2010-06-26 19:09 . 2010-06-26 19:09 -------- d-----w- c:\program files\LimeWire Ultra Accelerator
    2010-06-26 18:37 . 2010-06-28 04:34 -------- d-----w- c:\users\Public\CyberLink
    2010-06-26 18:36 . 2010-06-28 19:13 53319 ----a-w- c:\programdata\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
    2010-06-26 18:33 . 2010-06-28 19:09 53319 ----a-w- c:\programdata\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
    2010-06-26 18:32 . 2010-06-28 19:08 36864 ----a-w- c:\programdata\Temp\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe
    2010-06-26 18:31 . 2010-06-28 19:06 36864 ----a-w- c:\programdata\Temp\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
    2010-06-26 18:30 . 2010-06-26 18:30 -------- d-----w- c:\program files\Common Files\CyberLink
    2010-06-26 18:29 . 2010-06-28 19:03 53319 ----a-w- c:\programdata\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
    2010-06-26 18:27 . 2010-06-26 18:27 -------- d-----w- c:\users\SACHIN\AppData\Local\Apple
    2010-06-26 18:27 . 2010-06-26 18:27 -------- d-----w- c:\program files\Apple Software Update
    2010-06-26 18:27 . 2010-06-26 18:27 -------- d-----w- c:\programdata\Apple
    2010-06-26 18:22 . 2010-06-28 18:57 36864 ----a-w- c:\programdata\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
    2010-06-26 18:21 . 2010-06-28 18:53 36864 ----a-w- c:\programdata\Temp\{ADD5DB49-72CF-11D8-9D75-000129760D75}\PostBuild.exe
    2010-06-26 18:19 . 2010-06-28 18:51 36864 ----a-w- c:\programdata\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
    2010-06-26 18:19 . 2010-06-28 18:26 -------- d-----w- c:\users\SACHIN\AppData\Roaming\CyberLink
    2010-06-26 18:19 . 2010-06-28 19:13 -------- d-----w- c:\users\SACHIN\AppData\Local\Cyberlink
    2010-06-26 18:16 . 2010-06-28 18:49 36864 ----a-w- c:\programdata\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
    2010-06-26 18:16 . 2010-06-28 19:13 -------- d-----w- c:\program files\CyberLink
    2010-06-26 18:15 . 2010-06-28 19:36 -------- d-----w- c:\programdata\CyberLink
    2010-06-26 18:11 . 2010-07-02 05:13 -------- d---a-w- c:\programdata\Temp
    2010-06-26 18:11 . 2010-06-28 18:46 53319 ----a-w- c:\programdata\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
    2010-06-26 18:02 . 2010-06-26 18:02 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-06-26 18:01 . 2010-06-26 18:02 -------- d-----w- c:\program files\DAEMON Tools Lite
    2010-06-26 18:01 . 2010-06-26 18:10 -------- d-----w- c:\users\SACHIN\AppData\Roaming\DAEMON Tools Lite
    2010-06-26 18:01 . 2010-06-26 18:01 -------- d-----w- c:\programdata\DAEMON Tools Lite
    2010-06-26 17:37 . 2010-06-26 17:52 -------- d-----w- c:\program files\ZC DVD Creator Platinum
    2010-06-26 17:02 . 2010-06-26 17:06 -------- d-----w- c:\users\SACHIN\AppData\Roaming\Ulead Systems
    2010-06-26 16:55 . 2002-03-16 20:30 7420 ----a-w- c:\windows\UA000104.DLL
    2010-06-26 16:54 . 2010-06-29 09:51 -------- d--h--w- c:\windows\msdownld.tmp
    2010-06-26 16:54 . 2010-06-26 16:54 -------- d-----w- c:\program files\Windows Media Components
    2010-06-26 16:53 . 2010-06-26 16:53 -------- d-----w- c:\program files\Common Files\LightScribe
    2010-06-26 16:51 . 2010-06-26 17:02 -------- d-----w- c:\programdata\Ulead Systems
    2010-06-26 16:51 . 2010-06-26 16:51 -------- d-----w- c:\program files\Corel
    2010-06-26 15:28 . 2010-06-26 15:28 -------- d-----w- c:\windows\tiinst
    2010-06-26 15:28 . 2010-06-26 15:28 -------- d-----w- C:\Dell
    2010-06-26 14:04 . 2010-06-26 14:04 274472 ----a-w- c:\windows\system32\drivers\btwampfl.sys
    2010-06-26 12:59 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2010-06-26 12:59 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2010-06-26 12:58 . 2010-06-26 14:02 68070224 ----a-w- c:\users\SACHIN\AppData\Roaming\Easeware\DriverEasy\drivers\yoqvili5.cht\setupBTW_6.3.0.3102_DELL_BY_514_517.exe
    2010-06-26 12:58 . 2010-01-21 10:36 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2010-06-26 12:58 . 2010-01-21 10:36 230448 ----a-w- c:\windows\system32\drivers\SynTP.sys
    2010-06-26 12:58 . 2010-01-21 10:36 161064 ----a-w- c:\windows\system32\SynTPAPI.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-01 14:04 . 2006-11-02 10:25 51200 ----a-w- c:\windows\inf\infpub.dat
    2010-07-01 14:04 . 2006-11-02 10:25 143360 ----a-w- c:\windows\inf\infstrng.dat
    2010-07-01 14:04 . 2006-11-02 10:25 86016 ----a-w- c:\windows\inf\infstor.dat
    2010-07-01 11:03 . 2010-07-01 11:00 -------- d-----w- c:\program files\Spyware Doctor
    2010-07-01 11:01 . 2010-07-01 11:00 -------- d-----w- c:\program files\Common Files\PC Tools
    2010-07-01 11:00 . 2010-07-01 11:00 -------- d-----w- c:\users\SACHIN\AppData\Roaming\PC Tools
    2010-07-01 11:00 . 2010-07-01 11:00 -------- d-----w- c:\programdata\PC Tools
    2010-06-28 19:03 . 2009-10-14 07:30 505128 ----a-w- c:\windows\system32\msvcp71.dll
    2010-06-28 19:03 . 2009-01-08 07:43 353576 ----a-w- c:\windows\system32\msvcr71.dll
    2010-06-28 04:49 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2010-06-28 04:48 . 2010-06-28 04:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2010-06-26 15:28 . 2010-06-26 15:21 -------- d--h--w- c:\program files\Temp
    2010-06-26 13:00 . 2010-06-26 13:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
    2010-06-26 13:00 . 2010-06-26 13:00 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    2010-06-25 13:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-06-21 14:44 . 2010-06-21 14:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2010-05-04 05:59 . 2010-06-29 09:50 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-04 05:55 . 2010-06-29 09:50 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-05-04 05:55 . 2010-06-29 09:50 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-05-04 04:31 . 2010-06-29 09:50 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-04-30 11:55 . 2010-06-26 15:21 1775136 ----a-w- c:\windows\system32\RtkPgExt.dll
    2010-04-30 11:54 . 2010-06-26 15:21 367136 ----a-w- c:\windows\system32\RtkApoApi.dll
    2010-04-30 11:29 . 2010-06-26 15:21 3086752 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
    2010-04-27 15:21 . 2010-06-26 15:21 1738072 ----a-w- c:\windows\system32\WavesGUILib.dll
    2010-04-27 15:21 . 2010-06-26 15:21 253272 ----a-w- c:\windows\system32\MaxxVolumeSDAPO.dll
    2010-04-27 15:21 . 2010-06-26 15:21 253784 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll
    2010-04-27 15:21 . 2010-06-26 15:21 1312088 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
    2010-04-27 08:20 . 2010-06-26 15:21 299424 ----a-w- c:\windows\system32\FMAPO.dll
    2010-04-16 16:43 . 2010-06-24 15:52 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
    2010-04-16 16:43 . 2010-06-24 15:52 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
    2010-04-16 16:43 . 2010-06-24 15:52 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
    2010-04-16 16:43 . 2010-06-24 15:52 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
    2010-04-14 12:25 . 2010-06-26 15:21 232792 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
    2010-04-08 08:59 . 2010-07-01 11:00 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    .

    ------- Sigcheck -------

    [-] 2008-01-21 . 53B202ABEE6455406254444303E87BE1 . 17408 . . [6.0.6001.18000] . . c:\windows\System32\drivers\asyncmac.sys


    [-] 2008-01-21 . C5DBBCDA07D780BDA9B685DF333BB41E . 4608 . . [6.0.6001.18000] . . c:\windows\System32\drivers\null.sys

    [-] 2008-01-21 . A3629A0C4226F9E9C72FAAEEBC3AD33C . 81920 . . [6.0.6000.16386] . . c:\windows\System32\browser.dll

    [-] 2009-06-15 . 3978F3540329E16C0AC3BCF677E5669F . 9728 . . [6.0.6000.16386] . . c:\windows\System32\lsass.exe

    [-] 2008-01-21 . C8052711DAECC48B982434C5116CA401 . 274432 . . [6.0.6000.16386] . . c:\windows\System32\netman.dll

    [-] 2009-04-11 . 93952506C6D67330367F7E7934B6A02F . 758784 . . [7.0.6001.18000] . . c:\windows\System32\qmgr.dll

    [-] 2009-04-11 . 3B5B4D53FEC14F7476CA29A20CC31AC9 . 550400 . . [6.0.6000.16386] . . c:\windows\System32\rpcss.dll

    [-] 2009-04-11 . D4E6D91C1349B7BFB3599A6ADA56851B . 279552 . . [6.0.6000.16386] . . c:\windows\System32\services.exe

    [-] 2009-04-11 . 524BFBEA40E6E404737CCBC754647A2E . 127488 . . [6.0.6000.16386] . . c:\windows\System32\spoolsv.exe

    [-] 2009-04-11 . 898E7C06A350D4A1A64A9EA264D55452 . 314368 . . [6.0.6001.18000] . . c:\windows\System32\winlogon.exe

    [-] 2008-01-21 . 50CDFD99E606D172875E73B87C64053D . 531968 . . [5.82] . . c:\windows\System32\comctl32.dll

    [-] 2009-04-11 . FB27772BEAF8E1D28CCD825C09DA939B . 129024 . . [6.0.6000.16386] . . c:\windows\System32\cryptsvc.dll

    [-] 2009-04-11 . 67058C46504BC12D821F38CF99B7B28F . 268800 . . [2001.12.6932.18005] . . c:\windows\System32\es.dll

    [-] 2009-04-11 . C8BDCECEE082B54F0BAC838BF0A34597 . 114688 . . [6.0.6002.18005] . . c:\windows\System32\imm32.dll

    [-] 2009-04-11 . BB8509089E7DF514310814E1B2593FFC . 891392 . . [6.0.6001.18000] . . c:\windows\System32\kernel32.dll

    [-] 2006-11-02 . 24F90AEFEBE601D427CB4511E74CDCB6 . 22016 . . [6.0.6000.16386] . . c:\windows\System32\linkinfo.dll

    [-] 2009-06-15 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\System32\lpk.dll

    [-] 2010-05-04 . B1E862448C38B0F70139BC28F67332DE . 5950976 . . [8.00.6001.18702] . . c:\windows\System32\mshtml.dll

    [-] 2009-04-11 . F5E991236960137B1F5449C5E5DF4656 . 679936 . . [7.0.6002.18005] . . c:\windows\System32\msvcrt.dll

    [-] 2009-04-11 . 8617350C9B590B63E620881092751BCB . 223232 . . [6.0.6000.16386] . . c:\windows\System32\mswsock.dll

    [-] 2009-04-11 . 95DAECF0FB120A7B5DA679CC54E37DDE . 592896 . . [6.0.6001.18000] . . c:\windows\System32\netlogon.dll

    [-] 2009-04-11 . 9A7F4B2EDACD11444D048AA19CBB26AF . 98816 . . [6.0.6001.18000] . . c:\windows\System32\powrprof.dll

    [-] 2009-04-11 . 8FC182167381E9915651267044105EE1 . 177152 . . [6.0.6000.16386] . . c:\windows\System32\scecli.dll

    [-] 2006-11-02 . F4E1AA5D59C849A4AB47E895DC76B9C8 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\sfc.dll

    [-] 2008-01-21 . 3794B461C45882E06856F282EEF025AF . 21504 . . [6.0.6000.16386] . . c:\windows\System32\svchost.exe

    [-] 2009-04-11 . D7673E4B38CE21EE54C59EEEB65E2483 . 242688 . . [6.0.6000.16386] . . c:\windows\System32\tapisrv.dll

    [-] 2009-04-11 . 75510147B94598407666F4802797C75A . 627712 . . [6.0.6001.18000] . . c:\windows\System32\user32.dll

    [-] 2008-01-21 . 0E135526E9785D085BCD9AEDE6FBCBF9 . 25088 . . [6.0.6000.16386] . . c:\windows\System32\userinit.exe

    [-] 2010-05-04 . F317362AEB06140E7FB1B29331FDC038 . 916480 . . [8.00.6001.18702] . . c:\windows\System32\wininet.dll

    [-] 2008-01-21 . B304D47D5744BA20FCB99FB8B2C07B0B . 179200 . . [6.0.6000.16386] . . c:\windows\System32\ws2_32.dll

    [-] 2006-11-02 . 17C0671BF57057108A6D949510EE42C8 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\ws2help.dll

    [-] 2009-04-11 . D07D4C3038F3578FFCE1C0237F2A1253 . 2926592 . . [6.0.6000.16386] . . c:\windows\explorer.exe






    [-] 2006-11-02 . 22BFD03DF51065A9ED8D17F8FB72296B . 8704 . . [6.0.6000.16386] . . c:\windows\System32\ctfmon.exe

    [-] 2009-04-11 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll

    [-] 2009-04-11 . 9E6894EA18DAFF37B63E1005F83AE4AB . 107008 . . [6.0.6000.16386] . . c:\windows\System32\regsvc.dll

    [-] 2009-04-11 . 323AE0BDFD2EB15B668DDA50CC597329 . 595456 . . [6.0.6001.18000] . . c:\windows\System32\schedsvc.dll

    [-] 2008-01-21 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6000.16386] . . c:\windows\System32\ssdpsrv.dll

    [-] 2009-04-11 . BB95DA09BEF6E7A131BFF3BA5032090D . 449024 . . [6.0.6001.18000] . . c:\windows\System32\termsrv.dll

    [-] 2008-01-21 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\System32\ias.dll

    [-] 2006-11-02 09:46 . BA8639F9EB0F74F2946DE6DE1AF4691F . 924944 . . [4.1.6140] . . c:\windows\System32\mfc40u.dll

    [-] 2008-01-21 . 68308183F4AE0BE7BF8ECD07CB297999 . 259072 . . [6.0.6000.16386] . . c:\windows\System32\upnphost.dll

    [-] 2009-04-11 . 84B8827562B005C118CADBA0F25DB2C6 . 444416 . . [6.0.6000.16386] . . c:\windows\System32\dsound.dll

    [-] 2009-04-11 . 8AAEEE8E59A70F37579993D118A34EE0 . 1788416 . . [6.0.6002.18005] . . c:\windows\System32\d3d9.dll

    [-] 2008-01-21 . FA2A3AFADC4FB47DBC234A4E57F92CDB . 522752 . . [6.0.6000.16386] . . c:\windows\System32\ddraw.dll

    [-] 2009-04-11 13:18 . A944A73CEC5921B871542FE5CC5E03E4 . 88576 . . [6.0.6002.18005] . . c:\windows\System32\olepro32.dll

    [-] 2006-11-02 . BA7C3E9DD6B1A632124C8659E8014028 . 39424 . . [6.0.6000.16386] . . c:\windows\System32\perfctrs.dll

    c:\windows\System32\drivers\beep.sys ... is missing !!
    c:\windows\System32\srsvc.dll ... is missing !!
    c:\windows\System32\wscntfy.exe ... is missing !!
    c:\windows\System32\xmlprov.dll ... is missing !!
    c:\windows\System32\eventlog.dll ... is missing !!
    c:\windows\System32\sfcfiles.dll ... is missing !!
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "BitComet"="c:\program files\BitComet\BitComet.exe" [2010-05-28 3085104]
    "DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
    "googletalk"="c:\users\SACHIN\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "ares"="c:\program files\Ares\Ares.exe" [2010-02-08 1015808]
    "Registry Cleaner Scheduler"="c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2008-03-02 913664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-05-28 415864]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-21 1594664]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-30 9210400]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2010-04-30 1833504]
    "IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]
    "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
    "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
    "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
    "BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2009-09-01 75048]

    c:\users\SACHIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-6-1 49152]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bitcomet Ultra Accelerator.lnk - c:\program files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe [2010-6-22 260096]
    LimeWire Ultra Accelerator.lnk - c:\program files\LimeWire Ultra Accelerator\LimeWire Ultra Accelerator.exe [2010-6-4 260096]
    Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2010-6-24 1809680]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @="IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @="SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @="SecurityDevices"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
    backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):62,22,80,d4,a9,ba,c9,01

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Logging]
    "LogFileSize"= 4096 (0x1000)
    "LogFilePath"= %systemroot%\system32\LogFiles\Firewall\pfirewall.log

    R0 CLFS;Common Log (CLFS);c:\windows\System32\clfs.sys [11-04-2009 18:48 245736]
    R0 Ecache;ReadyBoost Caching Driver;c:\windows\System32\drivers\ecache.sys [11-04-2009 18:48 141288]
    R0 FileInfo;File Information FS MiniFilter;c:\windows\System32\drivers\fileinfo.sys [21-01-2008 07:54 58936]
    R0 msisadrv;ISA/EISA Class Driver;c:\windows\System32\drivers\msisadrv.sys [21-01-2008 07:53 16440]
    R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [01-07-2010 16:30 218592]
    R0 spldr;Security Processor Loader Driver;c:\windows\System32\drivers\spldr.sys [21-01-2008 07:54 21048]
    R0 volmgr;Volume Manager Driver;c:\windows\System32\drivers\volmgr.sys [21-01-2008 07:53 52792]
    R0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [11-04-2009 18:48 292840]
    R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [22-06-2010 11:44 165456]
    R1 DfsC;DFS Namespace Client Driver;c:\windows\System32\drivers\dfsc.sys [11-04-2009 18:48 75264]
    R1 nsiproxy;NSI proxy service;c:\windows\System32\drivers\nsiproxy.sys [21-01-2008 07:54 16384]
    R1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\System32\drivers\RDPENCDD.sys [21-01-2008 07:54 6144]
    R1 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\System32\drivers\smb.sys [11-04-2009 18:48 66560]
    R1 tdx;NetIO Legacy TDI Support Driver;c:\windows\System32\drivers\tdx.sys [11-04-2009 18:48 72192]
    R1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\System32\drivers\wanarp.sys [21-01-2008 07:54 62464]
    R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/06/29 00:35];c:\program files\CyberLink\PowerDVD9\000.fcl [01-09-2009 16:59 87536]
    R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [22-06-2010 11:44 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [22-06-2010 11:44 50256]
    R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21-01-2008 07:53 21504]
    R2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [21-01-2008 07:53 21504]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [01-07-2010 16:30 112592]
    R2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [21-01-2008 07:53 21504]
    R2 EMDMgmt;ReadyBoost;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [21-01-2008 07:53 21504]
    R2 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe -k LocalService [21-01-2008 07:53 21504]
    R2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe -k GPSvcGroup [21-01-2008 07:53 21504]
    R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe -k netsvcs [21-01-2008 07:53 21504]
    R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [27-06-2010 00:15 312152]
    R2 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe -k NetworkService [21-01-2008 07:53 21504]
    R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\System32\drivers\lltdio.sys [21-01-2008 07:54 47104]
    R2 luafv;UAC File Virtualization;c:\windows\System32\drivers\luafv.sys [21-01-2008 07:54 84480]
    R2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe -k netsvcs [21-01-2008 07:53 21504]
    R2 netprofm;Network List Service;c:\windows\System32\svchost.exe -k LocalService [21-01-2008 07:53 21504]
    R2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe -k NetworkService [21-01-2008 07:53 21504]
    R2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe -k LocalService [21-01-2008 07:53 21504]
    R2 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [21-01-2008 07:53 21504]
    R2 PEAUTH;PEAUTH;c:\windows\System32\drivers\PEAuth.sys [02-11-2006 14:34 878080]
    R2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe -k netsvcs [21-01-2008 07:53 21504]
    R2 slsvc;Software Licensing;c:\windows\System32\SLsvc.exe [11-04-2009 18:48 3408896]
    R2 SysMain;Superfetch;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [21-01-2008 07:53 21504]
    R2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\System32\drivers\tcpipreg.sys [24-06-2010 21:22 30720]
    R2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21-01-2008 07:53 21504]
    R2 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe -k WerSvcGroup [21-01-2008 07:53 21504]
    R2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [21-01-2008 07:53 21504]
    R2 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [21-01-2008 07:53 21504]
    R2 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [21-01-2008 07:53 21504]
    R3 Appinfo;Application Information;c:\windows\system32\svchost.exe -k netsvcs [21-01-2008 07:53 21504]
    R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [29-07-2008 04:45 904192]
    R3 bowser;Bowser;c:\windows\System32\drivers\bowser.sys [21-01-2008 07:53 69632]
    R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [28-06-2010 10:15 634880]
    R3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe -k LocalService [21-01-2008 07:53 21504]
    R3 iScsiPrt;iScsiPort Driver;c:\windows\System32\drivers\msiscsi.sys [11-04-2009 18:48 180712]
    R3 KeyIso;CNG Key Isolation;c:\windows\System32\lsass.exe [25-06-2010 12:36 9728]
    R3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\System32\drivers\monitor.sys [21-01-2008 07:53 41984]
    R3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\System32\drivers\mrxsmb10.sys [24-06-2010 08:28 212992]
    R3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\System32\drivers\mrxsmb20.sys [24-06-2010 08:28 79360]
    R3 NativeWifiP;NativeWiFi Filter;c:\windows\System32\drivers\nwifi.sys [11-04-2009 18:48 148480]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [01-07-2010 19:33 6630912]
    R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [21-06-2010 20:14 73472]
    R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [21-06-2010 20:14 43904]
    R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [21-06-2010 20:21 9344]
    R3 srv2;srv2;c:\windows\System32\drivers\srv2.sys [23-06-2010 12:57 144896]
    R3 srvnet;srvnet;c:\windows\System32\drivers\srvnet.sys [25-06-2010 12:39 98816]
    R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [30-06-2010 12:45 818688]
    R3 umbus;UMBus Enumerator Driver;c:\windows\System32\drivers\umbus.sys [21-01-2008 07:53 34816]
    R3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21-01-2008 07:53 21504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-03-2010 13:16 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22-06-2010 11:44 136176]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04-02-2010 21:22 1352832]
    S2 TBS;TPM Base Services;c:\windows\System32\svchost.exe -k LocalService [21-01-2008 07:53 21504]
    S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\System32\drivers\BrFiltLo.sys [02-11-2006 15:08 13568]
    S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\System32\drivers\BrFiltUp.sys [02-11-2006 15:07 5248]
    S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\System32\drivers\btwampfl.sys [26-06-2010 19:34 274472]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [26-06-2010 17:46 29472]
    S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver;c:\windows\System32\drivers\E1G60I32.sys [21-01-2008 07:53 118784]
    S3 Filetrace;FileTrace;c:\windows\System32\drivers\filetrace.sys [21-01-2008 07:54 27648]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21-01-2008 07:53 21504]
    S3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [21-01-2008 07:53 21504]
    S3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe -k LocalService [21-01-2008 07:53 21504]
    S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\System32\drivers\mpsdrv.sys [21-01-2008 07:54 64000]
    S3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe -k netsvcs [21-01-2008 07:53 21504]
    S3 MsRPC;MsRPC;c:\windows\System32\drivers\msrpc.sys [11-04-2009 18:48 161752]
    S3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [21-01-2008 07:53 21504]
    S3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21-01-2008 07:53 21504]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [01-07-2010 16:30 366840]
    S3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe -k SDRSVC [21-01-2008 07:53 21504]
    S3 SessionEnv;Terminal Services Configuration;c:\windows\System32\svchost.exe -k netsvcs [21-01-2008 07:53 21504]
    S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\System32\drivers\sffp_mmc.sys [02-11-2006 14:21 12288]
    S3 SLUINotify;SL UI Notification Service;c:\windows\system32\svchost.exe -k LocalService [21-01-2008 07:53 21504]
    S3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe -k LocalService [21-01-2008 07:53 21504]
    S3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [11-04-2009 18:48 39424]
    S3 tssecsrv;Terminal Services Security Filter Driver;c:\windows\System32\drivers\tssecsrv.sys [21-01-2008 07:54 23552]
    S3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;c:\windows\System32\drivers\tunnel.sys [24-06-2010 21:22 25088]
    S3 UI0Detect;Interactive Services Detection;c:\windows\System32\UI0Detect.exe [21-01-2008 07:54 35840]
    S3 uliagpkx;Uli AGP Bus Filter;c:\windows\System32\drivers\ULIAGPKX.SYS [02-11-2006 14:05 60984]
    S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [28-06-2010 13:08 722288]
    S3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe -k LocalService [21-01-2008 07:53 21504]
    S3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe -k wcssvc [21-01-2008 07:53 21504]
    S3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe -k wdisvc [21-01-2008 07:53 21504]
    S3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe -k NetworkService [21-01-2008 07:53 21504]
    S3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe -k netsvcs [21-01-2008 07:53 21504]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe -k NetworkService [21-01-2008 07:53 21504]
    S3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [21-01-2008 07:53 21504]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-03-2010 13:16 753504]
    S4 adp94xx;adp94xx;c:\windows\System32\drivers\adp94xx.sys [02-11-2006 13:06 422968]
    S4 adpahci;adpahci;c:\windows\System32\drivers\adpahci.sys [02-11-2006 13:06 300600]
    S4 arcsas;arcsas;c:\windows\System32\drivers\arcsas.sys [02-11-2006 13:06 79928]
    S4 blbdrive;blbdrive;c:\windows\System32\drivers\blbdrive.sys [21-01-2008 08:41 45568]
    S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\drivers\BrSerId.sys [02-11-2006 14:52 71808]
    S4 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\drivers\BrSerWdm.sys [02-11-2006 15:06 62336]
    S4 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\drivers\BrUsbMdm.sys [02-11-2006 15:07 12160]
    S4 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe -k netsvcs [21-01-2008 07:53 21504]
    S4 circlass;Consumer IR Devices;c:\windows\System32\drivers\circlass.sys [02-11-2006 14:25 35328]
    S4 Crusoe;Transmeta Crusoe Processor Driver;c:\windows\System32\drivers\crusoe.sys [02-11-2006 14:00 40960]
    S4 DFSR;DFS Replication;c:\windows\System32\dfsr.exe [11-04-2009 18:48 2092544]
    S4 elxstor;elxstor;c:\windows\System32\drivers\elxstor.sys [02-11-2006 13:06 342584]
    S4 HpCISSs;HpCISSs;c:\windows\System32\drivers\HpCISSs.sys [02-11-2006 13:06 69096]
    S4 iaStorV;Intel RAID Controller Vista;c:\windows\System32\drivers\iaStorV.sys [02-11-2006 13:06 235064]
    S4 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe -k NetSvcs [21-01-2008 07:53 21504]
    S4 IPMIDRV;IPMIDRV;c:\windows\System32\drivers\IPMIDrv.sys [02-11-2006 14:12 64512]
    S4 iteraid;ITERAID_Service_Install;c:\windows\System32\drivers\iteraid.sys [02-11-2006 13:06 35944]
    S4 LSI_FC;LSI_FC;c:\windows\System32\drivers\lsi_fc.sys [02-11-2006 13:06 96312]
    S4 LSI_SAS;LSI_SAS;c:\windows\System32\drivers\lsi_sas.sys [02-11-2006 13:06 89656]
    S4 LSI_SCSI;LSI_SCSI;c:\windows\System32\drivers\lsi_scsi.sys [21-01-2008 07:53 96312]
    S4 Mcx2Svc;Windows Media Center Extender Service;c:\windows\system32\svchost.exe -k LocalService [21-01-2008 07:53 21504]
    S4 megasas;megasas;c:\windows\System32\drivers\megasas.sys [02-11-2006 13:06 31288]
    S4 mpio;Microsoft Multi-Path Bus Driver;c:\windows\System32\drivers\mpio.sys [02-11-2006 14:22 107496]
    S4 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [21-01-2008 07:53 21504]
    S4 msahci;msahci;c:\windows\System32\drivers\msahci.sys [02-11-2006 14:21 27112]
    S4 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\System32\drivers\msdsm.sys [02-11-2006 14:22 93160]
    S4 nfrd960;nfrd960;c:\windows\System32\drivers\nfrd960.sys [02-11-2006 13:06 45160]
    S4 ntrigdigi;N-trig HID Tablet Driver;c:\windows\System32\drivers\ntrigdigi.sys [02-11-2006 13:06 20608]
    S4 nvstor;nvstor;c:\windows\System32\drivers\nvstor.sys [02-11-2006 13:06 45112]
    S4 ql2300;QLogic Fibre Channel Miniport Driver;c:\windows\System32\drivers\ql2300.sys [02-11-2006 13:06 1122360]
    S4 ql40xx;QLogic iSCSI Miniport Driver;c:\windows\System32\drivers\ql40xx.sys [02-11-2006 13:06 106088]
    S4 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe -k netsvcs [21-01-2008 07:53 21504]
    S4 SiSRaid4;SiSRaid4;c:\windows\System32\drivers\sisraid4.sys [02-11-2006 13:06 74808]
    S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [26-06-2010 23:32 691696]
    S4 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21-01-2008 07:53 21504]
    S4 uliahci;uliahci;c:\windows\System32\drivers\uliahci.sys [02-11-2006 13:06 238648]
    S4 ulsata2;ulsata2;c:\windows\System32\drivers\ulsata2.sys [02-11-2006 13:06 115816]
    S4 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\System32\drivers\usbcir.sys [02-11-2006 14:25 68608]
    S4 ViaC7;VIA C7 Processor Driver;c:\windows\System32\drivers\viac7.sys [02-11-2006 14:00 41472]
    S4 vsmraid;vsmraid;c:\windows\System32\drivers\vsmraid.sys [02-11-2006 13:06 130616]
    S4 WacomPen;Wacom Serial Pen HID Driver;c:\windows\System32\drivers\wacompen.sys [02-11-2006 14:22 20608]
    S4 Wd;Microsoft Watchdog Timer Driver;c:\windows\System32\drivers\wd.sys [02-11-2006 14:24 22072]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc ehstart
    WerSvcGroup REG_MULTI_SZ wersvc
    swprv REG_MULTI_SZ swprv
    regsvc REG_MULTI_SZ RemoteRegistry
    wcssvc REG_MULTI_SZ WcsPlugInService
    DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch
    wdisvc REG_MULTI_SZ WdiServiceHost
    sdrsvc REG_MULTI_SZ sdrsvc
    secsvcs REG_MULTI_SZ WinDefend
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    GPSvcGroup REG_MULTI_SZ GPSvc

