Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

pctlsp.log ï¡pctlsp.log appearing everywhere

Started by ratnam , May 07 2010 06:42 AM

Please log in to reply

#1
ratnam

Posted 07 May 2010 - 06:42 AM

New Member

Member
4 posts

Hello,
I could really use some help with my PC and hope that I can get some help here.
I had a virus infection a few weeks ago. I was using PCTools free antivirus but it couldn't fix the problem. So I uninstalled that and installed Rising Antivirus which found and removed the virus and the pc works normally normally now.
The problem is that when ever I use IE, heaps of pctlsp.log files are created in random folders and on the desktop.
There are usually a few characters in front of the file name too.(ñÐ,ñ¢,ôÆ)I delete them, but next time I use IE they all come back.
I searched this site for a solution but couldn't find one and then read though the instructions to make a post - hope I've done it right?

Malware log =
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4070

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/05/2010 8:46:34 AM
mbam-log-2010-05-06 (08-46-34).txt

Scan type: Quick scan
Objects scanned: 124222
Time elapsed: 5 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER =
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-07 18:48:38
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Rabindra\AppData\Local\Temp\fxldqpow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwAlpcSendWaitReceivePort [0x9105E8F7]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwAssignProcessToJobObject [0x9105E852]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateKey [0x9105E9FF]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateMutant [0x9105E8D6]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8B5219A6]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8B521B98]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateSection [0x9105EC72]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateSymbolicLinkObject [0x9105E9DE]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateThread [0x9105E663]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateThreadEx [0x9105E684]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8B521DA0]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwDebugActiveProcess [0x9105E7CE]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwDeleteKey [0x9105EA62]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwDeleteValueKey [0x9105EA41]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwDeviceIoControlFile [0x9105E873]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwDuplicateObject [0x9105E99C]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwLoadDriver [0x9105E621]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwLockVirtualMemory [0x9105E78C]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwOpenKey [0x9105EAE6]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwOpenKeyEx [0x9105EB07]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwOpenProcess [0x9105E939]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwOpenSection [0x9105E6A5]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwProtectVirtualMemory [0x9105E76B]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwQueryDirectoryFile [0x9105E8B5]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwQuerySystemInformationEx [0x9105E97B]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwQueryValueKey [0x9105E831]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwQueueApcThread [0x9105E74A]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwRenameKey [0x9105EA83]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwRequestWaitReplyPort [0x9105E810]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwRestoreKey [0x9105EAC5]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSetContextThread [0x9105E708]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSetInformationProcess [0x9105E95A]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSetSecurityObject [0x9105EAA4]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSetSystemInformation [0x9105E7AD]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSetSystemTime [0x9105E894]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSetValueKey [0x9105EA20]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSuspendProcess [0x9105E729]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSuspendThread [0x9105E6E7]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwSystemDebugControl [0x9105E7EF]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x8B521656]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwTerminateThread [0x9105E6C6]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwUnmapViewOfSection [0x9105E918]
SSDT \SystemRoot\system32\drivers\HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.) ZwWriteVirtualMemory [0x9105E642]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83234AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83234104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832343F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8321C634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8321C898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832341DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83234958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832346F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83234F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832351A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E4D5C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E72052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 2BC 82E798BC 4 Bytes CALL 5AE829C6
.text ntkrnlpa.exe!RtlSidHashLookup + 2CC 82E798CC 4 Bytes CALL 262829D6
.text ntkrnlpa.exe!RtlSidHashLookup + 339 82E79939 3 Bytes JMP 7E0A2A43
.text ntkrnlpa.exe!RtlSidHashLookup + 348 82E79948 4 Bytes CALL C36E2A52
.text ntkrnlpa.exe!RtlSidHashLookup + 35C 82E7995C 8 Bytes [A6, 19, 52, 8B, 98, 1B, 52, ...] {CMPSB ; SBB [EDX-0x75], EDX; CWDE ; SBB EDX, [EDX-0x75]}
.text ...
.text peauth.sys ACC09C9D 28 Bytes [DE, 08, AE, 55, A1, 57, 40, ...]
.text peauth.sys ACC09CC1 28 Bytes [DE, 08, AE, 55, A1, 57, 40, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[2424] kernel32.dll!WaitForSingleObject 75D5EFA0 5 Bytes JMP 05D3B400 C:\Program Files\Tencent\QQIntl\Plugin\Com.Tencent.QQShow\Bin\FlashAvatarDll.dll (QQ2009/Tencent)
.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[2424] kernel32.dll!SetUnhandledExceptionFilter 75D63162 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[2424] ADVAPI32.dll!RegOpenKeyExA 7706BC0D 5 Bytes JMP 309082C0 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2009/Tencent)
.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[2424] ADVAPI32.dll!RegOpenKeyExW 7706BEC4 5 Bytes JMP 308FFE40 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2009/Tencent)
.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[2424] USER32.dll!SetScrollRange 759AAE3C 5 Bytes JMP 30946A80 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2009/Tencent)
.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[2424] USER32.dll!GetScrollInfo 759B5151 7 Bytes JMP 30946950 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2009/Tencent)
.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[2424] USER32.dll!SetScrollInfo 759B6632 7 Bytes JMP 30946A00 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2009/Tencent)
.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[2424] USER32.dll!GetScrollRange 759D1B6C 5 Bytes JMP 309469C0 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2009/Tencent)
.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[2424] USER32.dll!SetScrollPos 759D1BD0 5 Bytes JMP 30946A40 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2009/Tencent)
.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[2424] USER32.dll!GetScrollPos 759D252B 5 Bytes JMP 30946990 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2009/Tencent)
.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[2424] USER32.dll!EnableScrollBar 759D386D 7 Bytes JMP 30946910 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2009/Tencent)
.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[2424] USER32.dll!ShowScrollBar 759D5785 5 Bytes JMP 30946AD0 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2009/Tencent)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)

AttachedDevice \FileSystem\Ntfs \Ntfs AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.)

Device \FileSystem\fastfat \FatCdrom HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\RAW \Device\RawTape HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)

AttachedDevice \Driver\tdx \Device\Tcp HookCont.sys (HookCont Driver for x86/Beijing Rising Information Technology Co., Ltd.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \FileSystem\rdbss \Device\FsWrap HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\RAW \Device\RawCdRom HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\fastfat \Fat HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.)

Device \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer HOOKHELP.sys (HookHelp.sys/Beijing Rising Information Technology Co., Ltd.)

---- EOF - GMER 1.0.15 ----

OTL

OTL logfile created on: 7/05/2010 7:13:58 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Rabindra\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 185.75 Gb Total Space | 55.42 Gb Free Space | 29.84% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 31.86 Gb Free Space | 32.63% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 8.56 Gb Free Space | 58.46% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: B
Current User Name: Rabindra
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/07 19:12:24 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Rabindra\Desktop\OTL.exe
PRC - [2010/04/04 08:40:27 | 000,178,840 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\Rav\RsTray.exe
PRC - [2010/04/04 08:25:58 | 000,280,416 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\Rav\RavMonD.exe
PRC - [2010/03/18 13:38:20 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/03/11 22:46:38 | 000,152,904 | ---- | M] (Tencent) -- C:\Program Files\Tencent\QQIntl\Bin\TXPlatform.exe
PRC - [2010/03/11 22:46:38 | 000,144,712 | ---- | M] (Tencent) -- C:\Program Files\Tencent\QQIntl\Bin\QQ.exe
PRC - [2009/12/18 02:29:50 | 005,014,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe
PRC - [2009/12/18 02:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/11/13 21:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/10/31 15:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 11:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 11:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/30 03:44:38 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/06/30 03:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\stacsv.exe
PRC - [2009/06/03 13:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/06/03 13:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/01 00:18:54 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/04/01 00:18:32 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/04/01 00:18:32 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/03/30 15:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 15:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/11 03:24:04 | 000,233,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/03/03 04:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe
PRC - [2008/05/08 08:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/08 08:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