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    AeLookupSvc
    wercplsupport
    CertPropSvc
    SCPolicySvc
    gpsvc
    IKEEXT
    LogonHours
    PCAudit
    iphlpsvc
    AppInfo
    msiscsi
    MMCSS
    ProfSvc
    EapHost
    SessionEnv

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    2009-09-10 14:58 310784 ----a-w- c:\windows\System32\unregmp2.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 10:43]

    2010-07-02 c:\windows\Tasks\AWC AutoSweep.job
    - c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-06-23 08:41]

    2010-07-02 c:\windows\Tasks\AWC Startup.job
    - c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-06-23 07:44]

    2010-07-01 c:\windows\Tasks\AWC Update.job
    - c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-06-23 11:50]

    2010-07-02 c:\windows\Tasks\DriverCure Startup.job
    - c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-02-27 06:30]

    2010-06-29 c:\windows\Tasks\DriverCure.job
    - c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-02-27 06:30]

    2010-07-02 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2010-06-30 05:44]

    2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-22 06:14]

    2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-22 06:14]

    2010-07-01 c:\windows\Tasks\ParetoLogic Registration.job
    - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

    2010-07-01 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]

    2010-06-24 c:\windows\Tasks\ParetoLogic Update Version2.job
    - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

    2010-06-22 c:\windows\Tasks\ParetoLogic Update Version3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2010-04-06 21:30]

    2010-07-01 c:\windows\Tasks\RegCure Program Check.job
    - c:\program files\RegCure\RegCure.exe [2010-05-19 07:15]

    2010-06-22 c:\windows\Tasks\RegCure.job
    - c:\program files\RegCure\RegCure.exe [2010-05-19 07:15]

    2010-06-23 c:\windows\Tasks\SmartDefrag.job
    - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-06-23 07:27]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.orbitdownloader.com
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-sacsvr



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-02 11:03
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2010-07-02 11:09:24
    ComboFix-quarantined-files.txt 2010-07-02 05:39

    Pre-Run: 138,053,484,544 bytes free
    Post-Run: 138,619,809,792 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
    - - End Of File - - 413BC94C81637E7AEE7BA8C76305055C
     
  4. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    you need to let combofix install the recovery console

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    Save this as CFScript.txt, in the same location as ComboFix.exe


    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
     
  5. leo92

    leo92 Thread Starter

    Joined:
    Jun 30, 2010
    Messages:
    17
    here is the log:

    ComboFix 10-07-01.02 - SACHIN 03-07-2010 14:51:40.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.91.1033.18.2046.1122 [GMT 5.5:30]
    Running from: c:\users\SACHIN\Desktop\ComboFix.exe
    Command switches used :: c:\users\SACHIN\Desktop\CFScript.txt
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys

    c:\windows\system32\srsvc.dll . . . is infected!!

    c:\windows\System32\srsvc.dll . . . is missing!!

    c:\windows\System32\wscntfy.exe . . . is missing!!

    c:\windows\System32\xmlprov.dll . . . is missing!!

    c:\windows\System32\eventlog.dll . . . is missing!!

    c:\windows\System32\sfcfiles.dll . . . is missing!!

    .
    ((((((((((((((((((((((((( Files Created from 2010-06-03 to 2010-07-03 )))))))))))))))))))))))))))))))
    .

    2010-07-03 09:18 . 2008-01-21 02:23 6144 ----a-w- c:\windows\system32\drivers\beep.sys
    2010-07-03 05:13 . 2010-07-03 05:19 -------- d-----w- c:\windows\$regcmp$
    2010-07-01 17:44 . 2010-07-01 17:57 -------- d-----w- c:\program files\Need for Speed Carbon
    2010-07-01 15:26 . 2010-07-01 15:26 -------- d-----w- c:\program files\uTorrent
    2010-07-01 15:25 . 2010-07-01 15:31 -------- d-----w- c:\users\SACHIN\AppData\Roaming\uTorrent
    2010-07-01 14:03 . 2010-05-17 17:23 6630912 ----a-w- c:\windows\system32\drivers\NETw5v32.sys
    2010-07-01 10:54 . 2010-07-01 10:47 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-07-01 10:47 . 2010-07-01 10:47 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-07-01 10:36 . 2010-07-01 10:36 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    2010-07-01 10:36 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
    2010-07-01 10:35 . 2010-07-01 10:39 -------- d-----w- c:\programdata\Lavasoft
    2010-07-01 10:35 . 2010-07-01 10:36 -------- d-----w- c:\program files\Lavasoft
    2010-07-01 08:13 . 2010-07-01 08:13 1152 ----a-w- c:\windows\system32\windrv.sys
    2010-07-01 08:00 . 2010-07-01 08:00 -------- d-----w- c:\users\SACHIN\AppData\Roaming\CleanMyPC Software
    2010-07-01 08:00 . 2010-07-01 08:00 -------- d-----w- c:\program files\CleanMyPC
    2010-06-30 08:28 . 2010-06-30 08:28 0 ----a-w- c:\windows\ativpsrm.bin
    2010-06-30 08:04 . 2008-06-02 22:04 262144 ----a-w- c:\windows\system32\Oemdspif.dll
    2010-06-30 08:04 . 2008-06-02 21:18 10043392 ----a-w- c:\windows\system32\atioglxx.dll
    2010-06-30 08:04 . 2008-06-03 00:52 3695104 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2010-06-30 08:04 . 2008-04-28 15:39 172033 ----a-w- c:\windows\system32\atiicdxx.dat
    2010-06-30 08:04 . 2008-03-05 19:08 90112 ----a-w- c:\windows\system32\atibrtmon.exe
    2010-06-30 08:04 . 2008-06-02 21:19 32256 ----a-w- c:\windows\system32\atiadlxx.dll
    2010-06-30 08:04 . 2008-06-02 21:04 49152 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2010-06-30 08:04 . 2008-06-02 21:20 49664 ----a-w- c:\windows\system32\amdpcom32.dll
    2010-06-30 07:42 . 2010-06-30 07:42 -------- d-----w- c:\program files\Trend Micro
    2010-06-30 07:15 . 2007-11-16 15:31 818688 ----a-w- c:\windows\system32\drivers\ti21sony.sys
    2010-06-30 06:25 . 2010-06-30 06:25 -------- d-----w- c:\users\SACHIN\AppData\Roaming\Malwarebytes
    2010-06-30 06:25 . 2010-04-29 10:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-06-30 06:25 . 2010-04-29 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-06-30 06:25 . 2010-06-30 06:25 -------- d-----w- c:\programdata\Malwarebytes
    2010-06-30 06:25 . 2010-06-30 07:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-06-30 05:17 . 2010-06-30 05:17 -------- d-----w- c:\users\SACHIN\AppData\Roaming\GlarySoft
    2010-06-30 05:14 . 2010-06-30 05:14 -------- d-----w- c:\program files\Glary Utilities
    2010-06-30 04:50 . 2010-06-30 04:50 -------- d-----w- c:\program files\Sophos
    2010-06-30 04:17 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
    2010-06-29 14:40 . 2010-06-29 14:40 -------- dc----w- c:\programdata\{9DF77379-A83D-46CF-968D-03CBC652096D}
    2010-06-29 09:56 . 2010-05-21 08:44 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-06-29 09:52 . 2010-06-29 09:52 -------- d-----w- c:\program files\Microsoft.NET
    2010-06-29 09:49 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
    2010-06-29 09:23 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
    2010-06-29 07:52 . 2010-06-29 07:53 477184 ----a-w- c:\users\SACHIN\AppData\Roaming\Xilisoft\DVD Creator 6\x-dvd-creator6.exe
    2010-06-29 07:36 . 2010-06-29 07:36 -------- d-----w- c:\users\SACHIN\AppData\Roaming\Publish Providers
    2010-06-29 07:32 . 2010-06-29 07:32 -------- d-----w- c:\users\SACHIN\AppData\Local\Sony
    2010-06-29 07:26 . 2010-06-29 07:26 -------- d-----w- c:\programdata\Sony
    2010-06-29 07:23 . 2010-06-29 15:34 -------- d-----w- c:\users\SACHIN\AppData\Roaming\Sony
    2010-06-29 06:50 . 2010-05-31 06:13 252008 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
    2010-06-29 06:50 . 2009-12-03 11:57 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
    2010-06-29 06:40 . 2010-06-29 06:42 2869784 ----a-w- c:\users\SACHIN\AppData\Roaming\Easeware\DriverEasy\drivers\1yjj4fol.do2\INF_allOS_9.1.2.1007_PV.exe
    2010-06-29 05:20 . 2010-07-03 07:44 -------- d-----w- c:\users\SACHIN\AppData\Roaming\Media Player Classic
    2010-06-29 04:57 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
    2010-06-29 04:57 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
    2010-06-29 04:57 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-06-29 04:57 . 2010-06-02 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-06-29 04:57 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
    2010-06-29 04:57 . 2010-06-29 04:57 -------- d-----w- c:\program files\K-Lite Codec Pack
    2010-06-28 19:34 . 2010-06-29 04:54 -------- d-----w- c:\programdata\VistaCodecs
    2010-06-28 19:01 . 2010-06-28 19:01 -------- d-----w- c:\programdata\Apple Computer
    2010-06-28 18:53 . 2010-06-28 18:53 36864 ----a-w- c:\programdata\Temp\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\PostBuild.exe
    2010-06-28 18:52 . 2009-11-02 08:47 34088 ----a-w- c:\programdata\CyberLink\Power2Go\P2GoGadget.dll
    2010-06-28 18:48 . 2010-06-28 18:48 53319 ----a-w- c:\programdata\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
    2010-06-28 13:04 . 2010-06-28 13:04 -------- d-----w- c:\users\SACHIN\AppData\Local\Ares
    2010-06-28 13:03 . 2010-06-28 13:11 -------- d-----w- c:\program files\Ares
    2010-06-28 12:46 . 2010-06-28 12:46 -------- d-----w- c:\users\SACHIN\AppData\Local\Xilisoft
    2010-06-28 12:46 . 2010-06-28 12:46 -------- d-----w- c:\users\SACHIN\AppData\Roaming\Xilisoft
    2010-06-28 12:44 . 2010-06-28 12:44 -------- d-----w- c:\program files\Xilisoft
    2010-06-28 07:32 . 2010-06-28 07:32 -------- d-----w- c:\users\SACHIN\AppData\Roaming\InstallShield
    2010-06-28 07:19 . 2010-06-28 07:29 -------- d-----w- c:\program files\Bitcomet Ultra Accelerator
    2010-06-28 04:49 . 2010-06-28 04:49 -------- d-----w- c:\program files\Windows Portable Devices
    2010-06-28 04:44 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
    2010-06-28 04:44 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
    2010-06-28 04:44 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
    2010-06-28 04:44 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
    2010-06-28 04:44 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
    2010-06-28 04:44 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
    2010-06-28 04:44 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
    2010-06-28 04:44 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
    2010-06-28 04:44 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
    2010-06-28 04:44 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
    2010-06-28 04:44 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
    2010-06-28 04:44 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
    2010-06-28 04:43 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2010-06-28 04:43 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2010-06-28 04:43 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
    2010-06-27 05:18 . 2010-06-27 05:18 -------- d-----w- c:\users\SACHIN\Cyberlink
    2010-06-27 03:59 . 2010-06-27 03:59 -------- d-----w- c:\users\SACHIN\AppData\Local\Power2Go
    2010-06-26 19:09 . 2010-06-26 19:09 -------- d-----w- c:\program files\LimeWire Ultra Accelerator
    2010-06-26 18:37 . 2010-06-28 04:34 -------- d-----w- c:\users\Public\CyberLink
    2010-06-26 18:36 . 2010-06-28 19:13 53319 ----a-w- c:\programdata\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
    2010-06-26 18:33 . 2010-06-28 19:09 53319 ----a-w- c:\programdata\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
    2010-06-26 18:32 . 2010-06-28 19:08 36864 ----a-w- c:\programdata\Temp\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe
    2010-06-26 18:31 . 2010-06-28 19:06 36864 ----a-w- c:\programdata\Temp\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
    2010-06-26 18:30 . 2010-06-26 18:30 -------- d-----w- c:\program files\Common Files\CyberLink
    2010-06-26 18:29 . 2010-06-28 19:03 53319 ----a-w- c:\programdata\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
    2010-06-26 18:27 . 2010-06-26 18:27 -------- d-----w- c:\users\SACHIN\AppData\Local\Apple
    2010-06-26 18:27 . 2010-06-26 18:27 -------- d-----w- c:\program files\Apple Software Update
    2010-06-26 18:27 . 2010-06-26 18:27 -------- d-----w- c:\programdata\Apple
    2010-06-26 18:22 . 2010-06-28 18:57 36864 ----a-w- c:\programdata\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
    2010-06-26 18:21 . 2010-06-28 18:53 36864 ----a-w- c:\programdata\Temp\{ADD5DB49-72CF-11D8-9D75-000129760D75}\PostBuild.exe
    2010-06-26 18:19 . 2010-06-28 18:51 36864 ----a-w- c:\programdata\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
    2010-06-26 18:19 . 2010-06-28 18:26 -------- d-----w- c:\users\SACHIN\AppData\Roaming\CyberLink
    2010-06-26 18:19 . 2010-06-28 19:13 -------- d-----w- c:\users\SACHIN\AppData\Local\Cyberlink
    2010-06-26 18:16 . 2010-06-28 18:49 36864 ----a-w- c:\programdata\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
    2010-06-26 18:16 . 2010-06-28 19:13 -------- d-----w- c:\program files\CyberLink
    2010-06-26 18:15 . 2010-06-28 19:36 -------- d-----w- c:\programdata\CyberLink
    2010-06-26 18:11 . 2010-06-28 18:46 53319 ----a-w- c:\programdata\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
    2010-06-26 18:02 . 2010-06-26 18:02 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-06-26 18:01 . 2010-06-26 18:02 -------- d-----w- c:\program files\DAEMON Tools Lite
    2010-06-26 18:01 . 2010-06-26 18:10 -------- d-----w- c:\users\SACHIN\AppData\Roaming\DAEMON Tools Lite
    2010-06-26 18:01 . 2010-06-26 18:01 -------- d-----w- c:\programdata\DAEMON Tools Lite
    2010-06-26 17:37 . 2010-06-26 17:52 -------- d-----w- c:\program files\ZC DVD Creator Platinum
    2010-06-26 17:02 . 2010-06-26 17:06 -------- d-----w- c:\users\SACHIN\AppData\Roaming\Ulead Systems
    2010-06-26 16:55 . 2002-03-16 20:30 7420 ----a-w- c:\windows\UA000104.DLL
    2010-06-26 16:54 . 2010-06-29 09:51 -------- d--h--w- c:\windows\msdownld.tmp
    2010-06-26 16:54 . 2010-06-26 16:54 -------- d-----w- c:\program files\Windows Media Components
    2010-06-26 16:53 . 2010-06-26 16:53 -------- d-----w- c:\program files\Common Files\LightScribe
    2010-06-26 16:51 . 2010-06-26 17:02 -------- d-----w- c:\programdata\Ulead Systems
    2010-06-26 16:51 . 2010-06-26 16:51 -------- d-----w- c:\program files\Corel
    2010-06-26 15:28 . 2010-06-26 15:28 -------- d-----w- c:\windows\tiinst
    2010-06-26 15:28 . 2010-06-26 15:28 -------- d-----w- C:\Dell
    2010-06-26 14:04 . 2010-06-26 14:04 274472 ----a-w- c:\windows\system32\drivers\btwampfl.sys
    2010-06-26 12:59 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2010-06-26 12:59 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2010-06-26 12:58 . 2010-06-26 14:02 68070224 ----a-w- c:\users\SACHIN\AppData\Roaming\Easeware\DriverEasy\drivers\yoqvili5.cht\setupBTW_6.3.0.3102_DELL_BY_514_517.exe
    2010-06-26 12:58 . 2010-01-21 10:36 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2010-06-26 12:58 . 2010-01-21 10:36 230448 ----a-w- c:\windows\system32\drivers\SynTP.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-01 11:03 . 2010-07-01 11:00 -------- d-----w- c:\program files\Spyware Doctor
    2010-07-01 11:01 . 2010-07-01 11:00 -------- d-----w- c:\program files\Common Files\PC Tools
    2010-07-01 11:00 . 2010-07-01 11:00 -------- d-----w- c:\users\SACHIN\AppData\Roaming\PC Tools
    2010-07-01 11:00 . 2010-07-01 11:00 -------- d-----w- c:\programdata\PC Tools
    2010-06-28 19:03 . 2009-10-14 07:30 505128 ----a-w- c:\windows\system32\msvcp71.dll
    2010-06-28 19:03 . 2009-01-08 07:43 353576 ----a-w- c:\windows\system32\msvcr71.dll
    2010-06-28 04:49 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2010-06-28 04:48 . 2010-06-28 04:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2010-06-26 15:28 . 2010-06-26 15:21 -------- d--h--w- c:\program files\Temp
    2010-06-26 13:00 . 2010-06-26 13:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
    2010-06-26 13:00 . 2010-06-26 13:00 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    2010-06-25 13:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-06-21 14:44 . 2010-06-21 14:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2010-05-04 05:59 . 2010-06-29 09:50 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-04 05:55 . 2010-06-29 09:50 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-05-04 05:55 . 2010-06-29 09:50 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-05-04 04:31 . 2010-06-29 09:50 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-04-30 11:55 . 2010-06-26 15:21 1775136 ----a-w- c:\windows\system32\RtkPgExt.dll
    2010-04-30 11:54 . 2010-06-26 15:21 367136 ----a-w- c:\windows\system32\RtkApoApi.dll
    2010-04-30 11:29 . 2010-06-26 15:21 3086752 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
    2010-04-27 15:21 . 2010-06-26 15:21 1738072 ----a-w- c:\windows\system32\WavesGUILib.dll
    2010-04-27 15:21 . 2010-06-26 15:21 253272 ----a-w- c:\windows\system32\MaxxVolumeSDAPO.dll
    2010-04-27 15:21 . 2010-06-26 15:21 253784 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll
    2010-04-27 15:21 . 2010-06-26 15:21 1312088 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
    2010-04-27 08:20 . 2010-06-26 15:21 299424 ----a-w- c:\windows\system32\FMAPO.dll
    2010-04-16 16:43 . 2010-06-24 15:52 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
    2010-04-16 16:43 . 2010-06-24 15:52 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
    2010-04-16 16:43 . 2010-06-24 15:52 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
    2010-04-16 16:43 . 2010-06-24 15:52 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
    2010-04-14 12:25 . 2010-06-26 15:21 232792 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
    2010-04-08 08:59 . 2010-07-01 11:00 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
    "Registry Cleaner Scheduler"="c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2008-03-02 913664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-05-28 415864]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-21 1594664]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-30 9210400]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2010-04-30 1833504]
    "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
    "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
    "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
    "BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2009-09-01 75048]

    c:\users\SACHIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-6-1 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bitcomet Ultra Accelerator.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bitcomet Ultra Accelerator.lnk
    backup=c:\windows\pss\Bitcomet Ultra Accelerator.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
    backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
    2010-02-08 14:51 1015808 ----a-w- c:\program files\Ares\Ares.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
    2010-05-28 08:55 3085104 ----a-w- c:\program files\BitComet\BitComet.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):62,22,80,d4,a9,ba,c9,01

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-22 136176]
    R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-28 904192]
    R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-26 274472]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-12-02 29472]
    R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
    R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-04-15 722288]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-06-26 691696]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
    S1 aswSP;aswSP; [x]
    S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/06/29 00:35];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-09-01 11:29 87536]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
    S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
    S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-01 1352832]
    S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-05-17 6630912]
    S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2008-03-25 73472]
    S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2008-03-25 43904]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-25 9344]
    S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-11-16 818688]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    kvxqiwfj
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 10:43]

    2010-07-03 c:\windows\Tasks\AWC AutoSweep.job
    - c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-06-23 08:41]

    2010-07-03 c:\windows\Tasks\AWC Startup.job
    - c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-06-23 07:44]

    2010-07-03 c:\windows\Tasks\DriverCure Startup.job
    - c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-02-27 06:30]

    2010-06-29 c:\windows\Tasks\DriverCure.job
    - c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-02-27 06:30]

    2010-07-03 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2010-06-30 05:44]

    2010-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-22 06:14]

    2010-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-22 06:14]

    2010-07-02 c:\windows\Tasks\ParetoLogic Registration.job
    - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

    2010-07-02 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]

    2010-06-24 c:\windows\Tasks\ParetoLogic Update Version2.job
    - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

    2010-06-22 c:\windows\Tasks\ParetoLogic Update Version3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2010-04-06 21:30]

    2010-07-01 c:\windows\Tasks\RegCure Program Check.job
    - c:\program files\RegCure\RegCure.exe [2010-05-19 07:15]

    2010-06-22 c:\windows\Tasks\RegCure.job
    - c:\program files\RegCure\RegCure.exe [2010-05-19 07:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.orbitdownloader.com
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    .