========== Modules (SafeList) ==========

MOD - [2010/05/07 19:12:24 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Rabindra\Desktop\OTL.exe
MOD - [2009/07/14 11:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 11:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 11:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 11:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 11:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 11:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 11:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 11:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 11:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 11:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 11:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/14 11:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/04/04 08:25:58 | 000,280,416 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Auto | Running] -- C:\Program Files\Rising\Rav\RavMonD.exe -- (RsRavMon)
SRV - [2009/12/18 02:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/12/17 15:37:52 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/11/13 21:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/07/14 11:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 11:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 11:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 11:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 11:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 11:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 11:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 11:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 11:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 11:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 11:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 11:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 11:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 11:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 11:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 11:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 11:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/06/30 03:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\stacsv.exe -- (STacSV)
SRV - [2009/06/03 13:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/30 15:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/03/03 04:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe -- (AESTFilters)
SRV - [2008/05/08 08:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV - [2010/04/26 16:17:07 | 000,011,320 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\RsNTGdi.sys -- (RsNTGDI)
DRV - [2010/04/04 08:40:38 | 000,012,056 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rsassist.sys -- (rsassist)
DRV - [2010/04/04 08:37:04 | 000,021,144 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookCont.sys -- (hookcont)
DRV - [2010/04/04 08:36:05 | 000,228,504 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookSys.sys -- (hooksys)
DRV - [2010/01/01 22:40:55 | 000,012,096 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mv2.sys -- (mv2)
DRV - [2009/12/15 01:21:18 | 007,062,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/11/04 15:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 15:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 15:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 15:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 15:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/28 08:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/08/24 13:05:06 | 000,206,256 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/07/14 11:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 11:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 11:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 11:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 11:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 11:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 11:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 11:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 11:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 11:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 11:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 11:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 11:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 11:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 11:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 11:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 11:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/14 11:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 11:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 11:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 11:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 11:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 11:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 11:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 11:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 11:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 11:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 11:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 11:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 11:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 11:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 11:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 11:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 11:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 11:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 11:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 11:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 11:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 11:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 10:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 10:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 10:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 09:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 09:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 09:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 09:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 09:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 09:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 09:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 09:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 09:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 09:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 09:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 09:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 09:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 09:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 09:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 09:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 09:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/14 08:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 08:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/14 08:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/14 08:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/14 08:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/14 08:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/14 08:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/14 08:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/14 08:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/07 23:45:32 | 002,506,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/06/30 03:44:38 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/06/15 12:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/04/03 17:37:24 | 000,200,240 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/04/01 02:53:56 | 000,062,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2009/02/10 09:13:18 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVRec.sys -- (AVRec)
DRV - [2009/02/10 09:13:16 | 000,028,560 | ---- | M] (PC Tools Research Pty Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVHook.sys -- (AVHook)
DRV - [2009/02/10 09:13:16 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\AVFilter.sys -- (AVFilter)
DRV - [2008/05/08 08:40:02 | 000,317,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/06/27 07:56:50 | 000,031,872 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\superwebcam.sys -- (SUPERWEBCAM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..network.proxy.http: "169.235.24.133"
FF - prefs.js..network.proxy.http_port: 3128

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 10:39:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/08 08:59:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/16 10:51:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/14 13:56:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/04/16 10:51:00 | 000,000,000 | ---D | M]

[2010/02/02 23:28:33 | 000,000,000 | ---D | M] -- C:\Users\Rabindra\AppData\Roaming\Mozilla\Extensions
[2009/12/22 20:20:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rabindra\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/02/02 23:28:33 | 000,000,000 | ---D | M] -- C:\Users\Rabindra\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/05/05 23:09:01 | 000,000,000 | ---D | M] -- C:\Users\Rabindra\AppData\Roaming\Mozilla\Firefox\Profiles\0e75nafd.default\extensions
[2010/01/15 13:25:33 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Rabindra\AppData\Roaming\Mozilla\Firefox\Profiles\0e75nafd.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/01/14 23:30:13 | 000,000,000 | ---D | M] -- C:\Users\Rabindra\AppData\Roaming\Mozilla\Firefox\Profiles\0e75nafd.default\extensions\[email protected]
[2010/01/14 23:23:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/26 08:06:54 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/26 08:06:54 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/26 08:06:54 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/26 08:06:54 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [RavTray] C:\Program Files\Rising\Rav\RsTray.exe (Beijing Rising Information Technology Co., Ltd.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [QQIntl] C:\Program Files\Tencent\QQIntl\Bin\QQ.exe (Tencent)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: QQ - C:\Program Files\Tencent\QQIntl\Bin\AddEmotion.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop Components:1 (Privacy Protection) -
O24 - Desktop WallPaper: D:\My Pictures\China trip2\China 2009 2009-10-03\003.jpg
O24 - Desktop BackupWallPaper: D:\My Pictures\China trip2\China 2009 2009-10-03\003.jpg
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (bsmain) - C:\Windows\System32\bsmain.exe (Beijing Rising Information Technology Co., Ltd.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/14 12:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/07 19:12:20 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Rabindra\Desktop\OTL.exe
[2010/05/07 16:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/06 08:39:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/06 08:39:20 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 00:20:28 | 000,000,000 | ---D | C] -- C:\Users\Rabindra\AppData\Roaming\Malwarebytes
[2010/04/29 00:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/29 00:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/16 10:50:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/13 08:46:08 | 000,000,000 | ---D | C] -- C:\Users\Rabindra\.its
[2010/04/12 16:34:41 | 000,000,000 | ---D | C] -- C:\Users\Rabindra\Documents\Recordpad
[2010/04/12 16:34:41 | 000,000,000 | ---D | C] -- C:\Users\Rabindra\AppData\Roaming\Recordpad
[2010/04/12 16:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2010/04/12 16:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2010/04/12 16:34:35 | 000,000,000 | ---D | C] -- C:\Users\Rabindra\AppData\Roaming\NCH Swift Sound
[2010/04/12 16:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2010/04/04 08:28:54 | 000,228,504 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\System32\drivers\HookSys.sys
[2010/04/04 08:28:54 | 000,037,912 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\System32\drivers\HookHelp.sys
[2010/04/04 08:28:54 | 000,021,144 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\System32\drivers\HookCont.sys
[2010/04/04 08:28:52 | 000,237,680 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\System32\bsmain.exe
[2010/04/04 08:28:52 | 000,146,072 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\System32\RavExt.dll
[2010/04/04 08:28:52 | 000,012,056 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\System32\drivers\rsassist.sys
[2010/04/04 08:28:52 | 000,011,320 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\System32\drivers\RsNTGdi.sys
[2010/04/04 08:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\PolderbitS
[2010/04/04 07:38:59 | 000,000,000 | ---D | C] -- C:\Users\Rabindra\AppData\Local\ElevatedDiagnostics
[2010/04/04 07:04:05 | 000,000,000 | ---D | C] -- C:\Users\Rabindra\AppData\Roaming\PC Tools
[2010/04/04 07:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/04/03 21:16:08 | 000,000,000 | R--D | C] -- C:\RavBin
[2010/04/03 21:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\Rising
[2010/04/03 21:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Rising
[2010/04/01 17:23:44 | 000,000,000 | ---D | C] -- C:\Users\Rabindra\Desktop\Pimsluer English
[2010/03/21 18:10:36 | 000,000,000 | ---D | C] -- C:\Users\Rabindra\Desktop\SkypeChatHistory
[2010/03/11 22:50:03 | 000,000,000 | ---D | C] -- C:\Users\Rabindra\Documents\Tencent Files
[2010/03/11 22:50:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tencent
[2010/03/11 22:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Tencent
[2010/03/11 22:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\Tencent
[2010/03/11 22:46:30 | 000,000,000 | ---D | C] -- C:\Users\Rabindra\AppData\Roaming\Tencent
[2010/03/10 22:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\SuperWebcam
[2010/03/09 23:01:47 | 000,000,000 | ---D | C] -- C:\Users\Rabindra\AppData\Roaming\Canon
[2010/03/09 23:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/03/08 09:49:38 | 000,000,000 | ---D | C] -- C:\Users\Rabindra\AppData\Roaming\Template
[2010/03/02 10:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2010/03/02 10:53:34 | 000,000,000 | ---D | C] -- C:\Users\Rabindra\AppData\Local\Deployment
[2010/02/27 21:10:19 | 000,000,000 | ---D | C] -- C:\Users\Rabindra\AppData\Roaming\Facebook
[2010/02/26 12:42:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Thunder Network
[2010/02/26 12:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Thunder Network
[2010/02/26 12:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\Thunder Network
[2009/12/15 00:47:38 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 90 Days ==========