    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(3520)
    c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
    c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\CyberLink\Shared files\RichVideo.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
    c:\program files\Sony\VAIO Update 5\VAIOUpdt.exe
    c:\program files\Alwil Software\Avast5\AvastUI.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Synaptics\SynTP\SynTPHelper.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    c:\windows\servicing\TrustedInstaller.exe
    c:\windows\system32\NOTEPAD.EXE
    .
    **************************************************************************
    .
    Completion time: 2010-07-03 15:08:03 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-07-03 09:38
    ComboFix2.txt 2010-07-02 05:39

    Pre-Run: 138,062,667,776 bytes free
    Post-Run: 137,661,628,416 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5,6,7,8,9,10,11
    - - End Of File - - 7FD9F6FB90EB6879D2C54833A5BF7315
     
  6. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in

      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32 /all
      %SYSTEMDRIVE%\*.*
      %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\system32\*.exe /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\user32.dll /md5
      %systemroot%\system32\ws2_32.dll /md5
      %systemroot%\system32\*.wt
      %systemroot%\system32\*.ruy
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
      CREATERESTOREPOINT
      %PROGRAMFILES%\*.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      /md5start
      srsvc.*
      wscntfy.*
      xmlprov.*
      eventlog.*
      sfcfiles.*
      /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
     
  7. leo92

    leo92 Thread Starter

    Joined:
    Jun 30, 2010
    Messages:
    17
    Sorry for the late reply my net was down in INDIA.

    Here is the OTL.txt:

    OTL logfile created on: 05-07-2010 12:20:30 - Run 1
    OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\SACHIN\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18928)
    Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.94 Gb Total Space | 127.61 Gb Free Space | 57.24% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: SACHIN-PC
    Current User Name: SACHIN
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010-07-05 12:16:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\SACHIN\Downloads\OTL.exe
    PRC - [2010-06-30 12:42:31 | 000,008,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\CometBird\plugin-container.exe
    PRC - [2010-06-30 12:42:11 | 000,116,024 | ---- | M] (CometNetwork) -- C:\Program Files\CometBird\CometBird.exe
    PRC - [2010-06-29 02:27:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010-06-29 02:27:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010-06-11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
    PRC - [2010-04-15 13:13:18 | 001,459,568 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
    PRC - [2010-01-22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    PRC - [2009-11-02 14:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
    PRC - [2009-10-02 17:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
    PRC - [2009-09-01 21:30:11 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared files\brs.exe
    PRC - [2009-07-06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
    PRC - [2009-04-11 18:48:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008-03-02 22:18:08 | 000,913,664 | ---- | M] (CleanMyPC Software) -- C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
    PRC - [2008-01-21 07:53:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2007-06-15 12:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe


    ========== Modules (SafeList) ==========

    MOD - [2010-07-05 12:16:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\SACHIN\Downloads\OTL.exe
    MOD - [2009-04-11 18:48:14 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
    MOD - [2008-01-21 07:54:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Windows\System32\xmlprov.dll -- (xmlprov)
    SRV - File not found [On_Demand | Stopped] -- C:\Windows\System32\ups.exe -- (UPS)
    SRV - File not found [Auto | Stopped] -- C:\Windows\System32\ersvc.dll -- (ERSvc)
    SRV - File not found [On_Demand | Stopped] -- C:\Windows\System32\cisvc.exe -- (CiSvc)
    SRV - [2010-07-01 16:13:41 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2010-06-29 02:27:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010-06-29 02:27:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010-06-29 02:27:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010-06-11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
    SRV - [2010-04-15 13:13:18 | 000,722,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
    SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010-03-15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
    SRV - [2010-03-11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
    SRV - [2010-01-22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
    SRV - [2009-10-02 17:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV - [2009-09-25 06:57:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2008-01-21 07:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010-06-29 02:07:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010-06-29 02:07:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010-06-29 02:03:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010-06-29 02:02:56 | 000,050,256 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2010-06-29 02:02:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010-06-26 23:32:03 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
    DRV - [2010-06-26 19:34:00 | 000,274,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwampfl.sys -- (btwampfl)
    DRV - [2010-06-26 16:45:23 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV - [2010-05-31 11:43:16 | 000,252,008 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2010-05-17 22:53:06 | 006,630,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
    DRV - [2010-04-30 16:59:12 | 003,086,752 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2010-03-29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2010-01-21 16:06:18 | 000,230,448 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2009-12-02 13:11:04 | 000,018,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
    DRV - [2009-12-02 13:11:02 | 000,108,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
    DRV - [2009-12-02 13:11:02 | 000,086,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
    DRV - [2009-12-02 13:11:02 | 000,029,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
    DRV - [2009-09-01 16:59:44 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/06/29 00:35:09] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
    DRV - [2009-06-19 16:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
    DRV - [2009-04-11 18:48:32 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
    DRV - [2009-04-11 18:48:01 | 000,069,096 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008-07-29 04:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
    DRV - [2008-06-03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2008-03-25 11:41:00 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
    DRV - [2008-03-25 11:27:18 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
    DRV - [2008-03-25 11:27:16 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
    DRV - [2008-01-21 07:53:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008-01-21 07:53:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008-01-21 07:53:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008-01-21 07:53:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008-01-21 07:53:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008-01-21 07:53:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008-01-21 07:53:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008-01-21 07:53:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008-01-21 07:53:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008-01-21 07:53:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008-01-21 07:53:23 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
    DRV - [2008-01-21 07:53:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008-01-21 07:53:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008-01-21 07:53:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008-01-21 07:53:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008-01-21 07:53:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008-01-21 07:53:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008-01-21 07:53:22 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
    DRV - [2008-01-21 07:53:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008-01-21 07:53:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
    DRV - [2008-01-21 07:53:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008-01-21 07:53:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008-01-21 07:53:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008-01-21 07:53:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008-01-21 07:53:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008-01-21 07:53:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008-01-21 07:53:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2007-11-28 14:35:02 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
    DRV - [2007-11-16 21:01:54 | 000,818,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
    DRV - [2007-01-31 19:03:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
    DRV - [2007-01-18 17:30:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\AvgArCln.sys -- (AvgArCln)
    DRV - [2006-11-02 15:20:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006-11-02 15:20:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006-11-02 15:20:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006-11-02 15:20:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006-11-02 15:20:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006-11-02 15:20:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006-11-02 15:20:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006-11-02 15:20:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006-11-02 15:20:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006-11-02 15:19:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006-11-02 15:19:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006-11-02 13:55:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006-11-02 13:54:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006-11-02 13:54:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006-11-02 13:54:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006-11-02 13:54:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006-11-02 13:54:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006-11-02 13:06:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2004-12-17 16:14:44 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    [2010-06-22 11:17:21 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\Mozilla\Extensions

    O1 HOSTS File: ([2010-07-03 15:02:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
    O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.4.13.dll (BitComet)
    O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
    O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
    O4 - HKCU..\Run: [Registry Cleaner Scheduler] C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe (CleanMyPC Software)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.4.13.dll (BitComet)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 124.124.5.141 124.124.5.140
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010-06-26 16:46:43 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - C:\Windows\System32\ntmssvc.dll File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - C:\Windows\System32\srsvc.dll File not found
    NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: uploadmgr - File not found
    NetSvcs: kvxqiwfj - File not found

    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bitcomet Ultra Accelerator.lnk - C:\Program Files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe - (TrafficSpeeders LLC)
    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
    MsConfig - StartUpReg: ares - hkey= - key= - C:\Program Files\Ares\Ares.exe (Ares Development Group)
    MsConfig - StartUpReg: BitComet - hkey= - key= - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    MsConfig - State: "startup" - 2

    SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
    SafeBootMin: NTDS - File not found
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
    SafeBootNet: Messenger - Service
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: NTDS - File not found
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: rdsessmgr - Service
    SafeBootNet: sacsvr - Service
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootNet: WudfPf - Driver
    SafeBootNet: WudfUsbccidDriver - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
    Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
    Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
    Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 90 Days ==========