[2010/05/07 19:15:47 | 003,145,728 | -HS- | M] () -- C:\Users\Rabindra\ntuser.dat
[2010/05/07 19:12:24 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Rabindra\Desktop\OTL.exe
[2010/05/07 18:43:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/07 18:26:53 | 000,000,297 | ---- | M] () -- C:\Windows\Rav.inf
[2010/05/07 18:26:47 | 000,000,122 | ---- | M] () -- C:\Windows\System32\BsMain.ini
[2010/05/07 15:25:16 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/07 15:25:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/07 11:18:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\˜í
[2010/05/07 10:49:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ î
[2010/05/07 00:09:19 | 000,010,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/07 00:09:19 | 000,010,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/07 00:02:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/07 00:02:00 | 000,332,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/07 00:01:47 | 2386,317,312 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/07 00:00:55 | 004,153,552 | -H-- | M] () -- C:\Users\Rabindra\AppData\Local\IconCache.db
[2010/05/06 19:12:59 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ˆú
[2010/05/06 08:39:27 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/05 18:40:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\@ô
[2010/05/05 00:46:02 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/05 00:46:02 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/05 00:46:02 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/04 22:46:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Üô
[2010/05/04 22:43:51 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ ó
[2010/05/04 16:53:37 | 000,000,000 | ---- | M] () -- C:\Windows\System32\üñ
[2010/05/04 15:34:43 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Xò
[2010/05/04 14:28:45 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Äó
[2010/05/04 01:20:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\°ñ
[2010/05/04 00:35:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ðì
[2010/05/04 00:24:43 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ ó
[2010/05/04 00:15:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pñ
[2010/05/03 23:32:47 | 000,000,000 | ---- | M] () -- C:\Windows\System32\èò
[2010/05/03 17:24:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\€ò
[2010/05/03 15:18:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Hð
[2010/05/03 13:29:32 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Èó
[2010/05/03 11:37:46 | 000,000,000 | ---- | M] () -- C:\Windows\System32\„ï
[2010/05/03 11:20:38 | 000,000,000 | ---- | M] () -- C:\Windows\System32\àï
[2010/05/03 08:51:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\æhw
[2010/05/02 01:13:05 | 000,000,000 | ---- | M] () -- C:\Windows\System32\î£fwDò
[2010/05/01 17:59:51 | 000,524,288 | -HS- | M] () -- C:\Users\Rabindra\ntuser.dat{dc1b84f6-5334-11df-a564-00256442d762}.TMContainer00000000000000000002.regtrans-ms
[2010/05/01 17:59:51 | 000,524,288 | -HS- | M] () -- C:\Users\Rabindra\ntuser.dat{dc1b84f6-5334-11df-a564-00256442d762}.TMContainer00000000000000000001.regtrans-ms
[2010/05/01 17:59:51 | 000,065,536 | -HS- | M] () -- C:\Users\Rabindra\ntuser.dat{dc1b84f6-5334-11df-a564-00256442d762}.TM.blf
[2010/05/01 17:59:09 | 000,013,824 | ---- | M] () -- C:\Users\Rabindra\Desktop\Trades.xls
[2010/04/30 21:29:19 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Ðò
[2010/04/30 10:37:38 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pô
[2010/04/30 10:32:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\0ñ
[2010/04/30 01:19:08 | 000,000,000 | ---- | M] () -- C:\Windows\System32\xí
[2010/04/29 22:40:08 | 000,000,000 | ---- | M] () -- C:\Windows\System32\°í
[2010/04/29 18:36:08 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Xð
[2010/04/29 18:30:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ ð
[2010/04/29 16:59:07 | 000,000,000 | ---- | M] () -- C:\Windows\System32\¨ô
[2010/04/29 16:53:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\äî
[2010/04/29 13:41:05 | 000,000,000 | ---- | M] () -- C:\Windows\System32\¤ô
[2010/04/28 12:08:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\(ï
[2010/04/28 11:14:50 | 000,000,000 | ---- | M] () -- C:\Windows\System32\¸ò
[2010/04/28 10:59:22 | 000,000,000 | ---- | M] () -- C:\Windows\System32\øÅ
[2010/04/28 00:41:11 | 000,000,000 | ---- | M] () -- C:\Windows\System32\¬ð
[2010/04/27 23:03:57 | 000,000,000 | ---- | M] () -- C:\Windows\System32\¨í
[2010/04/27 20:13:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\8í
[2010/04/26 21:25:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\°î
[2010/04/26 21:14:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\°ð
[2010/04/26 20:44:31 | 000,000,000 | ---- | M] () -- C:\Windows\System32\@ò
[2010/04/26 20:21:59 | 000,000,000 | ---- | M] () -- C:\Windows\System32\xñ
[2010/04/26 19:19:47 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ˆô
[2010/04/26 17:41:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Hí
[2010/04/26 16:17:07 | 000,011,320 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\System32\drivers\RsNTGdi.sys
[2010/04/26 14:56:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\xó
[2010/04/26 14:42:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\`î
[2010/04/26 14:06:05 | 000,000,000 | ---- | M] () -- C:\Windows\System32\8ó
[2010/04/26 11:39:41 | 000,000,000 | ---- | M] () -- C:\Windows\System32\¸ñ
[2010/04/26 00:05:03 | 000,000,000 | ---- | M] () -- C:\Windows\System32\8k
[2010/04/25 18:41:31 | 000,000,000 | ---- | M] () -- C:\Windows\System32\4ó
[2010/04/25 02:21:21 | 000,000,000 | ---- | M] () -- C:\Windows\System32\èØ
[2010/04/24 21:39:41 | 000,000,000 | ---- | M] () -- C:\Windows\System32\4ð
[2010/04/17 17:35:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\4í
[2010/04/15 21:06:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\¨ñ
[2010/04/15 19:48:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\°ì
[2010/04/15 19:19:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Üî
[2010/04/15 18:53:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\0ô
[2010/04/15 17:46:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\èì
[2010/04/15 17:30:32 | 000,000,000 | ---- | M] () -- C:\Windows\System32\øï
[2010/04/15 16:23:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\àí
[2010/04/15 15:57:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pó
[2010/04/15 14:34:42 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ôô
[2010/04/15 12:45:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Øô
[2010/04/15 10:28:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\xî
[2010/04/15 10:10:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Èð
[2010/04/15 08:21:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Àì
[2010/04/15 08:14:26 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ ì
[2010/04/15 08:09:56 | 000,000,000 | ---- | M] () -- C:\Windows\System32\@ó
[2010/04/15 08:03:16 | 000,000,000 | ---- | M] () -- C:\Windows\System32\°ò
[2010/04/15 07:17:56 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Xï
[2010/04/14 22:47:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\¸ì
[2010/04/14 20:12:45 | 000,000,000 | ---- | M] () -- C:\Windows\System32\¸ï
[2010/04/14 18:43:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\hñ
[2010/04/14 18:26:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\@ñ
[2010/04/14 17:35:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\”ï
[2010/04/14 12:43:17 | 000,000,000 | ---- | M] () -- C:\Windows\System32\¨ó
[2010/04/14 12:31:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ìò
[2010/04/14 12:29:42 | 000,000,000 | ---- | M] () -- C:\Windows\System32\´ð
[2010/04/14 11:05:16 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Àô
[2010/04/14 00:05:31 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ ï
[2010/04/13 23:16:42 | 000,000,000 | ---- | M] () -- C:\Windows\System32\,ò
[2010/04/13 22:36:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\8î
[2010/04/13 20:34:02 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ôñ
[2010/04/13 20:05:18 | 000,000,000 | ---- | M] () -- C:\Windows\System32\´ò
[2010/04/13 19:55:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\èô
[2010/04/13 19:51:19 | 000,000,000 | ---- | M] () -- C:\Windows\System32\4ï
[2010/04/13 19:47:19 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Tî
[2010/04/13 19:36:22 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Pî
[2010/04/13 19:28:03 | 000,000,000 | ---- | M] () -- C:\Windows\System32\øî
[2010/04/13 19:27:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\tñ
[2010/04/07 23:45:00 | 000,000,120 | ---- | M] () -- C:\Users\Rabindra\AppData\Roaming\wklnhst.dat
[2010/04/04 13:17:05 | 000,000,000 | ---- | M] () -- C:\Windows\System32\hï
[2010/04/04 12:27:47 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pò
[2010/04/04 11:40:47 | 000,000,000 | ---- | M] () -- C:\Windows\System32\¸î
[2010/04/04 10:11:43 | 000,000,000 | ---- | M] () -- C:\Windows\System32\4ñ
[2010/04/04 09:43:33 | 000,000,000 | ---- | M] () -- C:\Windows\System32\èñ
[2010/04/04 09:33:37 | 000,000,025 | ---- | M] () -- C:\Windows\Rav.ini
[2010/04/04 08:40:38 | 000,012,056 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\System32\drivers\rsassist.sys
[2010/04/04 08:37:04 | 000,021,144 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\System32\drivers\HookCont.sys
[2010/04/04 08:36:05 | 000,228,504 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\System32\drivers\HookSys.sys
[2010/04/04 08:36:05 | 000,037,912 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\System32\drivers\HookHelp.sys
[2010/04/04 08:30:57 | 000,000,132 | RHS- | M] () -- C:\rising.ini
[2010/04/04 08:25:59 | 000,237,680 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\System32\bsmain.exe
[2010/04/04 08:25:58 | 000,146,072 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\System32\RavExt.dll
[2010/04/04 08:20:18 | 000,524,288 | -HS- | M] () -- C:\Users\Rabindra\NTUSER.DAT{2f34cc45-3f6b-11df-97d2-00256442d762}.TMContainer00000000000000000002.regtrans-ms
[2010/04/04 08:20:18 | 000,524,288 | -HS- | M] () -- C:\Users\Rabindra\NTUSER.DAT{2f34cc45-3f6b-11df-97d2-00256442d762}.TMContainer00000000000000000001.regtrans-ms
[2010/04/04 08:20:18 | 000,065,536 | -HS- | M] () -- C:\Users\Rabindra\NTUSER.DAT{2f34cc45-3f6b-11df-97d2-00256442d762}.TM.blf
[2010/04/04 08:12:53 | 000,000,024 | ---- | M] () -- C:\Windows\System32\Drv64_32.dat
[2010/04/02 18:18:03 | 000,188,928 | ---- | M] () -- C:\Users\Rabindra\Desktop\SAR.xls
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/21 18:10:24 | 000,002,087 | ---- | M] () -- C:\Users\Rabindra\Desktop\skype history keeper.vbs
[2010/03/11 22:46:30 | 000,018,760 | ---- | M] () -- C:\Windows\System32\QQVistaHelper.dll
[2010/03/02 10:54:02 | 000,061,224 | ---- | M] () -- C:\Users\Rabindra\GoToAssistDownloadHelper.exe
[2010/03/01 08:01:10 | 000,004,608 | ---- | M] () -- C:\Users\Rabindra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/26 12:47:24 | 000,000,020 | ---- | M] () -- C:\Windows\System32\pub_store.dat
[2010/02/25 13:42:09 | 000,000,862 | ---- | M] () -- C:\Windows\System32\termcap