    [2010-07-03 15:02:15 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2010-07-03 15:00:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010-07-03 14:45:32 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2010-07-03 14:45:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010-07-03 10:43:34 | 000,000,000 | ---D | C] -- C:\Windows\$regcmp$
    [2010-07-02 10:37:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010-07-02 10:37:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010-07-02 10:37:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010-07-02 10:36:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010-07-02 10:33:32 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010-07-01 23:28:55 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\Documents\NFS Carbon
    [2010-07-01 23:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\Need for Speed Carbon
    [2010-07-01 20:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
    [2010-07-01 20:55:25 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\uTorrent
    [2010-07-01 16:30:57 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
    [2010-07-01 16:30:56 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
    [2010-07-01 16:30:56 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
    [2010-07-01 16:30:28 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
    [2010-07-01 16:30:28 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
    [2010-07-01 16:30:24 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
    [2010-07-01 16:30:24 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
    [2010-07-01 16:30:17 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
    [2010-07-01 16:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
    [2010-07-01 16:30:05 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\PC Tools
    [2010-07-01 16:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2010-07-01 16:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2010-07-01 16:17:44 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2010-07-01 16:06:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    [2010-07-01 16:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2010-07-01 16:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2010-07-01 13:30:40 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\CleanMyPC Software
    [2010-07-01 13:30:36 | 000,000,000 | ---D | C] -- C:\Program Files\CleanMyPC
    [2010-06-30 13:34:14 | 000,262,144 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
    [2010-06-30 13:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010-06-30 12:45:02 | 000,818,688 | ---- | C] (Texas Instruments) -- C:\Windows\System32\drivers\ti21sony.sys
    [2010-06-30 11:55:24 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Malwarebytes
    [2010-06-30 11:55:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010-06-30 11:55:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010-06-30 11:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010-06-30 11:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010-06-30 10:47:17 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\GlarySoft
    [2010-06-30 10:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
    [2010-06-30 10:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
    [2010-06-30 09:47:37 | 000,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\Windows\System32\drivers\AvgArCln.sys
    [2010-06-30 09:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\GRISOFT
    [2010-06-29 20:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\{9DF77379-A83D-46CF-968D-03CBC652096D}
    [2010-06-29 15:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2010-06-29 14:53:29 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
    [2010-06-29 13:06:58 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Publish Providers
    [2010-06-29 13:02:39 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\Documents\Vegas Movie Studio HD Platinum 10.0 Projects
    [2010-06-29 13:02:39 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Sony
    [2010-06-29 12:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
    [2010-06-29 12:53:34 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Sony
    [2010-06-29 12:20:25 | 000,252,008 | ---- | C] (Realtek ) -- C:\Windows\System32\drivers\Rtlh86.sys
    [2010-06-29 10:50:01 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Media Player Classic
    [2010-06-29 10:27:03 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
    [2010-06-29 10:27:02 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
    [2010-06-29 10:27:02 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
    [2010-06-29 10:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
    [2010-06-29 01:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\VistaCodecs
    [2010-06-29 00:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
    [2010-06-28 18:34:02 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Ares
    [2010-06-28 18:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\Ares
    [2010-06-28 18:16:41 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Xilisoft
    [2010-06-28 18:16:37 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Xilisoft
    [2010-06-28 18:14:55 | 000,000,000 | ---D | C] -- C:\Program Files\Xilisoft
    [2010-06-28 13:02:51 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\InstallShield
    [2010-06-28 12:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bitcomet Ultra Accelerator
    [2010-06-28 10:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
    [2010-06-28 10:04:49 | 000,000,000 | -H-D | C] -- C:\Users\SACHIN\Documents\PDRMUSIC.TMP
    [2010-06-27 10:48:51 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\Documents\CyberLink
    [2010-06-27 10:48:50 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\Cyberlink
    [2010-06-27 09:29:54 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Power2Go
    [2010-06-27 00:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire Ultra Accelerator
    [2010-06-27 00:13:54 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2010-06-27 00:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
    [2010-06-26 23:57:30 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Apple
    [2010-06-26 23:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2010-06-26 23:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
    [2010-06-26 23:49:21 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\CyberLink
    [2010-06-26 23:49:19 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Cyberlink
    [2010-06-26 23:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
    [2010-06-26 23:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
    [2010-06-26 23:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
    [2010-06-26 23:32:02 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
    [2010-06-26 23:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
    [2010-06-26 23:31:17 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\DAEMON Tools Lite
    [2010-06-26 23:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
    [2010-06-26 23:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\ZC DVD Creator Platinum
    [2010-06-26 22:32:21 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\Documents\Corel DVD MovieFactory
    [2010-06-26 22:32:19 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Ulead Systems
    [2010-06-26 22:24:06 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
    [2010-06-26 22:24:05 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
    [2010-06-26 22:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
    [2010-06-26 22:23:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
    [2010-06-26 22:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
    [2010-06-26 22:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
    [2010-06-26 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\tiinst
    [2010-06-26 20:58:26 | 000,000,000 | ---D | C] -- C:\Dell
    [2010-06-26 20:51:50 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
    [2010-06-26 20:51:50 | 001,738,072 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
    [2010-06-26 20:51:50 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
    [2010-06-26 20:51:50 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
    [2010-06-26 20:51:50 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
    [2010-06-26 20:51:50 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
    [2010-06-26 20:51:43 | 000,357,576 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
    [2010-06-26 20:51:43 | 000,168,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
    [2010-06-26 20:51:43 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
    [2010-06-26 20:51:43 | 000,062,664 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
    [2010-06-26 20:51:42 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
    [2010-06-26 20:51:42 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
    [2010-06-26 20:51:41 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
    [2010-06-26 20:51:41 | 001,312,088 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
    [2010-06-26 20:51:41 | 000,253,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
    [2010-06-26 20:51:41 | 000,253,272 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
    [2010-06-26 20:51:41 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
    [2010-06-26 20:51:41 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
    [2010-06-26 20:51:38 | 001,131,280 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
    [2010-06-26 20:51:38 | 000,961,296 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
    [2010-06-26 20:51:38 | 000,427,792 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
    [2010-06-26 20:51:38 | 000,405,776 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
    [2010-06-26 20:51:38 | 000,299,424 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
    [2010-06-26 20:51:38 | 000,290,064 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
    [2010-06-26 20:51:38 | 000,223,504 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
    [2010-06-26 20:51:37 | 000,900,368 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
    [2010-06-26 20:51:37 | 000,448,272 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
    [2010-06-26 20:51:37 | 000,235,280 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
    [2010-06-26 20:51:37 | 000,103,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
    [2010-06-26 20:51:37 | 000,103,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
    [2010-06-26 20:51:37 | 000,102,160 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
    [2010-06-26 20:51:34 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
    [2010-06-26 18:28:50 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\Documents\DriverEasy
    [2010-06-26 18:28:15 | 000,230,448 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\drivers\SynTP.sys
    [2010-06-26 18:28:15 | 000,206,120 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynCtrl.dll
    [2010-06-26 18:28:15 | 000,161,064 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynTPAPI.dll
    [2010-06-26 18:28:15 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynTPCo4.dll
    [2010-06-26 17:51:20 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Broadcom
    [2010-06-26 17:51:20 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\Documents\Bluetooth Exchange Folder
    [2010-06-26 17:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\ThinkPad
    [2010-06-26 17:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
    [2010-06-26 17:41:18 | 000,000,000 | ---D | C] -- C:\DRIVERS
    [2010-06-26 17:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NtiDvdCopy
    [2010-06-26 16:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
    [2010-06-26 16:46:35 | 000,226,816 | ---- | C] (honest technology) -- C:\Windows\System32\htvcdsvcd.ax
    [2010-06-26 16:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NewTech Infosystems
    [2010-06-26 16:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\NewTech Infosystems
    [2010-06-26 16:45:23 | 000,006,144 | ---- | C] (NewTech Infosystems, Inc.) -- C:\Windows\System32\drivers\NTIDrvr.sys
    [2010-06-26 16:19:29 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Easeware
    [2010-06-26 16:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Easeware
    [2010-06-26 13:11:13 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\Documents\My Drivers
    [2010-06-26 13:11:13 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Innovative Solutions
    [2010-06-26 13:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
    [2010-06-26 13:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
    [2010-06-26 00:57:37 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Adobe
    [2010-06-26 00:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
    [2010-06-26 00:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2010-06-26 00:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2010-06-25 13:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2010-06-24 22:50:32 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\Desktop\Pazera_Video_Converters_Suite
    [2010-06-24 15:33:56 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\AVS4YOU
    [2010-06-24 15:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
    [2010-06-24 15:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
    [2010-06-24 15:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
    [2010-06-24 15:28:21 | 000,000,000 | ---D | C] -- C:\myyoutube
    [2010-06-24 15:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\1-Click YouTube Downloader
    [2010-06-24 15:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
    [2010-06-24 15:18:27 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\GrabPro
    [2010-06-24 15:18:25 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\OpenCandy
    [2010-06-24 15:18:18 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\OpenCandy
    [2010-06-24 15:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\Orbitdownloader
    [2010-06-24 15:18:16 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Orbit
    [2010-06-24 15:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
    [2010-06-24 11:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
    [2010-06-24 11:41:14 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\TigerPlayer
    [2010-06-24 11:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\MpcStar
    [2010-06-24 01:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010-06-24 01:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010-06-24 01:23:56 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\Documents\LimeWire
    [2010-06-24 01:23:43 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\LimeWire
    [2010-06-24 01:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2010-06-24 01:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
    [2010-06-24 00:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
    [2010-06-23 23:28:21 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\TuneUp Software
    [2010-06-23 23:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
    [2010-06-23 23:27:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
    [2010-06-23 23:24:59 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Google
    [2010-06-23 10:28:16 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\IObit
    [2010-06-23 10:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
    [2010-06-23 10:11:20 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Uniblue
    [2010-06-22 21:55:16 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\DAEMON Tools
    [2010-06-22 21:49:29 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\Desktop\Plants vs Zombies
    [2010-06-22 20:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
    [2010-06-22 14:54:35 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2010-06-22 13:46:01 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\Documents\DriverGenius
    [2010-06-22 13:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Driver-Soft
    [2010-06-22 13:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
    [2010-06-22 12:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Disk Cleaner
    [2010-06-22 12:34:42 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
    [2010-06-22 12:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
    [2010-06-22 12:33:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
    [2010-06-22 12:32:51 | 004,018,176 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    [2010-06-22 12:28:34 | 000,094,208 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\System32\RTNUninst32.dll
    [2010-06-22 12:28:30 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
    [2010-06-22 12:25:43 | 000,173,352 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynCOM.dll
    [2010-06-22 12:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
    [2010-06-22 12:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure
    [2010-06-22 12:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
    [2010-06-22 12:10:49 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\WinRAR
    [2010-06-22 12:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2010-06-22 12:01:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloads
    [2010-06-22 11:55:43 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\BitComet
    [2010-06-22 11:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\BitComet
    [2010-06-22 11:45:36 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\DriverCure
    [2010-06-22 11:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
    [2010-06-22 11:45:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
    [2010-06-22 11:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
    [2010-06-22 11:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverCure
    [2010-06-22 11:44:40 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Google
    [2010-06-22 11:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2010-06-22 11:44:38 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2010-06-22 11:44:38 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2010-06-22 11:44:36 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2010-06-22 11:44:34 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2010-06-22 11:44:30 | 000,050,256 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2010-06-22 11:43:33 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2010-06-22 11:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2010-06-22 11:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010-06-22 11:21:07 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Macromedia
    [2010-06-22 11:21:06 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Adobe
    [2010-06-22 11:20:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
    [2010-06-22 11:17:21 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Mozilla
    [2010-06-22 11:17:13 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\CometNetwork
    [2010-06-22 11:17:13 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\CometNetwork
    [2010-06-22 11:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\CometBird
    [2010-06-22 10:07:03 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Apps
    [2010-06-22 09:08:29 | 000,000,000 | ---D | C] -- C:\Windows\Panther
    [2010-06-22 08:37:20 | 000,000,000 | ---D | C] -- C:\Windows\Debug
    [2010-06-22 08:18:58 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2010-06-22 08:09:20 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2010-06-21 23:10:39 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\vlc
    [2010-06-21 22:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [2010-06-21 20:34:57 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Microsoft Games
    [2010-06-21 20:29:40 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\ATI
    [2010-06-21 20:29:40 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\ATI
    [2010-06-21 20:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2010-06-21 20:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
    [2010-06-21 20:22:37 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Sony Corporation
    [2010-06-21 20:22:34 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
    [2010-06-21 20:22:33 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
    [2010-06-21 20:22:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
    [2010-06-21 20:17:33 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
    [2010-06-21 20:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
    [2010-06-21 20:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
    [2010-06-21 20:16:48 | 000,327,680 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
    [2010-06-21 20:16:47 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
    [2010-06-21 20:14:48 | 000,073,472 | ---- | C] (Ricoh) -- C:\Windows\System32\drivers\R5U870FLx86.sys
    [2010-06-21 20:14:48 | 000,043,904 | ---- | C] (Ricoh) -- C:\Windows\System32\drivers\R5U870FUx86.sys
    [2010-06-21 20:12:21 | 000,000,000 | R--D | C] -- C:\Users\SACHIN\Searches
    [2010-06-21 20:12:08 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Identities
    [2010-06-21 20:12:05 | 000,000,000 | R--D | C] -- C:\Users\SACHIN\Contacts
    [2010-06-21 20:12:03 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\VirtualStore
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\AppData\Local\Temporary Internet Files
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\Templates
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\Start Menu
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\SendTo
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\Recent
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\PrintHood
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\NetHood
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\Documents\My Videos
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\Documents\My Pictures
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\Documents\My Music
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\My Documents
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\Local Settings
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\AppData\Local\History
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\Cookies
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\Application Data
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\AppData\Local\Application Data
    [2010-06-21 20:11:56 | 000,000,000 | --SD | C] -- C:\Users\SACHIN\AppData\Roaming\Microsoft
    [2010-06-21 20:11:56 | 000,000,000 | R--D | C] -- C:\Users\SACHIN\Videos
    [2010-06-21 20:11:56 | 000,000,000 | R--D | C] -- C:\Users\SACHIN\Saved Games
    [2010-06-21 20:11:56 | 000,000,000 | R--D | C] -- C:\Users\SACHIN\Pictures
    [2010-06-21 20:11:56 | 000,000,000 | R--D | C] -- C:\Users\SACHIN\Music
    [2010-06-21 20:11:56 | 000,000,000 | R--D | C] -- C:\Users\SACHIN\Links
    [2010-06-21 20:11:56 | 000,000,000 | R--D | C] -- C:\Users\SACHIN\Favorites
    [2010-06-21 20:11:56 | 000,000,000 | R--D | C] -- C:\Users\SACHIN\Downloads
    [2010-06-21 20:11:56 | 000,000,000 | R--D | C] -- C:\Users\SACHIN\Documents
    [2010-06-21 20:11:56 | 000,000,000 | R--D | C] -- C:\Users\SACHIN\Desktop
    [2010-06-21 20:11:56 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Temp
    [2010-06-21 20:11:56 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Microsoft
    [2010-06-21 20:11:56 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Media Center Programs
    [2010-06-21 20:11:56 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData
    [2010-06-21 13:27:46 | 000,000,000 | ---D | C] -- C:\QUARANTINE
    [2010-06-19 14:27:46 | 000,000,000 | ---D | C] -- C:\Intel Desktop Board
    [2010-06-19 06:09:57 | 000,000,000 | ---D | C] -- C:\Temp1
    [2010-06-15 10:04:27 | 000,069,632 | ---- | C] ( ) -- C:\nporbit.dll
    [2010-06-12 15:15:05 | 000,000,000 | ---D | C] -- C:\Ares
    [2010-06-03 20:25:27 | 000,000,000 | ---D | C] -- C:\IObit
    [2010-06-02 15:32:08 | 000,000,000 | ---D | C] -- C:\DVDTemp
    [2010-06-01 13:38:54 | 000,000,000 | ---D | C] -- C:\ZCVideoDVD
    [2010-05-31 23:15:08 | 000,000,000 | ---D | C] -- C:\Temp
    [2010-05-29 22:01:59 | 000,000,000 | ---D | C] -- C:\My Works
    [2010-04-20 16:57:58 | 000,000,000 | ---D | C] -- C:\Pcsx2
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\SACHIN\Documents\*.tmp files -> C:\Users\SACHIN\Documents\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010-07-05 12:22:27 | 002,883,584 | ---- | M] () -- C:\Users\SACHIN\NTUSER.DAT
    [2010-07-05 12:13:14 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010-07-05 12:13:14 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010-07-05 12:13:14 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010-07-05 11:49:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010-07-05 11:49:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010-07-05 11:48:00 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
    [2010-07-05 11:47:54 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job
    [2010-07-05 11:47:52 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\DriverCure Startup.job
    [2010-07-05 11:47:48 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
    [2010-07-05 11:47:23 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010-07-05 11:47:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010-07-05 11:47:22 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010-07-05 11:47:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010-07-05 11:42:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2010-07-05 11:42:50 | 000,524,288 | -HS- | M] () -- C:\Users\SACHIN\NTUSER.DAT{86f727d0-865e-11df-acae-001a80cdd7e6}.TMContainer00000000000000000001.regtrans-ms
    [2010-07-05 11:42:50 | 000,065,536 | -HS- | M] () -- C:\Users\SACHIN\NTUSER.DAT{86f727d0-865e-11df-acae-001a80cdd7e6}.TM.blf
    [2010-07-05 11:42:44 | 002,779,331 | -H-- | M] () -- C:\Users\SACHIN\AppData\Local\IconCache.db
    [2010-07-04 20:04:09 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2010-07-03 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
    [2010-07-03 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
    [2010-07-03 17:23:05 | 000,037,888 | ---- | M] () -- C:\Users\SACHIN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010-07-03 17:00:01 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
    [2010-07-03 15:02:20 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
    [2010-07-03 15:02:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010-07-03 13:14:56 | 000,524,288 | -HS- | M] () -- C:\Users\SACHIN\NTUSER.DAT{86f727d0-865e-11df-acae-001a80cdd7e6}.TMContainer00000000000000000002.regtrans-ms
    [2010-07-03 10:47:18 | 000,524,288 | -HS- | M] () -- C:\Users\SACHIN\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
    [2010-07-03 10:47:18 | 000,065,536 | -HS- | M] () -- C:\Users\SACHIN\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
    [2010-07-02 10:33:07 | 003,725,496 | R--- | M] () -- C:\Users\SACHIN\Desktop\ComboFix.exe
    [2010-07-02 10:13:59 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2010-07-01 23:27:56 | 000,000,657 | ---- | M] () -- C:\Users\SACHIN\Desktop\NFSC.lnk
    [2010-07-01 20:56:10 | 000,000,776 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2010-07-01 20:56:10 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2010-07-01 16:30:20 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
    [2010-07-01 16:17:41 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2010-07-01 16:17:20 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
    [2010-07-01 16:06:24 | 000,001,031 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2010-07-01 16:06:24 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2010-07-01 13:43:01 | 000,001,152 | ---- | M] () -- C:\Windows\System32\windrv.sys
    [2010-07-01 13:30:37 | 000,000,906 | ---- | M] () -- C:\Users\SACHIN\Desktop\CleanMyPC - Registry Cleaner.lnk
    [2010-06-30 13:58:32 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
    [2010-06-30 13:12:30 | 000,001,874 | ---- | M] () -- C:\Users\SACHIN\Desktop\HijackThis.lnk
    [2010-06-30 11:55:22 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010-06-30 10:44:21 | 000,000,797 | ---- | M] () -- C:\Users\SACHIN\Desktop\Glary Utilities.lnk
    [2010-06-30 09:47:38 | 000,000,968 | ---- | M] () -- C:\Users\Public\Desktop\AVG Anti-Rootkit Free.lnk
    [2010-06-30 09:43:40 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010-06-30 00:57:04 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\DriverCure.job
    [2010-06-29 16:01:01 | 000,000,943 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010-06-29 14:53:30 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2010-06-29 02:27:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
    [2010-06-29 02:27:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2010-06-29 02:07:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2010-06-29 02:07:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2010-06-29 02:03:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2010-06-29 02:02:56 | 000,050,256 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2010-06-29 02:02:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2010-06-29 00:40:07 | 000,001,803 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink Media Suite.lnk
    [2010-06-28 18:41:09 | 000,000,748 | ---- | M] () -- C:\Users\SACHIN\Desktop\Ares.lnk
    [2010-06-28 18:34:00 | 000,000,704 | ---- | M] () -- C:\Users\Public\Desktop\Ares.lnk
    [2010-06-28 18:15:59 | 000,001,912 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft DVD Creator 6.lnk
    [2010-06-28 18:15:59 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\Xilisoft DVD Creator 6.lnk
    [2010-06-28 12:50:05 | 000,001,044 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Bitcomet Ultra Accelerator.lnk
    [2010-06-28 12:50:05 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\Bitcomet Ultra Accelerator.lnk
    [2010-06-28 10:18:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    [2010-06-28 09:58:39 | 007,141,504 | ---- | M] () -- C:\Users\SACHIN\Documents\02. Flo Rida - Ack Like You Know.mp3
    [2010-06-27 17:36:57 | 000,264,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010-06-27 10:51:41 | 000,005,632 | ---- | M] () -- C:\Users\SACHIN\Documents\MO_Audio_Test.grf
    [2010-06-27 09:48:21 | 000,067,192 | ---- | M] () -- C:\Users\SACHIN\AppData\Local\GDIPFONTCACHEV1.DAT
    [2010-06-27 00:39:13 | 000,001,044 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire Ultra Accelerator.lnk
    [2010-06-27 00:39:13 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\LimeWire Ultra Accelerator.lnk
    [2010-06-26 23:32:03 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
    [2010-06-26 23:32:03 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
    [2010-06-26 23:08:27 | 000,000,028 | ---- | M] () -- C:\Windows\ZC DVD Creator Platinum.INI
    [2010-06-26 23:08:11 | 000,000,902 | ---- | M] () -- C:\Users\SACHIN\Desktop\ZC DVD Creator Platinum.lnk
    [2010-06-26 18:30:34 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
    [2010-06-26 18:30:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    [2010-06-26 16:46:43 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
    [2010-06-26 16:46:18 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\NTI CD & DVD-Maker 7.lnk
    [2010-06-26 16:46:10 | 000,001,024 | RH-- | M] () -- C:\Windows\System32\NTICDMK7.dll
    [2010-06-26 16:45:43 | 000,001,024 | RH-- | M] () -- C:\Windows\System32\NTIMPEG2.dll
    [2010-06-26 16:45:43 | 000,001,024 | RH-- | M] () -- C:\Windows\System32\NTIMP3.dll
    [2010-06-26 16:45:43 | 000,001,024 | RH-- | M] () -- C:\Windows\System32\NTIFCD3.dll
    [2010-06-26 16:45:23 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\System32\drivers\NTIDrvr.sys
    [2010-06-26 16:19:16 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\DriverEasy.lnk
    [2010-06-26 15:56:32 | 000,000,919 | ---- | M] () -- C:\Users\SACHIN\Desktop\DriverMax.lnk
    [2010-06-25 13:18:55 | 000,000,804 | ---- | M] () -- C:\Users\SACHIN\Desktop\CCleaner.lnk
    [2010-06-25 00:34:48 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
    [2010-06-25 00:27:06 | 006,301,976 | ---- | M] () -- C:\Users\SACHIN\Desktop\bmc Admission form.rtf
    [2010-06-25 00:25:18 | 006,301,976 | ---- | M] () -- C:\Users\SACHIN\Documents\BMC College Fee Receipt.rtf
    [2010-06-25 00:13:29 | 006,301,976 | ---- | M] () -- C:\Users\SACHIN\Documents\BMC College Admission No..rtf
    [2010-06-24 15:27:34 | 000,000,999 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\1-Click YouTube Downloader.lnk
    [2010-06-24 15:27:34 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\1-Click YouTube Downloader.lnk
    [2010-06-24 15:24:27 | 000,000,919 | ---- | M] () -- C:\Users\SACHIN\Desktop\YouTube Downloader.lnk
    [2010-06-24 15:18:27 | 000,000,872 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk
    [2010-06-24 15:18:26 | 000,000,848 | ---- | M] () -- C:\Users\SACHIN\Desktop\Orbit.lnk
    [2010-06-24 14:49:21 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
    [2010-06-24 01:14:24 | 000,001,710 | ---- | M] () -- C:\Users\SACHIN\Desktop\LimeWire PRO 4.18.8.lnk
    [2010-06-23 10:28:25 | 000,001,038 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
    [2010-06-23 10:28:25 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
    [2010-06-22 13:43:47 | 000,000,916 | ---- | M] () -- C:\Users\SACHIN\Desktop\Driver Genius Professional Edition.lnk
    [2010-06-22 12:46:18 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
    [2010-06-22 12:46:18 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\RegCure.job
    [2010-06-22 12:38:45 | 000,001,786 | ---- | M] () -- C:\Users\SACHIN\Desktop\Clean disk with 1 click.lnk
    [2010-06-22 12:38:45 | 000,000,926 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Disk Cleaner.lnk
    [2010-06-22 12:11:46 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\RegCure.lnk
    [2010-06-22 11:58:33 | 000,001,004 | ---- | M] () -- C:\Users\Public\Desktop\ParetoLogic DriverCure.lnk
    [2010-06-22 11:55:36 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\BitComet.lnk
    [2010-06-22 11:49:11 | 000,001,955 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010-06-22 11:44:39 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2010-06-22 11:17:02 | 000,001,710 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\CometBird.lnk
    [2010-06-22 11:17:02 | 000,001,686 | ---- | M] () -- C:\Users\Public\Desktop\CometBird.lnk
    [2010-06-22 09:08:16 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2010-06-22 08:20:13 | 000,136,009 | ---- | M] () -- C:\Windows\System32\license.rtf
    [2010-06-21 22:54:10 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2010-06-21 20:48:12 | 000,000,938 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010-06-21 20:26:30 | 000,524,288 | -HS- | M] () -- C:\Users\SACHIN\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
    [2010-06-21 20:18:48 | 000,001,973 | ---- | M] () -- C:\Users\SACHIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk
    [2010-06-21 20:14:18 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    [2010-06-21 20:12:45 | 000,000,680 | ---- | M] () -- C:\Users\SACHIN\AppData\Local\d3d9caps.dat
    [2010-06-21 20:11:58 | 000,000,020 | -HS- | M] () -- C:\Users\SACHIN\ntuser.ini
    [2010-06-08 21:40:50 | 000,790,528 | ---- | M] () -- C:\Windows\System32\xvidcore.dll
    [2010-06-08 21:40:50 | 000,134,144 | ---- | M] () -- C:\Windows\System32\xvidvfw.dll
    [2010-06-02 13:30:00 | 000,108,032 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
    [2010-06-02 13:30:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
    [2010-05-31 11:43:16 | 000,252,008 | ---- | M] (Realtek ) -- C:\Windows\System32\drivers\Rtlh86.sys
    [2010-05-05 14:19:56 | 000,050,688 | ---- | M] () -- C:\Windows\System32\ff_acm.acm
    [2010-05-04 08:28:45 | 000,057,667 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
    [2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010-04-27 20:51:40 | 001,738,072 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
    [2010-04-27 20:51:32 | 000,253,272 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
    [2010-04-27 20:51:24 | 000,253,784 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
    [2010-04-27 20:51:04 | 001,312,088 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
    [2010-04-27 13:50:10 | 000,299,424 | ---- | M] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
    [2010-04-26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
    [2010-04-14 17:55:20 | 000,232,792 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
    [2010-04-08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\SACHIN\Documents\*.tmp files -> C:\Users\SACHIN\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010-07-03 14:41:42 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2010-07-03 10:48:39 | 000,524,288 | -HS- | C] () -- C:\Users\SACHIN\NTUSER.DAT{86f727d0-865e-11df-acae-001a80cdd7e6}.TMContainer00000000000000000002.regtrans-ms
    [2010-07-03 10:48:39 | 000,524,288 | -HS- | C] () -- C:\Users\SACHIN\NTUSER.DAT{86f727d0-865e-11df-acae-001a80cdd7e6}.TMContainer00000000000000000001.regtrans-ms
    [2010-07-03 10:48:39 | 000,065,536 | -HS- | C] () -- C:\Users\SACHIN\NTUSER.DAT{86f727d0-865e-11df-acae-001a80cdd7e6}.TM.blf
    [2010-07-02 10:37:07 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
    [2010-07-02 10:37:06 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010-07-02 10:37:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010-07-02 10:37:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010-07-02 10:37:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010-07-02 10:34:31 | 003,725,496 | R--- | C] () -- C:\Users\SACHIN\Desktop\ComboFix.exe
    [2010-07-01 23:27:56 | 000,000,657 | ---- | C] () -- C:\Users\SACHIN\Desktop\NFSC.lnk
    [2010-07-01 20:56:10 | 000,000,776 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2010-07-01 20:56:10 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2010-07-01 16:30:57 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
    [2010-07-01 16:30:57 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
    [2010-07-01 16:30:57 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
    [2010-07-01 16:30:57 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
    [2010-07-01 16:30:57 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
    [2010-07-01 16:30:28 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
    [2010-07-01 16:30:24 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
    [2010-07-01 16:30:24 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
    [2010-07-01 16:30:20 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
    [2010-07-01 16:30:17 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
    [2010-07-01 16:24:40 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
    [2010-07-01 16:06:24 | 000,001,031 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2010-07-01 16:06:24 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2010-07-01 13:43:01 | 000,001,152 | ---- | C] () -- C:\Windows\System32\windrv.sys
    [2010-07-01 13:30:37 | 000,000,906 | ---- | C] () -- C:\Users\SACHIN\Desktop\CleanMyPC - Registry Cleaner.lnk
    [2010-06-30 13:58:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010-06-30 13:34:14 | 000,052,400 | ---- | C] () -- C:\Windows\System32\drivers\ativvpxx.vp
    [2010-06-30 13:34:09 | 000,013,848 | ---- | C] () -- C:\Windows\atiogl.xml
    [2010-06-30 13:34:04 | 000,172,033 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2010-06-30 13:34:03 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
    [2010-06-30 13:12:30 | 000,001,874 | ---- | C] () -- C:\Users\SACHIN\Desktop\HijackThis.lnk
    [2010-06-30 11:55:22 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010-06-30 10:44:27 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
    [2010-06-30 10:44:21 | 000,000,797 | ---- | C] () -- C:\Users\SACHIN\Desktop\Glary Utilities.lnk
    [2010-06-30 09:47:38 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\AVG Anti-Rootkit Free.lnk
    [2010-06-29 15:20:26 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
    [2010-06-29 12:20:25 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2010-06-29 10:27:07 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2010-06-29 10:27:06 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2010-06-29 10:27:03 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
    [2010-06-29 10:27:02 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2010-06-29 10:27:02 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2010-06-29 10:27:02 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2010-06-29 00:40:07 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink Media Suite.lnk
    [2010-06-28 18:41:09 | 000,000,748 | ---- | C] () -- C:\Users\SACHIN\Desktop\Ares.lnk
    [2010-06-28 18:34:00 | 000,000,704 | ---- | C] () -- C:\Users\Public\Desktop\Ares.lnk
    [2010-06-28 18:15:59 | 000,001,912 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft DVD Creator 6.lnk
    [2010-06-28 18:15:59 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\Xilisoft DVD Creator 6.lnk
    [2010-06-28 12:50:05 | 000,001,044 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Bitcomet Ultra Accelerator.lnk
    [2010-06-28 12:50:05 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\Bitcomet Ultra Accelerator.lnk
    [2010-06-28 10:18:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    [2010-06-28 09:58:38 | 007,141,504 | ---- | C] () -- C:\Users\SACHIN\Documents\02. Flo Rida - Ack Like You Know.mp3
    [2010-06-27 10:51:41 | 000,005,632 | ---- | C] () -- C:\Users\SACHIN\Documents\MO_Audio_Test.grf
    [2010-06-27 00:39:13 | 000,001,044 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire Ultra Accelerator.lnk
    [2010-06-27 00:39:13 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\LimeWire Ultra Accelerator.lnk
    [2010-06-26 23:32:03 | 000,001,735 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
    [2010-06-26 23:08:27 | 000,000,028 | ---- | C] () -- C:\Windows\ZC DVD Creator Platinum.INI
    [2010-06-26 23:08:11 | 000,000,902 | ---- | C] () -- C:\Users\SACHIN\Desktop\ZC DVD Creator Platinum.lnk
    [2010-06-26 22:25:04 | 000,007,420 | ---- | C] () -- C:\Windows\UA000104.DLL
    [2010-06-26 18:30:34 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
    [2010-06-26 18:30:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    [2010-06-26 18:29:39 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
    [2010-06-26 16:46:56 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys
    [2010-06-26 16:46:18 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\NTI CD & DVD-Maker 7.lnk
    [2010-06-26 16:46:10 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTICDMK7.dll
    [2010-06-26 16:45:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIMPEG2.dll
    [2010-06-26 16:45:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIMP3.dll
    [2010-06-26 16:45:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIFCD3.dll
    [2010-06-26 16:19:16 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\DriverEasy.lnk
    [2010-06-26 13:11:11 | 000,000,919 | ---- | C] () -- C:\Users\SACHIN\Desktop\DriverMax.lnk
    [2010-06-26 00:56:46 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010-06-25 13:18:55 | 000,000,804 | ---- | C] () -- C:\Users\SACHIN\Desktop\CCleaner.lnk
    [2010-06-25 00:26:45 | 006,301,976 | ---- | C] () -- C:\Users\SACHIN\Desktop\bmc Admission form.rtf
    [2010-06-25 00:25:18 | 006,301,976 | ---- | C] () -- C:\Users\SACHIN\Documents\BMC College Fee Receipt.rtf
    [2010-06-25 00:13:29 | 006,301,976 | ---- | C] () -- C:\Users\SACHIN\Documents\BMC College Admission No..rtf
    [2010-06-24 15:27:34 | 000,000,999 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\1-Click YouTube Downloader.lnk
    [2010-06-24 15:27:34 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\1-Click YouTube Downloader.lnk
    [2010-06-24 15:24:27 | 000,000,919 | ---- | C] () -- C:\Users\SACHIN\Desktop\YouTube Downloader.lnk
    [2010-06-24 15:18:27 | 000,000,872 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk
    [2010-06-24 15:18:26 | 000,000,848 | ---- | C] () -- C:\Users\SACHIN\Desktop\Orbit.lnk
    [2010-06-24 01:14:24 | 000,001,710 | ---- | C] () -- C:\Users\SACHIN\Desktop\LimeWire PRO 4.18.8.lnk
    [2010-06-23 23:55:27 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
    [2010-06-23 10:30:39 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\AWC AutoSweep.job
    [2010-06-23 10:28:28 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
    [2010-06-23 10:28:25 | 000,001,038 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
    [2010-06-23 10:28:25 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
    [2010-06-22 13:43:47 | 000,000,916 | ---- | C] () -- C:\Users\SACHIN\Desktop\Driver Genius Professional Edition.lnk
    [2010-06-22 12:38:45 | 000,001,786 | ---- | C] () -- C:\Users\SACHIN\Desktop\Clean disk with 1 click.lnk
    [2010-06-22 12:38:45 | 000,000,926 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Disk Cleaner.lnk
    [2010-06-22 12:28:02 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2010-06-22 12:11:48 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\RegCure Program Check.job
    [2010-06-22 12:11:47 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\RegCure.job
    [2010-06-22 12:11:46 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\RegCure.lnk
    [2010-06-22 11:58:40 | 000,000,444 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
    [2010-06-22 11:58:34 | 000,000,418 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
    [2010-06-22 11:55:36 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\BitComet.lnk
    [2010-06-22 11:49:11 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2010-06-22 11:49:11 | 000,001,955 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010-06-22 11:45:37 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
    [2010-06-22 11:45:33 | 000,001,004 | ---- | C] () -- C:\Users\Public\Desktop\ParetoLogic DriverCure.lnk
    [2010-06-22 11:45:33 | 000,000,398 | ---- | C] () -- C:\Windows\tasks\DriverCure Startup.job
    [2010-06-22 11:45:32 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
    [2010-06-22 11:45:29 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\DriverCure.job
    [2010-06-22 11:44:51 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010-06-22 11:44:48 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010-06-22 11:44:39 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2010-06-22 11:17:02 | 000,001,710 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\CometBird.lnk
    [2010-06-22 11:17:02 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\CometBird.lnk
    [2010-06-22 09:59:08 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
    [2010-06-21 22:54:10 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2010-06-21 20:48:12 | 000,000,938 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010-06-21 20:48:09 | 000,037,888 | ---- | C] () -- C:\Users\SACHIN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010-06-21 20:20:00 | 000,000,943 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010-06-21 20:18:48 | 000,001,973 | ---- | C] () -- C:\Users\SACHIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk
    [2010-06-21 20:16:48 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
    [2010-06-21 20:16:48 | 000,328,162 | ---- | C] () -- C:\Windows\System32\drivers\ativcaxx.cpa
    [2010-06-21 20:16:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2010-06-21 20:16:48 | 000,002,096 | ---- | C] () -- C:\Windows\System32\drivers\ativpkxx.vp
    [2010-06-21 20:16:48 | 000,002,096 | ---- | C] () -- C:\Windows\System32\drivers\ativokxx.vp
    [2010-06-21 20:16:48 | 000,002,096 | ---- | C] () -- C:\Windows\System32\drivers\ativdkxx.vp
    [2010-06-21 20:16:48 | 000,000,929 | ---- | C] () -- C:\Windows\System32\drivers\ativcaxx.vp
    [2010-06-21 20:14:18 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    [2010-06-21 20:12:00 | 000,000,680 | ---- | C] () -- C:\Users\SACHIN\AppData\Local\d3d9caps.dat
    [2010-06-21 20:11:58 | 000,000,020 | -HS- | C] () -- C:\Users\SACHIN\ntuser.ini
    [2010-06-21 20:11:57 | 000,524,288 | -HS- | C] () -- C:\Users\SACHIN\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
    [2010-06-21 20:11:57 | 000,524,288 | -HS- | C] () -- C:\Users\SACHIN\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
    [2010-06-21 20:11:57 | 000,065,536 | -HS- | C] () -- C:\Users\SACHIN\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
    [2010-06-21 20:11:56 | 002,883,584 | ---- | C] () -- C:\Users\SACHIN\NTUSER.DAT
    [2010-06-21 20:11:56 | 000,262,144 | -H-- | C] () -- C:\Users\SACHIN\ntuser.dat.LOG1
    [2010-06-21 20:11:56 | 000,000,258 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2010-06-21 20:11:56 | 000,000,240 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2010-06-21 20:11:56 | 000,000,000 | -H-- | C] () -- C:\Users\SACHIN\ntuser.dat.LOG2
    [2010-06-19 06:34:19 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
    [2010-05-05 14:19:56 | 000,050,688 | ---- | C] () -- C:\Windows\System32\ff_acm.acm
    [2009-04-11 18:48:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2008-09-12 15:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
    [2006-11-02 18:05:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006-11-02 13:10:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2001-12-26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
    [2001-09-03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
    [2001-07-30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
    [2001-07-23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