========== Files Created - No Company Name ==========

[2010/05/07 17:02:25 | 000,293,376 | ---- | C] () -- C:\Users\Rabindra\Desktop\gmer.exe
[2010/05/07 11:18:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\˜í
[2010/05/07 10:49:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ î
[2010/05/06 19:12:59 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ˆú
[2010/05/06 08:39:27 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/05 18:40:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\@ô
[2010/05/04 22:46:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Üô
[2010/05/04 22:43:51 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ ó
[2010/05/04 16:53:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\üñ
[2010/05/04 15:34:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Xò
[2010/05/04 14:28:45 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Äó
[2010/05/04 00:35:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ðì
[2010/05/04 00:15:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pñ
[2010/05/03 15:18:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Hð
[2010/05/03 11:37:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\„ï
[2010/05/03 11:20:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\àï
[2010/05/03 08:51:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\æhw
[2010/05/02 01:13:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\î£fwDò
[2010/04/30 21:29:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Ðò
[2010/04/30 10:32:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\0ñ
[2010/04/29 22:40:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\°í
[2010/04/29 18:36:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Xð
[2010/04/29 16:59:07 | 000,000,000 | ---- | C] () -- C:\Windows\System32\¨ô
[2010/04/29 16:53:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\äî
[2010/04/29 13:41:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\¤ô
[2010/04/29 12:48:55 | 000,000,000 | ---- | C] () -- C:\Windows\System32\°ñ
[2010/04/29 12:14:39 | 000,524,288 | -HS- | C] () -- C:\Users\Rabindra\ntuser.dat{dc1b84f6-5334-11df-a564-00256442d762}.TMContainer00000000000000000002.regtrans-ms
[2010/04/29 12:14:39 | 000,524,288 | -HS- | C] () -- C:\Users\Rabindra\ntuser.dat{dc1b84f6-5334-11df-a564-00256442d762}.TMContainer00000000000000000001.regtrans-ms
[2010/04/29 12:14:39 | 000,065,536 | -HS- | C] () -- C:\Users\Rabindra\ntuser.dat{dc1b84f6-5334-11df-a564-00256442d762}.TM.blf
[2010/04/28 12:08:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\(ï
[2010/04/28 11:14:50 | 000,000,000 | ---- | C] () -- C:\Windows\System32\¸ò
[2010/04/28 10:59:22 | 000,000,000 | ---- | C] () -- C:\Windows\System32\øÅ
[2010/04/28 00:41:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\¬ð
[2010/04/27 23:03:57 | 000,000,000 | ---- | C] () -- C:\Windows\System32\¨í
[2010/04/27 20:13:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\8í
[2010/04/27 15:16:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\èò
[2010/04/26 21:25:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\°î
[2010/04/26 21:14:09 | 000,000,000 | ---- | C] () -- C:\Windows\System32\°ð
[2010/04/26 20:44:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\@ò
[2010/04/26 20:21:59 | 000,000,000 | ---- | C] () -- C:\Windows\System32\xñ
[2010/04/26 19:19:47 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ˆô
[2010/04/26 18:31:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ ð
[2010/04/26 17:41:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Hí
[2010/04/26 14:06:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\8ó
[2010/04/26 11:39:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\¸ñ
[2010/04/25 18:41:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\4ó
[2010/04/25 02:21:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\èØ
[2010/04/24 21:39:39 | 000,000,000 | ---- | C] () -- C:\Windows\System32\4ð
[2010/04/23 12:44:08 | 000,013,824 | ---- | C] () -- C:\Users\Rabindra\Desktop\Trades.xls
[2010/04/21 22:54:50 | 000,000,000 | ---- | C] () -- C:\Windows\System32\8k
[2010/04/17 17:35:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\4í
[2010/04/16 12:34:58 | 000,001,292 | ---- | C] () -- C:\Users\Rabindra\Æpctlsp.log
[2010/04/16 11:52:33 | 000,000,922 | ---- | C] () -- C:\Users\Rabindra\Èpctlsp.log
[2010/04/16 11:50:50 | 000,000,461 | ---- | C] () -- C:\Users\Rabindra\Âpctlsp.log
[2010/04/15 19:48:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\°ì
[2010/04/15 19:19:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Üî
[2010/04/15 18:53:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\0ô
[2010/04/15 17:46:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\èì
[2010/04/15 17:30:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\øï
[2010/04/15 16:23:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\àí
[2010/04/15 16:14:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\xí