    ========== LOP Check ==========

    [2010-07-03 14:43:42 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\BitComet
    [2010-07-01 13:30:40 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\CleanMyPC Software
    [2010-06-22 11:17:13 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\CometNetwork
    [2010-06-22 21:55:27 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\DAEMON Tools
    [2010-06-26 23:40:12 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\DAEMON Tools Lite
    [2010-06-22 11:45:56 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\DriverCure
    [2010-06-26 16:19:29 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\Easeware
    [2010-06-30 10:47:17 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\GlarySoft
    [2010-06-24 15:18:27 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\GrabPro
    [2010-06-23 14:31:52 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\IObit
    [2010-06-30 01:34:38 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\LimeWire
    [2010-06-24 15:18:18 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\OpenCandy
    [2010-07-03 14:43:30 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\Orbit
    [2010-06-29 13:06:58 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\Publish Providers
    [2010-06-29 21:04:24 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\Sony
    [2010-06-24 11:41:30 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\TigerPlayer
    [2010-06-23 23:28:21 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\TuneUp Software
    [2010-06-26 22:36:57 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\Ulead Systems
    [2010-06-25 13:14:41 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\Uniblue
    [2010-07-01 21:01:21 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\uTorrent
    [2010-06-28 18:16:37 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\Xilisoft
    [2010-07-04 20:04:09 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    [2010-07-05 11:47:54 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\AWC AutoSweep.job
    [2010-07-05 11:48:00 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
    [2010-07-05 11:47:52 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\DriverCure Startup.job
    [2010-06-30 00:57:04 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\DriverCure.job
    [2010-07-05 11:47:48 | 000,000,314 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
    [2010-07-03 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
    [2010-07-03 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
    [2010-06-25 00:34:48 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
    [2010-06-22 12:46:18 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
    [2010-07-03 17:00:01 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job
    [2010-06-22 12:46:18 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\RegCure.job
    [2010-07-05 11:42:52 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010-07-05 11:47:11 | 000,005,683 | ---- | M] () -- C:\aaw7boot.log
    [2010-06-26 16:46:43 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
    [2009-04-11 18:48:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2010-06-22 09:08:16 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2010-07-03 15:08:04 | 000,028,011 | ---- | M] () -- C:\ComboFix.txt
    [2006-09-19 03:13:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2005-01-03 19:07:18 | 000,000,017 | -H-- | M] () -- C:\initrd.pam
    [2008-09-27 01:46:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2007-03-28 03:03:48 | 000,000,067 | -H-- | M] () -- C:\kernel.pam
    [2010-07-02 11:14:06 | 000,047,330 | ---- | M] () -- C:\log.txt
    [2008-09-27 01:46:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2009-07-06 14:42:12 | 000,069,632 | ---- | M] ( ) -- C:\nporbit.dll
    [2009-09-17 12:29:33 | 000,005,120 | -H-- | M] () -- C:\ntuser.dat.LOG1
    [2009-09-17 12:29:33 | 000,000,000 | -H-- | M] () -- C:\ntuser.dat.LOG2
    [2009-09-17 12:29:34 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{74b5f3e1-a347-11de-ab3a-dd5aff4aa4a4}.TM.blf
    [2009-09-17 12:29:34 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{74b5f3e1-a347-11de-ab3a-dd5aff4aa4a4}.TMContainer00000000000000000001.regtrans-ms
    [2009-09-17 12:29:34 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{74b5f3e1-a347-11de-ab3a-dd5aff4aa4a4}.TMContainer00000000000000000002.regtrans-ms
    [2010-07-05 11:47:11 | 2459,631,616 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2006-11-02 18:05:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2008-06-03 03:35:30 | 000,413,696 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
    [2009-04-11 18:48:38 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
    [2009-04-11 18:48:36 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
    [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

    < %systemroot%\system32\*.exe /lockedfiles >
    [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2009-04-11 19:38:12 | 023,552,000 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2009-04-11 19:37:55 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2009-04-11 19:38:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006-11-02 16:04:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006-11-02 16:04:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %systemroot%\system32\user32.dll /md5 >
    [2009-04-11 18:48:28 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
    [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008-01-21 07:54:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
    [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.com >
    [2006-11-02 18:07:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006-11-02 18:07:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006-11-02 18:07:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009-04-11 18:49:50 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.ini >
    [2006-09-19 03:07:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %PROGRAMFILES%\*. >
    [2010-06-24 15:28:21 | 000,000,000 | ---D | M] -- C:\Program Files\1-Click YouTube Downloader
    [2010-06-26 00:55:59 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
    [2010-06-22 11:43:18 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
    [2010-06-26 23:57:28 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
    [2010-06-28 18:41:10 | 000,000,000 | ---D | M] -- C:\Program Files\Ares
    [2010-06-21 20:17:26 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
    [2010-06-21 20:19:21 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
    [2010-06-27 09:44:44 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
    [2010-06-22 11:55:36 | 000,000,000 | ---D | M] -- C:\Program Files\BitComet
    [2010-06-28 12:59:08 | 000,000,000 | ---D | M] -- C:\Program Files\Bitcomet Ultra Accelerator
    [2010-06-25 13:18:55 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
    [2010-07-01 13:30:36 | 000,000,000 | ---D | M] -- C:\Program Files\CleanMyPC
    [2010-07-02 11:13:36 | 000,000,000 | ---D | M] -- C:\Program Files\CometBird
    [2010-07-03 14:54:16 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
    [2010-06-26 22:21:02 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
    [2010-06-29 00:43:11 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
    [2010-06-26 23:32:04 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
    [2010-06-26 17:43:01 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
    [2010-06-22 13:43:45 | 000,000,000 | ---D | M] -- C:\Program Files\Driver-Soft
    [2010-06-26 16:19:12 | 000,000,000 | ---D | M] -- C:\Program Files\Easeware
    [2010-06-30 10:44:21 | 000,000,000 | ---D | M] -- C:\Program Files\Glary Utilities
    [2010-06-22 11:49:01 | 000,000,000 | ---D | M] -- C:\Program Files\Google
    [2010-06-30 09:47:36 | 000,000,000 | ---D | M] -- C:\Program Files\GRISOFT
    [2010-06-26 13:11:08 | 000,000,000 | ---D | M] -- C:\Program Files\Innovative Solutions
    [2010-06-29 00:40:27 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
    [2010-06-22 12:34:42 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
    [2010-06-29 15:54:27 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
    [2010-06-27 00:14:58 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
    [2010-06-24 01:22:50 | 000,000,000 | ---D | M] -- C:\Program Files\Java
    [2010-06-29 10:27:31 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
    [2010-07-01 16:06:32 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
    [2010-06-25 17:51:19 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
    [2010-06-27 00:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire Ultra Accelerator
    [2010-06-30 12:38:31 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2006-11-02 18:07:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
    [2010-06-29 15:22:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
    [2010-06-25 19:11:08 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
    [2010-06-29 00:47:00 | 000,000,000 | ---D | M] -- C:\Program Files\MpcStar
    [2006-11-02 18:07:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
    [2010-07-01 23:27:55 | 000,000,000 | ---D | M] -- C:\Program Files\Need for Speed Carbon
    [2010-06-26 16:46:21 | 000,000,000 | ---D | M] -- C:\Program Files\NewTech Infosystems
    [2010-06-24 15:18:31 | 000,000,000 | ---D | M] -- C:\Program Files\Orbitdownloader
    [2010-06-22 11:45:28 | 000,000,000 | ---D | M] -- C:\Program Files\ParetoLogic
    [2010-06-29 12:20:25 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
    [2006-11-02 18:07:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
    [2010-06-22 12:16:34 | 000,000,000 | ---D | M] -- C:\Program Files\RegCure
    [2010-06-29 12:55:40 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
    [2010-06-30 10:20:36 | 000,000,000 | ---D | M] -- C:\Program Files\Sophos
    [2010-07-01 16:33:02 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
    [2010-06-22 12:25:43 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
    [2010-06-26 20:58:20 | 000,000,000 | -H-D | M] -- C:\Program Files\Temp
    [2010-06-26 17:44:36 | 000,000,000 | ---D | M] -- C:\Program Files\ThinkPad
    [2010-06-30 13:12:30 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
    [2006-11-02 18:31:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
    [2010-07-01 20:56:10 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
    [2010-06-21 22:54:02 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
    [2009-04-11 18:53:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
    [2009-04-11 18:53:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
    [2009-04-11 18:53:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
    [2009-04-11 18:53:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
    [2010-06-25 19:11:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
    [2010-06-26 22:24:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
    [2010-06-25 19:10:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
    [2006-11-02 18:07:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
    [2009-04-11 18:53:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
    [2010-06-28 10:19:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
    [2009-04-11 18:53:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
    [2010-06-22 12:43:27 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
    [2010-06-22 12:43:39 | 000,000,000 | ---D | M] -- C:\Program Files\Wise Disk Cleaner
    [2010-06-28 18:14:55 | 000,000,000 | ---D | M] -- C:\Program Files\Xilisoft
    [2010-06-24 15:29:45 | 000,000,000 | ---D | M] -- C:\Program Files\YouTube Downloader
    [2010-06-26 23:22:33 | 000,000,000 | ---D | M] -- C:\Program Files\ZC DVD Creator Platinum

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >


    < MD5 for: EVENTLOG.DLL >
    [2008-06-06 14:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

    < MD5 for: EVENTLOG.ETL >
    [2010-07-05 12:27:24 | 000,196,608 | ---- | M] () MD5=F8AE0270E806C54EB78A311CDBE10401 -- C:\Windows\System32\NDF\eventlog.etl

    < MD5 for: WSCNTFY.DLL >
    [2009-04-11 18:48:07 | 000,223,744 | ---- | M] (Microsoft Corporation) MD5=0B5AC46982E77CAF3EC1D55C9AC6AB56 -- C:\Windows\System32\wscntfy.dll
    [2009-04-11 18:48:07 | 000,223,744 | ---- | M] (Microsoft Corporation) MD5=0B5AC46982E77CAF3EC1D55C9AC6AB56 -- C:\Windows\winsxs\x86_microsoft-windows-s..tycenter-notifyicon_31bf3856ad364e35_6.0.6002.18005_none_0015b648d92092e2\wscntfy.dll

    < MD5 for: WSCNTFY.DLL.MUI >
    [2006-11-02 18:11:32 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=DC3682BEB013B14470318C5C920E6589 -- C:\Windows\System32\en-US\wscntfy.dll.mui
    [2006-11-02 18:11:32 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=DC3682BEB013B14470318C5C920E6589 -- C:\Windows\winsxs\x86_microsoft-windows-s..otifyicon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_9fecff8addf581a9\wscntfy.dll.mui

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:ECF54A0E
    @Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A8ADE5D8
    < End of report >
     
  8. leo92

    leo92 Thread Starter

    Joined:
    Jun 30, 2010
    Messages:
    17
    Sorry for the late reply, my net connection was down in INDIA.

    here is my otl.txt:

    OTL logfile created on: 05-07-2010 12:20:30 - Run 1
    OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\SACHIN\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18928)
    Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.94 Gb Total Space | 127.61 Gb Free Space | 57.24% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: SACHIN-PC
    Current User Name: SACHIN
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010-07-05 12:16:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\SACHIN\Downloads\OTL.exe
    PRC - [2010-06-30 12:42:31 | 000,008,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\CometBird\plugin-container.exe
    PRC - [2010-06-30 12:42:11 | 000,116,024 | ---- | M] (CometNetwork) -- C:\Program Files\CometBird\CometBird.exe
    PRC - [2010-06-29 02:27:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010-06-29 02:27:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010-06-11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
    PRC - [2010-04-15 13:13:18 | 001,459,568 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
    PRC - [2010-01-22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    PRC - [2009-11-02 14:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
    PRC - [2009-10-02 17:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
    PRC - [2009-09-01 21:30:11 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared files\brs.exe
    PRC - [2009-07-06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
    PRC - [2009-04-11 18:48:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008-03-02 22:18:08 | 000,913,664 | ---- | M] (CleanMyPC Software) -- C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
    PRC - [2008-01-21 07:53:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2007-06-15 12:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe


    ========== Modules (SafeList) ==========

    MOD - [2010-07-05 12:16:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\SACHIN\Downloads\OTL.exe
    MOD - [2009-04-11 18:48:14 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
    MOD - [2008-01-21 07:54:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Windows\System32\xmlprov.dll -- (xmlprov)
    SRV - File not found [On_Demand | Stopped] -- C:\Windows\System32\ups.exe -- (UPS)
    SRV - File not found [Auto | Stopped] -- C:\Windows\System32\ersvc.dll -- (ERSvc)
    SRV - File not found [On_Demand | Stopped] -- C:\Windows\System32\cisvc.exe -- (CiSvc)
    SRV - [2010-07-01 16:13:41 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2010-06-29 02:27:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010-06-29 02:27:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010-06-29 02:27:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010-06-11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
    SRV - [2010-04-15 13:13:18 | 000,722,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
    SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010-03-15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
    SRV - [2010-03-11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
    SRV - [2010-01-22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
    SRV - [2009-10-02 17:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV - [2009-09-25 06:57:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2008-01-21 07:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010-06-29 02:07:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010-06-29 02:07:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010-06-29 02:03:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010-06-29 02:02:56 | 000,050,256 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2010-06-29 02:02:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010-06-26 23:32:03 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
    DRV - [2010-06-26 19:34:00 | 000,274,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwampfl.sys -- (btwampfl)
    DRV - [2010-06-26 16:45:23 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV - [2010-05-31 11:43:16 | 000,252,008 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2010-05-17 22:53:06 | 006,630,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
    DRV - [2010-04-30 16:59:12 | 003,086,752 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2010-03-29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2010-01-21 16:06:18 | 000,230,448 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2009-12-02 13:11:04 | 000,018,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
    DRV - [2009-12-02 13:11:02 | 000,108,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
    DRV - [2009-12-02 13:11:02 | 000,086,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
    DRV - [2009-12-02 13:11:02 | 000,029,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
    DRV - [2009-09-01 16:59:44 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/06/29 00:35:09] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
    DRV - [2009-06-19 16:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
    DRV - [2009-04-11 18:48:32 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
    DRV - [2009-04-11 18:48:01 | 000,069,096 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008-07-29 04:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
    DRV - [2008-06-03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2008-03-25 11:41:00 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
    DRV - [2008-03-25 11:27:18 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
    DRV - [2008-03-25 11:27:16 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
    DRV - [2008-01-21 07:53:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008-01-21 07:53:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008-01-21 07:53:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008-01-21 07:53:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008-01-21 07:53:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008-01-21 07:53:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008-01-21 07:53:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008-01-21 07:53:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008-01-21 07:53:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008-01-21 07:53:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008-01-21 07:53:23 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
    DRV - [2008-01-21 07:53:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008-01-21 07:53:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008-01-21 07:53:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008-01-21 07:53:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008-01-21 07:53:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008-01-21 07:53:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008-01-21 07:53:22 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
    DRV - [2008-01-21 07:53:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008-01-21 07:53:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
    DRV - [2008-01-21 07:53:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008-01-21 07:53:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008-01-21 07:53:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008-01-21 07:53:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008-01-21 07:53:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008-01-21 07:53:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008-01-21 07:53:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2007-11-28 14:35:02 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
    DRV - [2007-11-16 21:01:54 | 000,818,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
    DRV - [2007-01-31 19:03:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
    DRV - [2007-01-18 17:30:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\AvgArCln.sys -- (AvgArCln)
    DRV - [2006-11-02 15:20:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006-11-02 15:20:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006-11-02 15:20:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006-11-02 15:20:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006-11-02 15:20:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006-11-02 15:20:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006-11-02 15:20:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006-11-02 15:20:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006-11-02 15:20:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006-11-02 15:19:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006-11-02 15:19:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006-11-02 13:55:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006-11-02 13:54:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006-11-02 13:54:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006-11-02 13:54:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006-11-02 13:54:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006-11-02 13:54:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006-11-02 13:06:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2004-12-17 16:14:44 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    [2010-06-22 11:17:21 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\Mozilla\Extensions

    O1 HOSTS File: ([2010-07-03 15:02:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
    O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.4.13.dll (BitComet)
    O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
    O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
    O4 - HKCU..\Run: [Registry Cleaner Scheduler] C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe (CleanMyPC Software)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.4.13.dll (BitComet)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 124.124.5.141 124.124.5.140
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010-06-26 16:46:43 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - C:\Windows\System32\ntmssvc.dll File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - C:\Windows\System32\srsvc.dll File not found
    NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: uploadmgr - File not found
    NetSvcs: kvxqiwfj - File not found

    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bitcomet Ultra Accelerator.lnk - C:\Program Files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe - (TrafficSpeeders LLC)
    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
    MsConfig - StartUpReg: ares - hkey= - key= - C:\Program Files\Ares\Ares.exe (Ares Development Group)
    MsConfig - StartUpReg: BitComet - hkey= - key= - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    MsConfig - State: "startup" - 2

    SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
    SafeBootMin: NTDS - File not found
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
    SafeBootNet: Messenger - Service
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: NTDS - File not found
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: rdsessmgr - Service
    SafeBootNet: sacsvr - Service
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootNet: WudfPf - Driver
    SafeBootNet: WudfUsbccidDriver - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
    Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
    Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
    Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 90 Days ==========

    [2010-07-03 15:02:15 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2010-07-03 15:00:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010-07-03 14:45:32 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2010-07-03 14:45:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010-07-03 10:43:34 | 000,000,000 | ---D | C] -- C:\Windows\$regcmp$
    [2010-07-02 10:37:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010-07-02 10:37:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010-07-02 10:37:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010-07-02 10:36:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010-07-02 10:33:32 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010-07-01 23:28:55 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\Documents\NFS Carbon
    [2010-07-01 23:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\Need for Speed Carbon
    [2010-07-01 20:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
    [2010-07-01 20:55:25 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\uTorrent
    [2010-07-01 16:30:57 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
    [2010-07-01 16:30:56 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
    [2010-07-01 16:30:56 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
    [2010-07-01 16:30:28 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
    [2010-07-01 16:30:28 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
    [2010-07-01 16:30:24 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
    [2010-07-01 16:30:24 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
    [2010-07-01 16:30:17 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
    [2010-07-01 16:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
    [2010-07-01 16:30:05 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\PC Tools
    [2010-07-01 16:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2010-07-01 16:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2010-07-01 16:17:44 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2010-07-01 16:06:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    [2010-07-01 16:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2010-07-01 16:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2010-07-01 13:30:40 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\CleanMyPC Software
    [2010-07-01 13:30:36 | 000,000,000 | ---D | C] -- C:\Program Files\CleanMyPC
    [2010-06-30 13:34:14 | 000,262,144 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
    [2010-06-30 13:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010-06-30 12:45:02 | 000,818,688 | ---- | C] (Texas Instruments) -- C:\Windows\System32\drivers\ti21sony.sys
    [2010-06-30 11:55:24 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Malwarebytes
    [2010-06-30 11:55:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010-06-30 11:55:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010-06-30 11:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010-06-30 11:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010-06-30 10:47:17 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\GlarySoft
    [2010-06-30 10:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
    [2010-06-30 10:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
    [2010-06-30 09:47:37 | 000,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\Windows\System32\drivers\AvgArCln.sys
    [2010-06-30 09:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\GRISOFT
    [2010-06-29 20:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\{9DF77379-A83D-46CF-968D-03CBC652096D}
    [2010-06-29 15:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2010-06-29 14:53:29 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
    [2010-06-29 13:06:58 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Publish Providers
    [2010-06-29 13:02:39 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\Documents\Vegas Movie Studio HD Platinum 10.0 Projects
    [2010-06-29 13:02:39 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Sony
    [2010-06-29 12:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
    [2010-06-29 12:53:34 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Sony
    [2010-06-29 12:20:25 | 000,252,008 | ---- | C] (Realtek ) -- C:\Windows\System32\drivers\Rtlh86.sys
    [2010-06-29 10:50:01 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Media Player Classic
    [2010-06-29 10:27:03 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
    [2010-06-29 10:27:02 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
    [2010-06-29 10:27:02 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
    [2010-06-29 10:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
    [2010-06-29 01:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\VistaCodecs
    [2010-06-29 00:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
    [2010-06-28 18:34:02 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Ares
    [2010-06-28 18:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\Ares
    [2010-06-28 18:16:41 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Xilisoft
    [2010-06-28 18:16:37 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Xilisoft
    [2010-06-28 18:14:55 | 000,000,000 | ---D | C] -- C:\Program Files\Xilisoft
    [2010-06-28 13:02:51 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\InstallShield
    [2010-06-28 12:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bitcomet Ultra Accelerator
    [2010-06-28 10:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
    [2010-06-28 10:04:49 | 000,000,000 | -H-D | C] -- C:\Users\SACHIN\Documents\PDRMUSIC.TMP
    [2010-06-27 10:48:51 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\Documents\CyberLink
    [2010-06-27 10:48:50 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\Cyberlink
    [2010-06-27 09:29:54 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Power2Go
    [2010-06-27 00:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire Ultra Accelerator
    [2010-06-27 00:13:54 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2010-06-27 00:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
    [2010-06-26 23:57:30 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Apple
    [2010-06-26 23:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2010-06-26 23:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
    [2010-06-26 23:49:21 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\CyberLink
    [2010-06-26 23:49:19 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Cyberlink
    [2010-06-26 23:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
    [2010-06-26 23:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
    [2010-06-26 23:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
    [2010-06-26 23:32:02 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
    [2010-06-26 23:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
    [2010-06-26 23:31:17 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\DAEMON Tools Lite
    [2010-06-26 23:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
    [2010-06-26 23:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\ZC DVD Creator Platinum
    [2010-06-26 22:32:21 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\Documents\Corel DVD MovieFactory
    [2010-06-26 22:32:19 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Ulead Systems
    [2010-06-26 22:24:06 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
    [2010-06-26 22:24:05 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
    [2010-06-26 22:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
    [2010-06-26 22:23:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
    [2010-06-26 22:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
    [2010-06-26 22:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
    [2010-06-26 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\tiinst
    [2010-06-26 20:58:26 | 000,000,000 | ---D | C] -- C:\Dell
    [2010-06-26 20:51:50 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
    [2010-06-26 20:51:50 | 001,738,072 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
    [2010-06-26 20:51:50 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
    [2010-06-26 20:51:50 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
    [2010-06-26 20:51:50 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
    [2010-06-26 20:51:50 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
    [2010-06-26 20:51:43 | 000,357,576 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
    [2010-06-26 20:51:43 | 000,168,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
    [2010-06-26 20:51:43 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
    [2010-06-26 20:51:43 | 000,062,664 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
    [2010-06-26 20:51:42 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
    [2010-06-26 20:51:42 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
    [2010-06-26 20:51:41 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
    [2010-06-26 20:51:41 | 001,312,088 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
    [2010-06-26 20:51:41 | 000,253,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
    [2010-06-26 20:51:41 | 000,253,272 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
    [2010-06-26 20:51:41 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
    [2010-06-26 20:51:41 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
    [2010-06-26 20:51:38 | 001,131,280 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
    [2010-06-26 20:51:38 | 000,961,296 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
    [2010-06-26 20:51:38 | 000,427,792 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
    [2010-06-26 20:51:38 | 000,405,776 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
    [2010-06-26 20:51:38 | 000,299,424 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
    [2010-06-26 20:51:38 | 000,290,064 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
    [2010-06-26 20:51:38 | 000,223,504 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
    [2010-06-26 20:51:37 | 000,900,368 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
    [2010-06-26 20:51:37 | 000,448,272 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
    [2010-06-26 20:51:37 | 000,235,280 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
    [2010-06-26 20:51:37 | 000,103,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
    [2010-06-26 20:51:37 | 000,103,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
    [2010-06-26 20:51:37 | 000,102,160 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
    [2010-06-26 20:51:34 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
    [2010-06-26 18:28:50 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\Documents\DriverEasy
    [2010-06-26 18:28:15 | 000,230,448 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\drivers\SynTP.sys
    [2010-06-26 18:28:15 | 000,206,120 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynCtrl.dll
    [2010-06-26 18:28:15 | 000,161,064 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynTPAPI.dll
    [2010-06-26 18:28:15 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynTPCo4.dll
    [2010-06-26 17:51:20 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Broadcom
    [2010-06-26 17:51:20 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\Documents\Bluetooth Exchange Folder
    [2010-06-26 17:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\ThinkPad
    [2010-06-26 17:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
    [2010-06-26 17:41:18 | 000,000,000 | ---D | C] -- C:\DRIVERS
    [2010-06-26 17:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NtiDvdCopy
    [2010-06-26 16:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
    [2010-06-26 16:46:35 | 000,226,816 | ---- | C] (honest technology) -- C:\Windows\System32\htvcdsvcd.ax
    [2010-06-26 16:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NewTech Infosystems
    [2010-06-26 16:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\NewTech Infosystems
    [2010-06-26 16:45:23 | 000,006,144 | ---- | C] (NewTech Infosystems, Inc.) -- C:\Windows\System32\drivers\NTIDrvr.sys
    [2010-06-26 16:19:29 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Easeware
    [2010-06-26 16:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Easeware
    [2010-06-26 13:11:13 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\Documents\My Drivers
    [2010-06-26 13:11:13 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Innovative Solutions
    [2010-06-26 13:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
    [2010-06-26 13:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
    [2010-06-26 00:57:37 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Adobe
    [2010-06-26 00:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
    [2010-06-26 00:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2010-06-26 00:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2010-06-25 13:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2010-06-24 22:50:32 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\Desktop\Pazera_Video_Converters_Suite
    [2010-06-24 15:33:56 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\AVS4YOU
    [2010-06-24 15:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
    [2010-06-24 15:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
    [2010-06-24 15:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
    [2010-06-24 15:28:21 | 000,000,000 | ---D | C] -- C:\myyoutube
    [2010-06-24 15:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\1-Click YouTube Downloader
    [2010-06-24 15:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
    [2010-06-24 15:18:27 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\GrabPro
    [2010-06-24 15:18:25 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\OpenCandy
    [2010-06-24 15:18:18 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\OpenCandy
    [2010-06-24 15:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\Orbitdownloader
    [2010-06-24 15:18:16 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Orbit
    [2010-06-24 15:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
    [2010-06-24 11:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
    [2010-06-24 11:41:14 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\TigerPlayer
    [2010-06-24 11:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\MpcStar
    [2010-06-24 01:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010-06-24 01:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010-06-24 01:23:56 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\Documents\LimeWire
    [2010-06-24 01:23:43 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\LimeWire
    [2010-06-24 01:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2010-06-24 01:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
    [2010-06-24 00:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
    [2010-06-23 23:28:21 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\TuneUp Software
    [2010-06-23 23:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
    [2010-06-23 23:27:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
    [2010-06-23 23:24:59 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Google
    [2010-06-23 10:28:16 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\IObit
    [2010-06-23 10:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
    [2010-06-23 10:11:20 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Uniblue
    [2010-06-22 21:55:16 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\DAEMON Tools
    [2010-06-22 21:49:29 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\Desktop\Plants vs Zombies
    [2010-06-22 20:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
    [2010-06-22 14:54:35 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2010-06-22 13:46:01 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\Documents\DriverGenius
    [2010-06-22 13:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Driver-Soft
    [2010-06-22 13:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
    [2010-06-22 12:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Disk Cleaner
    [2010-06-22 12:34:42 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
    [2010-06-22 12:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
    [2010-06-22 12:33:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
    [2010-06-22 12:32:51 | 004,018,176 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    [2010-06-22 12:28:34 | 000,094,208 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\System32\RTNUninst32.dll
    [2010-06-22 12:28:30 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
    [2010-06-22 12:25:43 | 000,173,352 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynCOM.dll
    [2010-06-22 12:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
    [2010-06-22 12:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure
    [2010-06-22 12:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
    [2010-06-22 12:10:49 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\WinRAR
    [2010-06-22 12:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2010-06-22 12:01:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloads
    [2010-06-22 11:55:43 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\BitComet
    [2010-06-22 11:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\BitComet
    [2010-06-22 11:45:36 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\DriverCure
    [2010-06-22 11:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
    [2010-06-22 11:45:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
    [2010-06-22 11:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
    [2010-06-22 11:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverCure
    [2010-06-22 11:44:40 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Google
    [2010-06-22 11:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2010-06-22 11:44:38 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2010-06-22 11:44:38 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2010-06-22 11:44:36 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2010-06-22 11:44:34 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2010-06-22 11:44:30 | 000,050,256 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2010-06-22 11:43:33 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2010-06-22 11:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2010-06-22 11:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010-06-22 11:21:07 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Macromedia
    [2010-06-22 11:21:06 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Adobe
    [2010-06-22 11:20:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
    [2010-06-22 11:17:21 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Mozilla
    [2010-06-22 11:17:13 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\CometNetwork
    [2010-06-22 11:17:13 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\CometNetwork
    [2010-06-22 11:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\CometBird
    [2010-06-22 10:07:03 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Apps
    [2010-06-22 09:08:29 | 000,000,000 | ---D | C] -- C:\Windows\Panther
    [2010-06-22 08:37:20 | 000,000,000 | ---D | C] -- C:\Windows\Debug
    [2010-06-22 08:18:58 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2010-06-22 08:09:20 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2010-06-21 23:10:39 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\vlc
    [2010-06-21 22:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [2010-06-21 20:34:57 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Microsoft Games
    [2010-06-21 20:29:40 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\ATI
    [2010-06-21 20:29:40 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\ATI
    [2010-06-21 20:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2010-06-21 20:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
    [2010-06-21 20:22:37 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Sony Corporation
    [2010-06-21 20:22:34 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
    [2010-06-21 20:22:33 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
    [2010-06-21 20:22:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
    [2010-06-21 20:17:33 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
    [2010-06-21 20:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
    [2010-06-21 20:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
    [2010-06-21 20:16:48 | 000,327,680 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
    [2010-06-21 20:16:47 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
    [2010-06-21 20:14:48 | 000,073,472 | ---- | C] (Ricoh) -- C:\Windows\System32\drivers\R5U870FLx86.sys
    [2010-06-21 20:14:48 | 000,043,904 | ---- | C] (Ricoh) -- C:\Windows\System32\drivers\R5U870FUx86.sys
    [2010-06-21 20:12:21 | 000,000,000 | R--D | C] -- C:\Users\SACHIN\Searches
    [2010-06-21 20:12:08 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Identities
    [2010-06-21 20:12:05 | 000,000,000 | R--D | C] -- C:\Users\SACHIN\Contacts
    [2010-06-21 20:12:03 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\VirtualStore
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\AppData\Local\Temporary Internet Files
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\Templates
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\Start Menu
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\SendTo
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\Recent
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\PrintHood
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\NetHood
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\Documents\My Videos
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\Documents\My Pictures
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\Documents\My Music
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\My Documents
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\Local Settings
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\AppData\Local\History
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\Cookies
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\Application Data
    [2010-06-21 20:11:58 | 000,000,000 | -HSD | C] -- C:\Users\SACHIN\AppData\Local\Application Data
    [2010-06-21 20:11:56 | 000,000,000 | --SD | C] -- C:\Users\SACHIN\AppData\Roaming\Microsoft
    [2010-06-21 20:11:56 | 000,000,000 | R--D | C] -- C:\Users\SACHIN\Videos
    [2010-06-21 20:11:56 | 000,000,000 | R--D | C] -- C:\Users\SACHIN\Saved Games
    [2010-06-21 20:11:56 | 000,000,000 | R--D | C] -- C:\Users\SACHIN\Pictures
    [2010-06-21 20:11:56 | 000,000,000 | R--D | C] -- C:\Users\SACHIN\Music
    [2010-06-21 20:11:56 | 000,000,000 | R--D | C] -- C:\Users\SACHIN\Links
    [2010-06-21 20:11:56 | 000,000,000 | R--D | C] -- C:\Users\SACHIN\Favorites
    [2010-06-21 20:11:56 | 000,000,000 | R--D | C] -- C:\Users\SACHIN\Downloads
    [2010-06-21 20:11:56 | 000,000,000 | R--D | C] -- C:\Users\SACHIN\Documents
    [2010-06-21 20:11:56 | 000,000,000 | R--D | C] -- C:\Users\SACHIN\Desktop
    [2010-06-21 20:11:56 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Temp
    [2010-06-21 20:11:56 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Local\Microsoft
    [2010-06-21 20:11:56 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData\Roaming\Media Center Programs
    [2010-06-21 20:11:56 | 000,000,000 | ---D | C] -- C:\Users\SACHIN\AppData
    [2010-06-21 13:27:46 | 000,000,000 | ---D | C] -- C:\QUARANTINE
    [2010-06-19 14:27:46 | 000,000,000 | ---D | C] -- C:\Intel Desktop Board
    [2010-06-19 06:09:57 | 000,000,000 | ---D | C] -- C:\Temp1
    [2010-06-15 10:04:27 | 000,069,632 | ---- | C] ( ) -- C:\nporbit.dll
    [2010-06-12 15:15:05 | 000,000,000 | ---D | C] -- C:\Ares
    [2010-06-03 20:25:27 | 000,000,000 | ---D | C] -- C:\IObit
    [2010-06-02 15:32:08 | 000,000,000 | ---D | C] -- C:\DVDTemp
    [2010-06-01 13:38:54 | 000,000,000 | ---D | C] -- C:\ZCVideoDVD
    [2010-05-31 23:15:08 | 000,000,000 | ---D | C] -- C:\Temp
    [2010-05-29 22:01:59 | 000,000,000 | ---D | C] -- C:\My Works
    [2010-04-20 16:57:58 | 000,000,000 | ---D | C] -- C:\Pcsx2
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\SACHIN\Documents\*.tmp files -> C:\Users\SACHIN\Documents\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010-07-05 12:22:27 | 002,883,584 | ---- | M] () -- C:\Users\SACHIN\NTUSER.DAT
    [2010-07-05 12:13:14 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010-07-05 12:13:14 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010-07-05 12:13:14 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010-07-05 11:49:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010-07-05 11:49:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010-07-05 11:48:00 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
    [2010-07-05 11:47:54 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job
    [2010-07-05 11:47:52 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\DriverCure Startup.job
    [2010-07-05 11:47:48 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
    [2010-07-05 11:47:23 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010-07-05 11:47:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010-07-05 11:47:22 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010-07-05 11:47:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010-07-05 11:42:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2010-07-05 11:42:50 | 000,524,288 | -HS- | M] () -- C:\Users\SACHIN\NTUSER.DAT{86f727d0-865e-11df-acae-001a80cdd7e6}.TMContainer00000000000000000001.regtrans-ms
    [2010-07-05 11:42:50 | 000,065,536 | -HS- | M] () -- C:\Users\SACHIN\NTUSER.DAT{86f727d0-865e-11df-acae-001a80cdd7e6}.TM.blf
    [2010-07-05 11:42:44 | 002,779,331 | -H-- | M] () -- C:\Users\SACHIN\AppData\Local\IconCache.db
    [2010-07-04 20:04:09 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2010-07-03 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
    [2010-07-03 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
    [2010-07-03 17:23:05 | 000,037,888 | ---- | M] () -- C:\Users\SACHIN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010-07-03 17:00:01 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
    [2010-07-03 15:02:20 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
    [2010-07-03 15:02:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010-07-03 13:14:56 | 000,524,288 | -HS- | M] () -- C:\Users\SACHIN\NTUSER.DAT{86f727d0-865e-11df-acae-001a80cdd7e6}.TMContainer00000000000000000002.regtrans-ms
    [2010-07-03 10:47:18 | 000,524,288 | -HS- | M] () -- C:\Users\SACHIN\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
    [2010-07-03 10:47:18 | 000,065,536 | -HS- | M] () -- C:\Users\SACHIN\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
    [2010-07-02 10:33:07 | 003,725,496 | R--- | M] () -- C:\Users\SACHIN\Desktop\ComboFix.exe
    [2010-07-02 10:13:59 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2010-07-01 23:27:56 | 000,000,657 | ---- | M] () -- C:\Users\SACHIN\Desktop\NFSC.lnk
    [2010-07-01 20:56:10 | 000,000,776 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2010-07-01 20:56:10 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2010-07-01 16:30:20 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
    [2010-07-01 16:17:41 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2010-07-01 16:17:20 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
    [2010-07-01 16:06:24 | 000,001,031 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2010-07-01 16:06:24 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2010-07-01 13:43:01 | 000,001,152 | ---- | M] () -- C:\Windows\System32\windrv.sys
    [2010-07-01 13:30:37 | 000,000,906 | ---- | M] () -- C:\Users\SACHIN\Desktop\CleanMyPC - Registry Cleaner.lnk
    [2010-06-30 13:58:32 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
    [2010-06-30 13:12:30 | 000,001,874 | ---- | M] () -- C:\Users\SACHIN\Desktop\HijackThis.lnk
    [2010-06-30 11:55:22 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010-06-30 10:44:21 | 000,000,797 | ---- | M] () -- C:\Users\SACHIN\Desktop\Glary Utilities.lnk
    [2010-06-30 09:47:38 | 000,000,968 | ---- | M] () -- C:\Users\Public\Desktop\AVG Anti-Rootkit Free.lnk
    [2010-06-30 09:43:40 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010-06-30 00:57:04 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\DriverCure.job
    [2010-06-29 16:01:01 | 000,000,943 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010-06-29 14:53:30 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2010-06-29 02:27:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
    [2010-06-29 02:27:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2010-06-29 02:07:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2010-06-29 02:07:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2010-06-29 02:03:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2010-06-29 02:02:56 | 000,050,256 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2010-06-29 02:02:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2010-06-29 00:40:07 | 000,001,803 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink Media Suite.lnk
    [2010-06-28 18:41:09 | 000,000,748 | ---- | M] () -- C:\Users\SACHIN\Desktop\Ares.lnk
    [2010-06-28 18:34:00 | 000,000,704 | ---- | M] () -- C:\Users\Public\Desktop\Ares.lnk
    [2010-06-28 18:15:59 | 000,001,912 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft DVD Creator 6.lnk
    [2010-06-28 18:15:59 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\Xilisoft DVD Creator 6.lnk
    [2010-06-28 12:50:05 | 000,001,044 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Bitcomet Ultra Accelerator.lnk
    [2010-06-28 12:50:05 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\Bitcomet Ultra Accelerator.lnk
    [2010-06-28 10:18:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    [2010-06-28 09:58:39 | 007,141,504 | ---- | M] () -- C:\Users\SACHIN\Documents\02. Flo Rida - Ack Like You Know.mp3
    [2010-06-27 17:36:57 | 000,264,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010-06-27 10:51:41 | 000,005,632 | ---- | M] () -- C:\Users\SACHIN\Documents\MO_Audio_Test.grf
    [2010-06-27 09:48:21 | 000,067,192 | ---- | M] () -- C:\Users\SACHIN\AppData\Local\GDIPFONTCACHEV1.DAT
    [2010-06-27 00:39:13 | 000,001,044 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire Ultra Accelerator.lnk
    [2010-06-27 00:39:13 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\LimeWire Ultra Accelerator.lnk
    [2010-06-26 23:32:03 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
    [2010-06-26 23:32:03 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
    [2010-06-26 23:08:27 | 000,000,028 | ---- | M] () -- C:\Windows\ZC DVD Creator Platinum.INI
    [2010-06-26 23:08:11 | 000,000,902 | ---- | M] () -- C:\Users\SACHIN\Desktop\ZC DVD Creator Platinum.lnk
    [2010-06-26 18:30:34 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
    [2010-06-26 18:30:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    [2010-06-26 16:46:43 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
    [2010-06-26 16:46:18 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\NTI CD & DVD-Maker 7.lnk
    [2010-06-26 16:46:10 | 000,001,024 | RH-- | M] () -- C:\Windows\System32\NTICDMK7.dll
    [2010-06-26 16:45:43 | 000,001,024 | RH-- | M] () -- C:\Windows\System32\NTIMPEG2.dll
    [2010-06-26 16:45:43 | 000,001,024 | RH-- | M] () -- C:\Windows\System32\NTIMP3.dll
    [2010-06-26 16:45:43 | 000,001,024 | RH-- | M] () -- C:\Windows\System32\NTIFCD3.dll
    [2010-06-26 16:45:23 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\System32\drivers\NTIDrvr.sys
    [2010-06-26 16:19:16 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\DriverEasy.lnk
    [2010-06-26 15:56:32 | 000,000,919 | ---- | M] () -- C:\Users\SACHIN\Desktop\DriverMax.lnk
    [2010-06-25 13:18:55 | 000,000,804 | ---- | M] () -- C:\Users\SACHIN\Desktop\CCleaner.lnk
    [2010-06-25 00:34:48 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
    [2010-06-25 00:27:06 | 006,301,976 | ---- | M] () -- C:\Users\SACHIN\Desktop\bmc Admission form.rtf
    [2010-06-25 00:25:18 | 006,301,976 | ---- | M] () -- C:\Users\SACHIN\Documents\BMC College Fee Receipt.rtf
    [2010-06-25 00:13:29 | 006,301,976 | ---- | M] () -- C:\Users\SACHIN\Documents\BMC College Admission No..rtf
    [2010-06-24 15:27:34 | 000,000,999 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\1-Click YouTube Downloader.lnk
    [2010-06-24 15:27:34 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\1-Click YouTube Downloader.lnk
    [2010-06-24 15:24:27 | 000,000,919 | ---- | M] () -- C:\Users\SACHIN\Desktop\YouTube Downloader.lnk
    [2010-06-24 15:18:27 | 000,000,872 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk
    [2010-06-24 15:18:26 | 000,000,848 | ---- | M] () -- C:\Users\SACHIN\Desktop\Orbit.lnk
    [2010-06-24 14:49:21 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
    [2010-06-24 01:14:24 | 000,001,710 | ---- | M] () -- C:\Users\SACHIN\Desktop\LimeWire PRO 4.18.8.lnk
    [2010-06-23 10:28:25 | 000,001,038 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
    [2010-06-23 10:28:25 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
    [2010-06-22 13:43:47 | 000,000,916 | ---- | M] () -- C:\Users\SACHIN\Desktop\Driver Genius Professional Edition.lnk
    [2010-06-22 12:46:18 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
    [2010-06-22 12:46:18 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\RegCure.job
    [2010-06-22 12:38:45 | 000,001,786 | ---- | M] () -- C:\Users\SACHIN\Desktop\Clean disk with 1 click.lnk
    [2010-06-22 12:38:45 | 000,000,926 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Disk Cleaner.lnk
    [2010-06-22 12:11:46 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\RegCure.lnk
    [2010-06-22 11:58:33 | 000,001,004 | ---- | M] () -- C:\Users\Public\Desktop\ParetoLogic DriverCure.lnk
    [2010-06-22 11:55:36 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\BitComet.lnk
    [2010-06-22 11:49:11 | 000,001,955 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010-06-22 11:44:39 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2010-06-22 11:17:02 | 000,001,710 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\CometBird.lnk
    [2010-06-22 11:17:02 | 000,001,686 | ---- | M] () -- C:\Users\Public\Desktop\CometBird.lnk
    [2010-06-22 09:08:16 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2010-06-22 08:20:13 | 000,136,009 | ---- | M] () -- C:\Windows\System32\license.rtf
    [2010-06-21 22:54:10 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2010-06-21 20:48:12 | 000,000,938 | ---- | M] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010-06-21 20:26:30 | 000,524,288 | -HS- | M] () -- C:\Users\SACHIN\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
    [2010-06-21 20:18:48 | 000,001,973 | ---- | M] () -- C:\Users\SACHIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk
    [2010-06-21 20:14:18 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    [2010-06-21 20:12:45 | 000,000,680 | ---- | M] () -- C:\Users\SACHIN\AppData\Local\d3d9caps.dat
    [2010-06-21 20:11:58 | 000,000,020 | -HS- | M] () -- C:\Users\SACHIN\ntuser.ini
    [2010-06-08 21:40:50 | 000,790,528 | ---- | M] () -- C:\Windows\System32\xvidcore.dll
    [2010-06-08 21:40:50 | 000,134,144 | ---- | M] () -- C:\Windows\System32\xvidvfw.dll
    [2010-06-02 13:30:00 | 000,108,032 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
    [2010-06-02 13:30:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
    [2010-05-31 11:43:16 | 000,252,008 | ---- | M] (Realtek ) -- C:\Windows\System32\drivers\Rtlh86.sys
    [2010-05-05 14:19:56 | 000,050,688 | ---- | M] () -- C:\Windows\System32\ff_acm.acm
    [2010-05-04 08:28:45 | 000,057,667 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
    [2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010-04-27 20:51:40 | 001,738,072 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
    [2010-04-27 20:51:32 | 000,253,272 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
    [2010-04-27 20:51:24 | 000,253,784 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
    [2010-04-27 20:51:04 | 001,312,088 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
    [2010-04-27 13:50:10 | 000,299,424 | ---- | M] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
    [2010-04-26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
    [2010-04-14 17:55:20 | 000,232,792 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
    [2010-04-08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\SACHIN\Documents\*.tmp files -> C:\Users\SACHIN\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010-07-03 14:41:42 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2010-07-03 10:48:39 | 000,524,288 | -HS- | C] () -- C:\Users\SACHIN\NTUSER.DAT{86f727d0-865e-11df-acae-001a80cdd7e6}.TMContainer00000000000000000002.regtrans-ms
    [2010-07-03 10:48:39 | 000,524,288 | -HS- | C] () -- C:\Users\SACHIN\NTUSER.DAT{86f727d0-865e-11df-acae-001a80cdd7e6}.TMContainer00000000000000000001.regtrans-ms
    [2010-07-03 10:48:39 | 000,065,536 | -HS- | C] () -- C:\Users\SACHIN\NTUSER.DAT{86f727d0-865e-11df-acae-001a80cdd7e6}.TM.blf
    [2010-07-02 10:37:07 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
    [2010-07-02 10:37:06 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010-07-02 10:37:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010-07-02 10:37:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010-07-02 10:37:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010-07-02 10:34:31 | 003,725,496 | R--- | C] () -- C:\Users\SACHIN\Desktop\ComboFix.exe
    [2010-07-01 23:27:56 | 000,000,657 | ---- | C] () -- C:\Users\SACHIN\Desktop\NFSC.lnk
    [2010-07-01 20:56:10 | 000,000,776 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2010-07-01 20:56:10 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2010-07-01 16:30:57 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
    [2010-07-01 16:30:57 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
    [2010-07-01 16:30:57 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
    [2010-07-01 16:30:57 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
    [2010-07-01 16:30:57 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
    [2010-07-01 16:30:28 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
    [2010-07-01 16:30:24 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
    [2010-07-01 16:30:24 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
    [2010-07-01 16:30:20 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
    [2010-07-01 16:30:17 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
    [2010-07-01 16:24:40 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
    [2010-07-01 16:06:24 | 000,001,031 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2010-07-01 16:06:24 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2010-07-01 13:43:01 | 000,001,152 | ---- | C] () -- C:\Windows\System32\windrv.sys
    [2010-07-01 13:30:37 | 000,000,906 | ---- | C] () -- C:\Users\SACHIN\Desktop\CleanMyPC - Registry Cleaner.lnk
    [2010-06-30 13:58:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010-06-30 13:34:14 | 000,052,400 | ---- | C] () -- C:\Windows\System32\drivers\ativvpxx.vp
    [2010-06-30 13:34:09 | 000,013,848 | ---- | C] () -- C:\Windows\atiogl.xml
    [2010-06-30 13:34:04 | 000,172,033 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2010-06-30 13:34:03 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
    [2010-06-30 13:12:30 | 000,001,874 | ---- | C] () -- C:\Users\SACHIN\Desktop\HijackThis.lnk
    [2010-06-30 11:55:22 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010-06-30 10:44:27 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
    [2010-06-30 10:44:21 | 000,000,797 | ---- | C] () -- C:\Users\SACHIN\Desktop\Glary Utilities.lnk
    [2010-06-30 09:47:38 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\AVG Anti-Rootkit Free.lnk
    [2010-06-29 15:20:26 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
    [2010-06-29 12:20:25 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2010-06-29 10:27:07 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2010-06-29 10:27:06 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2010-06-29 10:27:03 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
    [2010-06-29 10:27:02 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2010-06-29 10:27:02 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2010-06-29 10:27:02 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2010-06-29 00:40:07 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink Media Suite.lnk
    [2010-06-28 18:41:09 | 000,000,748 | ---- | C] () -- C:\Users\SACHIN\Desktop\Ares.lnk
    [2010-06-28 18:34:00 | 000,000,704 | ---- | C] () -- C:\Users\Public\Desktop\Ares.lnk
    [2010-06-28 18:15:59 | 000,001,912 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft DVD Creator 6.lnk
    [2010-06-28 18:15:59 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\Xilisoft DVD Creator 6.lnk
    [2010-06-28 12:50:05 | 000,001,044 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Bitcomet Ultra Accelerator.lnk
    [2010-06-28 12:50:05 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\Bitcomet Ultra Accelerator.lnk
    [2010-06-28 10:18:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    [2010-06-28 09:58:38 | 007,141,504 | ---- | C] () -- C:\Users\SACHIN\Documents\02. Flo Rida - Ack Like You Know.mp3
    [2010-06-27 10:51:41 | 000,005,632 | ---- | C] () -- C:\Users\SACHIN\Documents\MO_Audio_Test.grf
    [2010-06-27 00:39:13 | 000,001,044 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire Ultra Accelerator.lnk
    [2010-06-27 00:39:13 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\LimeWire Ultra Accelerator.lnk
    [2010-06-26 23:32:03 | 000,001,735 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
    [2010-06-26 23:08:27 | 000,000,028 | ---- | C] () -- C:\Windows\ZC DVD Creator Platinum.INI
    [2010-06-26 23:08:11 | 000,000,902 | ---- | C] () -- C:\Users\SACHIN\Desktop\ZC DVD Creator Platinum.lnk
    [2010-06-26 22:25:04 | 000,007,420 | ---- | C] () -- C:\Windows\UA000104.DLL
    [2010-06-26 18:30:34 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
    [2010-06-26 18:30:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    [2010-06-26 18:29:39 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
    [2010-06-26 16:46:56 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys
    [2010-06-26 16:46:18 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\NTI CD & DVD-Maker 7.lnk
    [2010-06-26 16:46:10 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTICDMK7.dll
    [2010-06-26 16:45:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIMPEG2.dll
    [2010-06-26 16:45:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIMP3.dll
    [2010-06-26 16:45:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIFCD3.dll
    [2010-06-26 16:19:16 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\DriverEasy.lnk
    [2010-06-26 13:11:11 | 000,000,919 | ---- | C] () -- C:\Users\SACHIN\Desktop\DriverMax.lnk
    [2010-06-26 00:56:46 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010-06-25 13:18:55 | 000,000,804 | ---- | C] () -- C:\Users\SACHIN\Desktop\CCleaner.lnk
    [2010-06-25 00:26:45 | 006,301,976 | ---- | C] () -- C:\Users\SACHIN\Desktop\bmc Admission form.rtf
    [2010-06-25 00:25:18 | 006,301,976 | ---- | C] () -- C:\Users\SACHIN\Documents\BMC College Fee Receipt.rtf
    [2010-06-25 00:13:29 | 006,301,976 | ---- | C] () -- C:\Users\SACHIN\Documents\BMC College Admission No..rtf
    [2010-06-24 15:27:34 | 000,000,999 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\1-Click YouTube Downloader.lnk
    [2010-06-24 15:27:34 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\1-Click YouTube Downloader.lnk
    [2010-06-24 15:24:27 | 000,000,919 | ---- | C] () -- C:\Users\SACHIN\Desktop\YouTube Downloader.lnk
    [2010-06-24 15:18:27 | 000,000,872 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk
    [2010-06-24 15:18:26 | 000,000,848 | ---- | C] () -- C:\Users\SACHIN\Desktop\Orbit.lnk
    [2010-06-24 01:14:24 | 000,001,710 | ---- | C] () -- C:\Users\SACHIN\Desktop\LimeWire PRO 4.18.8.lnk
    [2010-06-23 23:55:27 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
    [2010-06-23 10:30:39 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\AWC AutoSweep.job
    [2010-06-23 10:28:28 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
    [2010-06-23 10:28:25 | 000,001,038 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
    [2010-06-23 10:28:25 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
    [2010-06-22 13:43:47 | 000,000,916 | ---- | C] () -- C:\Users\SACHIN\Desktop\Driver Genius Professional Edition.lnk
    [2010-06-22 12:38:45 | 000,001,786 | ---- | C] () -- C:\Users\SACHIN\Desktop\Clean disk with 1 click.lnk
    [2010-06-22 12:38:45 | 000,000,926 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Disk Cleaner.lnk
    [2010-06-22 12:28:02 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2010-06-22 12:11:48 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\RegCure Program Check.job
    [2010-06-22 12:11:47 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\RegCure.job
    [2010-06-22 12:11:46 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\RegCure.lnk
    [2010-06-22 11:58:40 | 000,000,444 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
    [2010-06-22 11:58:34 | 000,000,418 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
    [2010-06-22 11:55:36 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\BitComet.lnk
    [2010-06-22 11:49:11 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2010-06-22 11:49:11 | 000,001,955 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010-06-22 11:45:37 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
    [2010-06-22 11:45:33 | 000,001,004 | ---- | C] () -- C:\Users\Public\Desktop\ParetoLogic DriverCure.lnk
    [2010-06-22 11:45:33 | 000,000,398 | ---- | C] () -- C:\Windows\tasks\DriverCure Startup.job
    [2010-06-22 11:45:32 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
    [2010-06-22 11:45:29 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\DriverCure.job
    [2010-06-22 11:44:51 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010-06-22 11:44:48 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010-06-22 11:44:39 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2010-06-22 11:17:02 | 000,001,710 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\CometBird.lnk
    [2010-06-22 11:17:02 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\CometBird.lnk
    [2010-06-22 09:59:08 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
    [2010-06-21 22:54:10 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2010-06-21 20:48:12 | 000,000,938 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010-06-21 20:48:09 | 000,037,888 | ---- | C] () -- C:\Users\SACHIN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010-06-21 20:20:00 | 000,000,943 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010-06-21 20:18:48 | 000,001,973 | ---- | C] () -- C:\Users\SACHIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk
    [2010-06-21 20:16:48 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
    [2010-06-21 20:16:48 | 000,328,162 | ---- | C] () -- C:\Windows\System32\drivers\ativcaxx.cpa
    [2010-06-21 20:16:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2010-06-21 20:16:48 | 000,002,096 | ---- | C] () -- C:\Windows\System32\drivers\ativpkxx.vp
    [2010-06-21 20:16:48 | 000,002,096 | ---- | C] () -- C:\Windows\System32\drivers\ativokxx.vp
    [2010-06-21 20:16:48 | 000,002,096 | ---- | C] () -- C:\Windows\System32\drivers\ativdkxx.vp
    [2010-06-21 20:16:48 | 000,000,929 | ---- | C] () -- C:\Windows\System32\drivers\ativcaxx.vp
    [2010-06-21 20:14:18 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    [2010-06-21 20:12:00 | 000,000,680 | ---- | C] () -- C:\Users\SACHIN\AppData\Local\d3d9caps.dat
    [2010-06-21 20:11:58 | 000,000,020 | -HS- | C] () -- C:\Users\SACHIN\ntuser.ini
    [2010-06-21 20:11:57 | 000,524,288 | -HS- | C] () -- C:\Users\SACHIN\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
    [2010-06-21 20:11:57 | 000,524,288 | -HS- | C] () -- C:\Users\SACHIN\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
    [2010-06-21 20:11:57 | 000,065,536 | -HS- | C] () -- C:\Users\SACHIN\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
    [2010-06-21 20:11:56 | 002,883,584 | ---- | C] () -- C:\Users\SACHIN\NTUSER.DAT
    [2010-06-21 20:11:56 | 000,262,144 | -H-- | C] () -- C:\Users\SACHIN\ntuser.dat.LOG1
    [2010-06-21 20:11:56 | 000,000,258 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2010-06-21 20:11:56 | 000,000,240 | ---- | C] () -- C:\Users\SACHIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2010-06-21 20:11:56 | 000,000,000 | -H-- | C] () -- C:\Users\SACHIN\ntuser.dat.LOG2
    [2010-06-19 06:34:19 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
    [2010-05-05 14:19:56 | 000,050,688 | ---- | C] () -- C:\Windows\System32\ff_acm.acm
    [2009-04-11 18:48:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2008-09-12 15:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
    [2006-11-02 18:05:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006-11-02 13:10:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2001-12-26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
    [2001-09-03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
    [2001-07-30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
    [2001-07-23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

    ========== LOP Check ==========

    [2010-07-03 14:43:42 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\BitComet
    [2010-07-01 13:30:40 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\CleanMyPC Software
    [2010-06-22 11:17:13 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\CometNetwork
    [2010-06-22 21:55:27 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\DAEMON Tools
    [2010-06-26 23:40:12 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\DAEMON Tools Lite
    [2010-06-22 11:45:56 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\DriverCure
    [2010-06-26 16:19:29 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\Easeware
    [2010-06-30 10:47:17 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\GlarySoft
    [2010-06-24 15:18:27 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\GrabPro
    [2010-06-23 14:31:52 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\IObit
    [2010-06-30 01:34:38 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\LimeWire
    [2010-06-24 15:18:18 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\OpenCandy
    [2010-07-03 14:43:30 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\Orbit
    [2010-06-29 13:06:58 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\Publish Providers
    [2010-06-29 21:04:24 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\Sony
    [2010-06-24 11:41:30 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\TigerPlayer
    [2010-06-23 23:28:21 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\TuneUp Software
    [2010-06-26 22:36:57 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\Ulead Systems
    [2010-06-25 13:14:41 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\Uniblue
    [2010-07-01 21:01:21 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\uTorrent
    [2010-06-28 18:16:37 | 000,000,000 | ---D | M] -- C:\Users\SACHIN\AppData\Roaming\Xilisoft
    [2010-07-04 20:04:09 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    [2010-07-05 11:47:54 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\AWC AutoSweep.job
    [2010-07-05 11:48:00 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
    [2010-07-05 11:47:52 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\DriverCure Startup.job
    [2010-06-30 00:57:04 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\DriverCure.job
    [2010-07-05 11:47:48 | 000,000,314 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
    [2010-07-03 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
    [2010-07-03 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
    [2010-06-25 00:34:48 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
    [2010-06-22 12:46:18 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
    [2010-07-03 17:00:01 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job
    [2010-06-22 12:46:18 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\RegCure.job
    [2010-07-05 11:42:52 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010-07-05 11:47:11 | 000,005,683 | ---- | M] () -- C:\aaw7boot.log
    [2010-06-26 16:46:43 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
    [2009-04-11 18:48:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2010-06-22 09:08:16 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2010-07-03 15:08:04 | 000,028,011 | ---- | M] () -- C:\ComboFix.txt
    [2006-09-19 03:13:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2005-01-03 19:07:18 | 000,000,017 | -H-- | M] () -- C:\initrd.pam
    [2008-09-27 01:46:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2007-03-28 03:03:48 | 000,000,067 | -H-- | M] () -- C:\kernel.pam
    [2010-07-02 11:14:06 | 000,047,330 | ---- | M] () -- C:\log.txt
    [2008-09-27 01:46:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2009-07-06 14:42:12 | 000,069,632 | ---- | M] ( ) -- C:\nporbit.dll
    [2009-09-17 12:29:33 | 000,005,120 | -H-- | M] () -- C:\ntuser.dat.LOG1
    [2009-09-17 12:29:33 | 000,000,000 | -H-- | M] () -- C:\ntuser.dat.LOG2
    [2009-09-17 12:29:34 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{74b5f3e1-a347-11de-ab3a-dd5aff4aa4a4}.TM.blf
    [2009-09-17 12:29:34 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{74b5f3e1-a347-11de-ab3a-dd5aff4aa4a4}.TMContainer00000000000000000001.regtrans-ms
    [2009-09-17 12:29:34 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{74b5f3e1-a347-11de-ab3a-dd5aff4aa4a4}.TMContainer00000000000000000002.regtrans-ms
    [2010-07-05 11:47:11 | 2459,631,616 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2006-11-02 18:05:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2008-06-03 03:35:30 | 000,413,696 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
    [2009-04-11 18:48:38 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
    [2009-04-11 18:48:36 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
    [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

    < %systemroot%\system32\*.exe /lockedfiles >
    [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2009-04-11 19:38:12 | 023,552,000 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2009-04-11 19:37:55 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2009-04-11 19:38:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006-11-02 16:04:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006-11-02 16:04:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %systemroot%\system32\user32.dll /md5 >
    [2009-04-11 18:48:28 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
    [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008-01-21 07:54:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
    [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.com >
    [2006-11-02 18:07:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006-11-02 18:07:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006-11-02 18:07:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009-04-11 18:49:50 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.ini >
    [2006-09-19 03:07:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %PROGRAMFILES%\*. >
    [2010-06-24 15:28:21 | 000,000,000 | ---D | M] -- C:\Program Files\1-Click YouTube Downloader
    [2010-06-26 00:55:59 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
    [2010-06-22 11:43:18 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
    [2010-06-26 23:57:28 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
    [2010-06-28 18:41:10 | 000,000,000 | ---D | M] -- C:\Program Files\Ares
    [2010-06-21 20:17:26 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
    [2010-06-21 20:19:21 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
    [2010-06-27 09:44:44 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
    [2010-06-22 11:55:36 | 000,000,000 | ---D | M] -- C:\Program Files\BitComet
    [2010-06-28 12:59:08 | 000,000,000 | ---D | M] -- C:\Program Files\Bitcomet Ultra Accelerator
    [2010-06-25 13:18:55 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
    [2010-07-01 13:30:36 | 000,000,000 | ---D | M] -- C:\Program Files\CleanMyPC
    [2010-07-02 11:13:36 | 000,000,000 | ---D | M] -- C:\Program Files\CometBird
    [2010-07-03 14:54:16 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
    [2010-06-26 22:21:02 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
    [2010-06-29 00:43:11 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
    [2010-06-26 23:32:04 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
    [2010-06-26 17:43:01 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
    [2010-06-22 13:43:45 | 000,000,000 | ---D | M] -- C:\Program Files\Driver-Soft
    [2010-06-26 16:19:12 | 000,000,000 | ---D | M] -- C:\Program Files\Easeware
    [2010-06-30 10:44:21 | 000,000,000 | ---D | M] -- C:\Program Files\Glary Utilities
    [2010-06-22 11:49:01 | 000,000,000 | ---D | M] -- C:\Program Files\Google
    [2010-06-30 09:47:36 | 000,000,000 | ---D | M] -- C:\Program Files\GRISOFT
    [2010-06-26 13:11:08 | 000,000,000 | ---D | M] -- C:\Program Files\Innovative Solutions
    [2010-06-29 00:40:27 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
    [2010-06-22 12:34:42 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
    [2010-06-29 15:54:27 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
    [2010-06-27 00:14:58 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
    [2010-06-24 01:22:50 | 000,000,000 | ---D | M] -- C:\Program Files\Java
    [2010-06-29 10:27:31 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
    [2010-07-01 16:06:32 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
    [2010-06-25 17:51:19 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
    [2010-06-27 00:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire Ultra Accelerator
    [2010-06-30 12:38:31 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2006-11-02 18:07:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
    [2010-06-29 15:22:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
    [2010-06-25 19:11:08 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
    [2010-06-29 00:47:00 | 000,000,000 | ---D | M] -- C:\Program Files\MpcStar
    [2006-11-02 18:07:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
    [2010-07-01 23:27:55 | 000,000,000 | ---D | M] -- C:\Program Files\Need for Speed Carbon
    [2010-06-26 16:46:21 | 000,000,000 | ---D | M] -- C:\Program Files\NewTech Infosystems
    [2010-06-24 15:18:31 | 000,000,000 | ---D | M] -- C:\Program Files\Orbitdownloader
    [2010-06-22 11:45:28 | 000,000,000 | ---D | M] -- C:\Program Files\ParetoLogic
    [2010-06-29 12:20:25 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
    [2006-11-02 18:07:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
    [2010-06-22 12:16:34 | 000,000,000 | ---D | M] -- C:\Program Files\RegCure
    [2010-06-29 12:55:40 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
    [2010-06-30 10:20:36 | 000,000,000 | ---D | M] -- C:\Program Files\Sophos
    [2010-07-01 16:33:02 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
    [2010-06-22 12:25:43 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
    [2010-06-26 20:58:20 | 000,000,000 | -H-D | M] -- C:\Program Files\Temp
    [2010-06-26 17:44:36 | 000,000,000 | ---D | M] -- C:\Program Files\ThinkPad
    [2010-06-30 13:12:30 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
    [2006-11-02 18:31:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
    [2010-07-01 20:56:10 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
    [2010-06-21 22:54:02 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
    [2009-04-11 18:53:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
    [2009-04-11 18:53:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
    [2009-04-11 18:53:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
    [2009-04-11 18:53:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
    [2010-06-25 19:11:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
    [2010-06-26 22:24:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
    [2010-06-25 19:10:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
    [2006-11-02 18:07:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
    [2009-04-11 18:53:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
    [2010-06-28 10:19:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
    [2009-04-11 18:53:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
    [2010-06-22 12:43:27 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
    [2010-06-22 12:43:39 | 000,000,000 | ---D | M] -- C:\Program Files\Wise Disk Cleaner
    [2010-06-28 18:14:55 | 000,000,000 | ---D | M] -- C:\Program Files\Xilisoft
    [2010-06-24 15:29:45 | 000,000,000 | ---D | M] -- C:\Program Files\YouTube Downloader
    [2010-06-26 23:22:33 | 000,000,000 | ---D | M] -- C:\Program Files\ZC DVD Creator Platinum

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >


    < MD5 for: EVENTLOG.DLL >
    [2008-06-06 14:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

    < MD5 for: EVENTLOG.ETL >
    [2010-07-05 12:27:24 | 000,196,608 | ---- | M] () MD5=F8AE0270E806C54EB78A311CDBE10401 -- C:\Windows\System32\NDF\eventlog.etl

    < MD5 for: WSCNTFY.DLL >
    [2009-04-11 18:48:07 | 000,223,744 | ---- | M] (Microsoft Corporation) MD5=0B5AC46982E77CAF3EC1D55C9AC6AB56 -- C:\Windows\System32\wscntfy.dll
    [2009-04-11 18:48:07 | 000,223,744 | ---- | M] (Microsoft Corporation) MD5=0B5AC46982E77CAF3EC1D55C9AC6AB56 -- C:\Windows\winsxs\x86_microsoft-windows-s..tycenter-notifyicon_31bf3856ad364e35_6.0.6002.18005_none_0015b648d92092e2\wscntfy.dll

    < MD5 for: WSCNTFY.DLL.MUI >
    [2006-11-02 18:11:32 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=DC3682BEB013B14470318C5C920E6589 -- C:\Windows\System32\en-US\wscntfy.dll.mui
    [2006-11-02 18:11:32 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=DC3682BEB013B14470318C5C920E6589 -- C:\Windows\winsxs\x86_microsoft-windows-s..otifyicon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_9fecff8addf581a9\wscntfy.dll.mui

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:ECF54A0E
    @Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A8ADE5D8
    < End of report >
     
  9. leo92

    leo92 Thread Starter

    Joined:
    Jun 30, 2010
    Messages:
    17
    Here is my Extras.txt:

    OTL Extras logfile created on: 05-07-2010 12:20:30 - Run 1
    OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\SACHIN\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18928)
    Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.94 Gb Total Space | 127.61 Gb Free Space | 57.24% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: SACHIN-PC
    Current User Name: SACHIN
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = CometBirdHTML] -- C:\Program Files\CometBird\CometBird.exe (CometNetwork)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{2A2437F1-A02D-4ACD-A6CE-AAD10AB75159}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
    "{B2BD64A1-2664-466D-8805-E09FBDA0D691}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
    "TCP Query User{FF6B841F-1F47-4886-815D-9386A40234C3}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
    "UDP Query User{CC1734B0-DFD4-45C7-84A8-C43EAD4573F9}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00E3E16A-EF37-6F18-2501-821AAB6903AB}" = ccc-core-static
    "{0299E902-A8ED-7748-4A47-8080C42436F2}" = Catalyst Control Center Core Implementation
    "{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
    "{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
    "{0C8EBB00-4909-459C-8347-B2068B7F0319}" = CyberLink DVD Menu Template Pack
    "{165E861A-D87F-5BED-190E-8EBC4ECCE65E}" = Catalyst Control Center Graphics Light
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.6
    "{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{28B52CF6-FC4D-38E7-2438-62EB527780FD}" = Catalyst Control Center Graphics Full Existing
    "{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
    "{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
    "{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{568457D9-A55B-D9BC-13EC-14C84E69BD86}" = Catalyst Control Center Graphics Full New
    "{56A6F256-5323-4617-3AE8-45B28B559E37}" = CCC Help English
    "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
    "{6AF6D196-FE4B-4B4D-B6D0-54439FF6CC50}" = VAIO Camera Utility
    "{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
    "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista
    "{95B87E45-CC33-49B6-9B4C-6570941FA90C}" = NTI CD & DVD-Maker
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
    "{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
    "{B54B8CD3-E12B-4C29-AF5A-2101E2FF5F53}" = TIPCI
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
    "{B982D59B-B732-C911-51F3-CC962F906573}" = ccc-utility
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{C9FF844C-02F5-4221-8AD4-0BD823533C6E}_is1" = Ares 3.1.5.3038
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
    "{DA3C6D93-6EB8-BF5C-2C14-2B1A08284DBD}" = Catalyst Control Center Graphics Previews Vista
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{DEFB9CA4-6242-B988-E263-CD102219F54F}" = Skins
    "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
    "{E8EF1266-1D1F-C2FB-1E98-2FB9E71B3C7C}" = Catalyst Control Center Graphics Previews Common
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1FD0F66-34CF-4555-8B13-BCFC96F3864C}" = Branding
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "1-Click YouTube Downloader_is1" = 1-Click YouTube Downloader 4.0
    "A5C76F143DE85710B0FDBABC39480EC492EE05CF" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
    "Ad-Aware" = Ad-Aware
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Advanced SystemCare 3_is1" = Advanced SystemCare 3
    "Ares" = Ares 2.1.5
    "avast5" = avast! Free Antivirus
    "AVGantiRootkit" = AVG Anti-Rootkit Free
    "BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    "BitComet" = BitComet 1.22
    "Bitcomet Ultra Accelerator" = Bitcomet Ultra Accelerator
    "Browser Defender_is1" = Browser Defender 2.0.6.15
    "CCleaner" = CCleaner
    "CleanMyPC - Registry Cleaner_is1" = CleanMyPC - Registry Cleaner
    "CometBird (3.6.3)" = CometBird (3.6.3)
    "DMX5_is1" = DriverMax 5
    "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
    "DriverEasy_is1" = DriverEasy 2.3.0
    "Glary Utilities_is1" = Glary Utilities Pro 2.26.0.956
    "Google Chrome" = Google Chrome
    "HijackThis" = HijackThis 2.0.2
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
    "InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "InstallShield_{95B87E45-CC33-49B6-9B4C-6570941FA90C}" = NTI CD & DVD-Maker 7 Platinum
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
    "InstallShield_{B54B8CD3-E12B-4C29-AF5A-2101E2FF5F53}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
    "InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
    "IObit Security 360_is1" = IObit Security 360
    "KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Full)
    "LimeWire" = LimeWire PRO 4.18.8
    "LimeWire Ultra Accelerator" = LimeWire Ultra Accelerator
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Orbit_is1" = Orbit Downloader
    "RegCure" = RegCure
    "Smart Defrag_is1" = Smart Defrag
    "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
    "Spyware Doctor" = Spyware Doctor 7.0
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.0.5
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "WinRAR archiver" = WinRAR archiver
    "Wise Disk Cleaner_is1" = Wise Disk Cleaner Professional v5.12
    "Xilisoft DVD Creator 6" = Xilisoft DVD Creator 6
    "ZC DVD Creator Platinum_is1" = ZC DVD Creator Platinum 6.5.1

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 03-07-2010 09:19:06 | Computer Name = SACHIN-PC | Source = Google Update | ID = 20
    Description =

    Error - 03-07-2010 13:19:05 | Computer Name = SACHIN-PC | Source = Google Update | ID = 20
    Description =

    Error - 04-07-2010 02:19:06 | Computer Name = SACHIN-PC | Source = Google Update | ID = 20
    Description =

    Error - 04-07-2010 03:19:06 | Computer Name = SACHIN-PC | Source = Google Update | ID = 20
    Description =

    Error - 04-07-2010 03:53:58 | Computer Name = SACHIN-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 04-07-2010 03:54:04 | Computer Name = SACHIN-PC | Source = IS360service | ID = 0
    Description =

    Error - 05-07-2010 00:55:30 | Computer Name = SACHIN-PC | Source = Application Error | ID = 1000
    Description = Faulting application NFSC.exe, version 0.0.0.0, time stamp 0x4534574b,
    faulting module NFSC.exe, version 0.0.0.0, time stamp 0x4534574b, exception code
    0xc0000005, fault offset 0x003312d5, process id 0xf60, application start time 0x01cb1bf97d047cc5.

    Error - 05-07-2010 01:19:06 | Computer Name = SACHIN-PC | Source = Google Update | ID = 20
    Description =

    Error - 05-07-2010 02:12:48 | Computer Name = SACHIN-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 05-07-2010 02:19:05 | Computer Name = SACHIN-PC | Source = Google Update | ID = 20
    Description =

    [ System Events ]
    Error - 05-07-2010 01:50:46 | Computer Name = SACHIN-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 05-07-2010 01:52:27 | Computer Name = SACHIN-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 05-07-2010 01:52:27 | Computer Name = SACHIN-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 05-07-2010 02:16:58 | Computer Name = SACHIN-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 05-07-2010 02:17:11 | Computer Name = SACHIN-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 05-07-2010 02:17:55 | Computer Name = SACHIN-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 05-07-2010 02:17:55 | Computer Name = SACHIN-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 05-07-2010 02:21:37 | Computer Name = SACHIN-PC | Source = athrusb | ID = 5003
    Description = Atheros USB 2.0 Wireless Network Adapter : Could not find a network
    adapter.

    Error - 05-07-2010 02:22:51 | Computer Name = SACHIN-PC | Source = Dhcp | ID = 1001
    Description = Your computer was not assigned an address from the network (by the
    DHCP Server) for the Network Card with network address 00026F56FFF5. The following
    error occurred: %%1223. Your computer will continue to try and obtain an address
    on its own from the network address (DHCP) server.

    Error - 05-07-2010 02:42:01 | Computer Name = SACHIN-PC | Source = Dhcp | ID = 1001
    Description = Your computer was not assigned an address from the network (by the
    DHCP Server) for the Network Card with network address 00026F56FFF5. The following
    error occurred: %%121. Your computer will continue to try and obtain an address
    on its own from the network address (DHCP) server.


    < End of report >
     
  10. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      NetSvcs: kvxqiwfj - File not found
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [resethosts]
      [emptytemp]
      [EMPTYFLASH]
      [CREATERESTOREPOINT]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done



    you got your windows cd ?
     
  11. leo92

    leo92 Thread Starter

    Joined:
    Jun 30, 2010
    Messages:
    17
    Do u mean vista cd?

    Yes i've got a copy of vista but in my flash drive which contains vista service pack2 installer.(not from manufacturer).And by the way thanks a lot ,SIR for helping me remove this malware, now there are no detections by avast antivirus anymore. I got a log after reboot of otl.Do you want me to put that?
     
  12. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    no

    do this with your copy of vista


    Go Start>Run ("Start Search" in Vista), type in:
    sfc /scannow
    Click OK (hold CTRL, and SHIFT, hit Enter in Vista).
    Have Windows CD/DVD handy (with Vista, most likely, you won't need it).
    If System File Checker (sfc) will find any errors, it may ask you for the CD/DVD (rarely in Vista case).


    Open up your start menu and type cmd in the white box.
    Right click the cmd.exe entry that appears and Run as Administrator
    In the black box, type chkdsk /r
    Confirm by pressing Y then reboot the machine.
    NOTE: This could take a while as it is a thorough check.
     
  13. leo92

    leo92 Thread Starter

    Joined:
    Jun 30, 2010
    Messages:
    17
    i did what you said chkdsk and sfc/scannow.:)
     
  14. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    download a new version of combofix, run that, post its log
     
  15. leo92

    leo92 Thread Starter

    Joined:
    Jun 30, 2010
    Messages:
    17
    Sorry for the late reply as you know my internet was down. here is the log:

    ComboFix 10-07-01.02 - SACHIN 11-07-2010 10:10:22.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.91.1033.18.2046.1049 [GMT 5.5:30]
    Running from: c:\users\SACHIN\Desktop\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .
    - REDUCED FUNCTIONALITY MODE -
    .

    ((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))
    .

    2010-07-06 09:32 . 2010-07-06 09:32 -------- d-----w- c:\program files\Conduit
    2010-07-06 09:32 . 2010-07-07 10:43 -------- d-----w- c:\program files\Gossiper
    2010-07-06 09:31 . 2010-07-06 09:59 -------- d-----w- c:\program files\uTorrent Ultra Accelerator
    2010-07-06 04:38 . 2010-07-06 04:38 -------- d-----w- C:\_OTL
    2010-07-03 09:42 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-07-03 09:42 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
    2010-07-03 09:42 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
    2010-07-03 09:18 . 2008-01-21 02:23 6144 ----a-w- c:\windows\system32\drivers\beep.sys
    2010-07-01 17:44 . 2010-07-01 17:57 -------- d-----w- c:\program files\Need for Speed Carbon
    2010-07-01 15:26 . 2010-07-01 15:26 -------- d-----w- c:\program files\uTorrent
    2010-07-01 15:25 . 2010-07-07 12:37 -------- d-----w- c:\users\SACHIN\AppData\Roaming\uTorrent
    2010-07-01 14:03 . 2010-05-17 17:23 6630912 ----a-w- c:\windows\system32\drivers\NETw5v32.sys
    2010-07-01 10:54 . 2010-07-01 10:47 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-07-01 10:47 . 2010-07-01 10:47 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-07-01 10:36 . 2010-07-01 10:36 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    2010-07-01 10:36 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
    2010-07-01 10:35 . 2010-07-01 10:39 -------- d-----w- c:\programdata\Lavasoft
    2010-07-01 10:35 . 2010-07-01 10:36 -------- d-----w- c:\program files\Lavasoft
    2010-07-01 08:13 . 2010-07-01 08:13 1152 ----a-w- c:\windows\system32\windrv.sys
    2010-07-01 08:00 . 2010-07-01 08:00 -------- d-----w- c:\users\SACHIN\AppData\Roaming\CleanMyPC Software
    2010-07-01 08:00 . 2010-07-01 08:00 -------- d-----w- c:\program files\CleanMyPC
    2010-06-30 08:28 . 2010-06-30 08:28 0 ----a-w- c:\windows\ativpsrm.bin
    2010-06-30 08:04 . 2008-06-02 22:04 262144 ----a-w- c:\windows\system32\Oemdspif.dll
    2010-06-30 08:04 . 2008-06-02 21:18 10043392 ----a-w- c:\windows\system32\atioglxx.dll
    2010-06-30 08:04 . 2008-06-03 00:52 3695104 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2010-06-30 08:04 . 2008-04-28 15:39 172033 ----a-w- c:\windows\system32\atiicdxx.dat
    2010-06-30 08:04 . 2008-03-05 19:08 90112 ----a-w- c:\windows\system32\atibrtmon.exe
    2010-06-30 08:04 . 2008-06-02 21:19 32256 ----a-w- c:\windows\system32\atiadlxx.dll
    2010-06-30 08:04 . 2008-06-02 21:04 49152 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2010-06-30 08:04 . 2008-06-02 21:20 49664 ----a-w- c:\windows\system32\amdpcom32.dll
    2010-06-30 07:42 . 2010-06-30 07:42 -------- d-----w- c:\program files\Trend Micro
    2010-06-30 07:15 . 2007-11-16 15:31 818688 ----a-w- c:\windows\system32\drivers\ti21sony.sys
    2010-06-30 06:25 . 2010-06-30 06:25 -------- d-----w- c:\users\SACHIN\AppData\Roaming\Malwarebytes
    2010-06-30 06:25 . 2010-04-29 10:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-06-30 06:25 . 2010-04-29 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-06-30 06:25 . 2010-06-30 06:25 -------- d-----w- c:\programdata\Malwarebytes
    2010-06-30 06:25 . 2010-06-30 07:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-06-30 05:17 . 2010-06-30 05:17 -------- d-----w- c:\users\SACHIN\AppData\Roaming\GlarySoft
    2010-06-30 05:14 . 2010-06-30 05:14 -------- d-----w- c:\program files\Glary Utilities
    2010-06-30 04:50 . 2010-06-30 04:50 -------- d-----w- c:\program files\Sophos
    2010-06-30 04:17 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
    2010-06-29 14:40 . 2010-06-29 14:40 -------- dc----w- c:\programdata\{9DF77379-A83D-46CF-968D-03CBC652096D}
    2010-06-29 09:56 . 2010-05-21 08:44 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-06-29 09:52 . 2010-06-29 09:52 -------- d-----w- c:\program files\Microsoft.NET
    2010-06-29 09:49 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
    2010-06-29 09:23 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
    2010-06-29 07:52 . 2010-06-29 07:53 477184 ----a-w- c:\users\SACHIN\AppData\Roaming\Xilisoft\DVD Creator 6\x-dvd-creator6.exe
    2010-06-29 07:36 . 2010-06-29 07:36 -------- d-----w- c:\users\SACHIN\AppData\Roaming\Publish Providers
    2010-06-29 07:32 . 2010-06-29 07:32 -------- d-----w- c:\users\SACHIN\AppData\Local\Sony
    2010-06-29 07:26 . 2010-06-29 07:26 -------- d-----w- c:\programdata\Sony
    2010-06-29 07:23 . 2010-06-29 15:34 -------- d-----w- c:\users\SACHIN\AppData\Roaming\Sony
    2010-06-29 06:50 . 2010-05-31 06:13 252008 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
    2010-06-29 06:50 . 2009-12-03 11:57 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
    2010-06-29 06:40 . 2010-06-29 06:42 2869784 ----a-w- c:\users\SACHIN\AppData\Roaming\Easeware\DriverEasy\drivers\1yjj4fol.do2\INF_allOS_9.1.2.1007_PV.exe
    2010-06-29 05:20 . 2010-07-07 03:58 -------- d-----w- c:\users\SACHIN\AppData\Roaming\Media Player Classic
    2010-06-29 04:57 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
    2010-06-29 04:57 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
    2010-06-29 04:57 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-06-29 04:57 . 2010-06-02 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-06-29 04:57 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
    2010-06-29 04:57 . 2010-06-29 04:57 -------- d-----w- c:\program files\K-Lite Codec Pack
    2010-06-28 19:34 . 2010-06-29 04:54 -------- d-----w- c:\programdata\VistaCodecs
    2010-06-28 19:01 . 2010-06-28 19:01 -------- d-----w- c:\programdata\Apple Computer
    2010-06-28 18:53 . 2010-06-28 18:53 36864 ----a-w- c:\programdata\Temp\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\PostBuild.exe
    2010-06-28 18:52 . 2009-11-02 08:47 34088 ----a-w- c:\programdata\CyberLink\Power2Go\P2GoGadget.dll
    2010-06-28 18:48 . 2010-06-28 18:48 53319 ----a-w- c:\programdata\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
    2010-06-28 13:04 . 2010-06-28 13:04 -------- d-----w- c:\users\SACHIN\AppData\Local\Ares
    2010-06-28 13:03 . 2010-06-28 13:11 -------- d-----w- c:\program files\Ares
    2010-06-28 12:46 . 2010-06-28 12:46 -------- d-----w- c:\users\SACHIN\AppData\Local\Xilisoft
    2010-06-28 12:46 . 2010-06-28 12:46 -------- d-----w- c:\users\SACHIN\AppData\Roaming\Xilisoft
    2010-06-28 12:44 . 2010-06-28 12:44 -------- d-----w- c:\program files\Xilisoft
    2010-06-28 07:32 . 2010-06-28 07:32 -------- d-----w- c:\users\SACHIN\AppData\Roaming\InstallShield
    2010-06-28 07:19 . 2010-06-28 07:29 -------- d-----w- c:\program files\Bitcomet Ultra Accelerator
    2010-06-28 04:49 . 2010-06-28 04:49 -------- d-----w- c:\program files\Windows Portable Devices
    2010-06-28 04:44 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
    2010-06-28 04:44 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
    2010-06-28 04:44 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
    2010-06-28 04:44 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
    2010-06-28 04:44 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
    2010-06-28 04:44 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
    2010-06-28 04:44 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
    2010-06-28 04:44 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
    2010-06-28 04:44 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
    2010-06-28 04:44 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
    2010-06-28 04:44 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
    2010-06-28 04:44 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
    2010-06-28 04:43 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2010-06-28 04:43 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2010-06-28 04:43 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
    2010-06-27 05:18 . 2010-06-27 05:18 -------- d-----w- c:\users\SACHIN\Cyberlink
    2010-06-27 03:59 . 2010-06-27 03:59 -------- d-----w- c:\users\SACHIN\AppData\Local\Power2Go
    2010-06-26 19:09 . 2010-06-26 19:09 -------- d-----w- c:\program files\LimeWire Ultra Accelerator
    2010-06-26 18:37 . 2010-06-28 04:34 -------- d-----w- c:\users\Public\CyberLink
    2010-06-26 18:36 . 2010-06-28 19:13 53319 ----a-w- c:\programdata\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
    2010-06-26 18:33 . 2010-06-28 19:09 53319 ----a-w- c:\programdata\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
    2010-06-26 18:32 . 2010-06-28 19:08 36864 ----a-w- c:\programdata\Temp\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe
    2010-06-26 18:31 . 2010-06-28 19:06 36864 ----a-w- c:\programdata\Temp\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
    2010-06-26 18:30 . 2010-06-26 18:30 -------- d-----w- c:\program files\Common Files\CyberLink
    2010-06-26 18:29 . 2010-06-28 19:03 53319 ----a-w- c:\programdata\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
    2010-06-26 18:27 . 2010-06-26 18:27 -------- d-----w- c:\users\SACHIN\AppData\Local\Apple
    2010-06-26 18:27 . 2010-06-26 18:27 -------- d-----w- c:\program files\Apple Software Update
    2010-06-26 18:27 . 2010-06-26 18:27 -------- d-----w- c:\programdata\Apple
    2010-06-26 18:22 . 2010-06-28 18:57 36864 ----a-w- c:\programdata\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
    2010-06-26 18:21 . 2010-06-28 18:53 36864 ----a-w- c:\programdata\Temp\{ADD5DB49-72CF-11D8-9D75-000129760D75}\PostBuild.exe
    2010-06-26 18:19 . 2010-06-28 18:51 36864 ----a-w- c:\programdata\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
    2010-06-26 18:19 . 2010-06-28 18:26 -------- d-----w- c:\users\SACHIN\AppData\Roaming\CyberLink
    2010-06-26 18:19 . 2010-06-28 19:13 -------- d-----w- c:\users\SACHIN\AppData\Local\Cyberlink
    2010-06-26 18:16 . 2010-06-28 18:49 36864 ----a-w- c:\programdata\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
    2010-06-26 18:16 . 2010-06-28 19:13 -------- d-----w- c:\program files\CyberLink
    2010-06-26 18:15 . 2010-06-28 19:36 -------- d-----w- c:\programdata\CyberLink
    2010-06-26 18:11 . 2010-06-28 18:46 53319 ----a-w- c:\programdata\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
    2010-06-26 18:02 . 2010-06-26 18:02 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-06-26 18:01 . 2010-06-26 18:02 -------- d-----w- c:\program files\DAEMON Tools Lite
    2010-06-26 18:01 . 2010-06-26 18:10 -------- d-----w- c:\users\SACHIN\AppData\Roaming\DAEMON Tools Lite
    2010-06-26 18:01 . 2010-06-26 18:01 -------- d-----w- c:\programdata\DAEMON Tools Lite
    2010-06-26 17:37 . 2010-06-26 17:52 -------- d-----w- c:\program files\ZC DVD Creator Platinum
    2010-06-26 17:02 . 2010-06-26 17:06 -------- d-----w- c:\users\SACHIN\AppData\Roaming\Ulead Systems
    2010-06-26 16:55 . 2002-03-16 20:30 7420 ----a-w- c:\windows\UA000104.DLL
    2010-06-26 16:54 . 2010-06-26 16:54 -------- d-----w- c:\program files\Windows Media Components
    2010-06-26 16:53 . 2010-06-26 16:53 -------- d-----w- c:\program files\Common Files\LightScribe
    2010-06-26 16:51 . 2010-06-26 17:02 -------- d-----w- c:\programdata\Ulead Systems
    2010-06-26 16:51 . 2010-06-26 16:51 -------- d-----w- c:\program files\Corel
    2010-06-26 15:28 . 2010-06-26 15:28 -------- d-----w- c:\windows\tiinst
    2010-06-26 15:28 . 2010-06-26 15:28 -------- d-----w- C:\Dell
    2010-06-26 14:04 . 2010-06-26 14:04 274472 ----a-w- c:\windows\system32\drivers\btwampfl.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-01 11:03 . 2010-07-01 11:00 -------- d-----w- c:\program files\Spyware Doctor
    2010-07-01 11:01 . 2010-07-01 11:00 -------- d-----w- c:\program files\Common Files\PC Tools
    2010-07-01 11:00 . 2010-07-01 11:00 -------- d-----w- c:\users\SACHIN\AppData\Roaming\PC Tools
    2010-07-01 11:00 . 2010-07-01 11:00 -------- d-----w- c:\programdata\PC Tools
    2010-06-28 19:03 . 2009-10-14 07:30 505128 ----a-w- c:\windows\system32\msvcp71.dll
    2010-06-28 19:03 . 2009-01-08 07:43 353576 ----a-w- c:\windows\system32\msvcr71.dll
    2010-06-28 04:49 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2010-06-28 04:48 . 2010-06-28 04:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2010-06-26 15:28 . 2010-06-26 15:21 -------- d--h--w- c:\program files\Temp
    2010-06-26 13:00 . 2010-06-26 13:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
    2010-06-26 13:00 . 2010-06-26 13:00 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    2010-06-25 13:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-06-21 14:44 . 2010-06-21 14:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\15600\AdobeARM.exe
    2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\15600\AdobeExtractFiles.dll
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\15600\ReaderUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\15600\AcrobatUpdater.exe
    2010-06-08 02:16 . 2010-07-01 11:00 763832 ----a-w- c:\windows\BDTSupport.dll
    2010-06-08 00:21 . 2010-07-01 11:00 1652664 ----a-w- c:\windows\PCTBDCore.dll
    2010-05-04 05:59 . 2010-06-29 09:50 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-04 05:55 . 2010-06-29 09:50 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-05-04 05:55 . 2010-06-29 09:50 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-05-04 04:31 . 2010-06-29 09:50 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-04-30 11:55 . 2010-06-26 15:21 1775136 ----a-w- c:\windows\system32\RtkPgExt.dll
    2010-04-30 11:54 . 2010-06-26 15:21 367136 ----a-w- c:\windows\system32\RtkApoApi.dll
    2010-04-30 11:29 . 2010-06-26 15:21 3086752 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
    2010-04-27 15:21 . 2010-06-26 15:21 1738072 ----a-w- c:\windows\system32\WavesGUILib.dll
    2010-04-27 15:21 . 2010-06-26 15:21 253272 ----a-w- c:\windows\system32\MaxxVolumeSDAPO.dll
    2010-04-27 15:21 . 2010-06-26 15:21 253784 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll
    2010-04-27 15:21 . 2010-06-26 15:21 1312088 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
    2010-04-27 08:20 . 2010-06-26 15:21 299424 ----a-w- c:\windows\system32\FMAPO.dll
    2010-04-16 16:43 . 2010-06-24 15:52 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
    2010-04-16 16:43 . 2010-06-24 15:52 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
    2010-04-16 16:43 . 2010-06-24 15:52 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
    2010-04-16 16:43 . 2010-06-24 15:52 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
    2010-04-14 12:25 . 2010-06-26 15:21 232792 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{0a452a47-c5a8-4854-a237-4b9b06b376f0}"= "c:\program files\Gossiper\tbGoss.dll" [2010-05-20 2675296]

    [HKEY_CLASSES_ROOT\clsid\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
    2010-05-20 10:05 2675296 ----a-w- c:\program files\Gossiper\tbGoss.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{0a452a47-c5a8-4854-a237-4b9b06b376f0}"= "c:\program files\Gossiper\tbGoss.dll" [2010-05-20 2675296]

    [HKEY_CLASSES_ROOT\clsid\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{0A452A47-C5A8-4854-A237-4B9B06B376F0}"= "c:\program files\Gossiper\tbGoss.dll" [2010-05-20 2675296]

    [HKEY_CLASSES_ROOT\clsid\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
    "Registry Cleaner Scheduler"="c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2008-03-02 913664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-05-28 415864]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-21 1594664]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-30 9210400]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2010-04-30 1833504]
    "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
    "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
    "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
    "BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2009-09-01 75048]

    c:\users\SACHIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-6-1 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bitcomet Ultra Accelerator.lnk]
    backup=c:\windows\pss\Bitcomet Ultra Accelerator.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
    backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
    2010-02-08 14:51 1015808 ----a-w- c:\program files\Ares\Ares.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
    2010-06-30 04:56 3205424 ----a-w- c:\program files\BitComet\BitComet.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):62,22,80,d4,a9,ba,c9,01

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-22 136176]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-01 1352832]
    R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-28 904192]
    R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-26 274472]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-12-02 29472]
    R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
    R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-04-15 722288]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-06-26 691696]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
    S1 aswSP;aswSP; [x]
    S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/06/29 00:35];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-09-01 11:29 87536]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
    S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
    S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
    S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-05-17 6630912]
    S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2008-03-25 73472]
    S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2008-03-25 43904]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-25 9344]
    S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-11-16 818688]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 10:43]

    2010-07-10 c:\windows\Tasks\AWC AutoSweep.job
    - c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-06-23 08:41]

    2010-07-11 c:\windows\Tasks\AWC Startup.job
    - c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-06-23 12:03]

    2010-07-10 c:\windows\Tasks\DriverCure Startup.job
    - c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-02-27 06:30]

    2010-07-06 c:\windows\Tasks\DriverCure.job
    - c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-02-27 06:30]

    2010-07-10 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2010-06-30 05:44]

    2010-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-22 06:14]

    2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-22 06:14]

    2010-07-07 c:\windows\Tasks\ParetoLogic Registration.job
    - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

    2010-07-07 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]

    2010-06-24 c:\windows\Tasks\ParetoLogic Update Version2.job
    - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

    2010-06-22 c:\windows\Tasks\ParetoLogic Update Version3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2010-04-06 21:30]

    2010-07-06 c:\windows\Tasks\RegCure Program Check.job
    - c:\program files\RegCure\RegCure.exe [2010-05-19 07:15]

    2010-06-22 c:\windows\Tasks\RegCure.job
    - c:\program files\RegCure\RegCure.exe [2010-05-19 07:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1547340
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-11 10:15
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(5860)
    c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
    c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    .
    Completion time: 2010-07-11 10:21:33
    ComboFix-quarantined-files.txt 2010-07-11 04:51
    ComboFix2.txt 2010-07-03 09:38
    ComboFix3.txt 2010-07-02 05:39

    Pre-Run: 118,815,772,672 bytes free
    Post-Run: 118,763,778,048 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=18 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18
    - - End Of File - - 61D5BB73EED6BCC218D74AEF7FBAEE32
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/932412