[2010/04/15 15:57:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pó
[2010/04/15 14:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ôô
[2010/04/15 12:45:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Øô
[2010/04/15 12:04:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\`î
[2010/04/15 10:28:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\xî
[2010/04/15 10:10:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Èð
[2010/04/15 09:09:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Èó
[2010/04/15 08:21:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Àì
[2010/04/15 08:14:26 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ ì
[2010/04/15 08:09:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\@ó
[2010/04/15 08:03:16 | 000,000,000 | ---- | C] () -- C:\Windows\System32\°ò
[2010/04/15 07:17:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Xï
[2010/04/14 22:47:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\¸ì
[2010/04/14 20:12:45 | 000,000,000 | ---- | C] () -- C:\Windows\System32\¸ï
[2010/04/14 18:43:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\hñ
[2010/04/14 18:26:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\@ñ
[2010/04/14 17:35:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\”ï
[2010/04/14 12:43:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\¨ó
[2010/04/14 12:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\´ð
[2010/04/14 12:06:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\¨ñ
[2010/04/14 11:05:16 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Àô
[2010/04/14 00:08:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pô
[2010/04/14 00:05:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ ï
[2010/04/13 23:16:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\,ò
[2010/04/13 22:48:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ìò
[2010/04/13 22:34:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\€ò
[2010/04/13 20:34:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ôñ
[2010/04/13 20:19:26 | 000,000,000 | ---- | C] () -- C:\Windows\System32\xó
[2010/04/13 20:05:18 | 000,000,000 | ---- | C] () -- C:\Windows\System32\´ò
[2010/04/13 19:55:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\èô
[2010/04/13 19:51:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\4ï
[2010/04/13 19:47:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Tî
[2010/04/13 19:37:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ ó
[2010/04/13 19:36:22 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Pî
[2010/04/13 19:28:03 | 000,000,000 | ---- | C] () -- C:\Windows\System32\øî
[2010/04/13 19:27:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\tñ
[2010/04/04 13:17:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\hï
[2010/04/04 12:27:47 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pò
[2010/04/04 11:40:47 | 000,000,000 | ---- | C] () -- C:\Windows\System32\¸î
[2010/04/04 10:11:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\4ñ
[2010/04/04 10:03:47 | 000,000,000 | ---- | C] () -- C:\Windows\System32\8î
[2010/04/04 09:43:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\èñ
[2010/04/04 08:29:10 | 000,000,132 | RHS- | C] () -- C:\rising.ini
[2010/04/04 08:29:10 | 000,000,122 | ---- | C] () -- C:\Windows\System32\BsMain.ini
[2010/04/04 08:28:43 | 000,000,297 | ---- | C] () -- C:\Windows\Rav.inf
[2010/04/04 08:26:14 | 000,000,025 | ---- | C] () -- C:\Windows\Rav.ini
[2010/04/04 08:11:47 | 000,000,024 | ---- | C] () -- C:\Windows\System32\Drv64_32.dat
[2010/04/04 07:03:12 | 000,524,288 | -HS- | C] () -- C:\Users\Rabindra\NTUSER.DAT{2f34cc45-3f6b-11df-97d2-00256442d762}.TMContainer00000000000000000002.regtrans-ms
[2010/04/04 07:03:12 | 000,524,288 | -HS- | C] () -- C:\Users\Rabindra\NTUSER.DAT{2f34cc45-3f6b-11df-97d2-00256442d762}.TMContainer00000000000000000001.regtrans-ms
[2010/04/04 07:03:12 | 000,065,536 | -HS- | C] () -- C:\Users\Rabindra\NTUSER.DAT{2f34cc45-3f6b-11df-97d2-00256442d762}.TM.blf
[2010/04/02 18:18:02 | 000,188,928 | ---- | C] () -- C:\Users\Rabindra\Desktop\SAR.xls
[2010/03/21 18:10:24 | 000,002,087 | ---- | C] () -- C:\Users\Rabindra\Desktop\skype history keeper.vbs
[2010/03/11 22:46:30 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll
[2010/03/10 22:42:21 | 001,742,130 | ---- | C] () -- C:\Users\Rabindra\Desktop\DSCF2880.jpg
[2010/03/08 09:49:36 | 000,000,120 | ---- | C] () -- C:\Users\Rabindra\AppData\Roaming\wklnhst.dat
[2010/03/02 10:54:00 | 000,061,224 | ---- | C] () -- C:\Users\Rabindra\GoToAssistDownloadHelper.exe
[2010/03/01 08:01:01 | 000,004,608 | ---- | C] () -- C:\Users\Rabindra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/26 12:47:24 | 000,000,020 | ---- | C] () -- C:\Windows\System32\pub_store.dat
[2010/02/25 13:42:12 | 000,000,862 | ---- | C] () -- C:\Windows\System32\termcap
[2010/01/21 20:59:50 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2009/12/29 02:49:38 | 000,000,276 | ---- | C] () -- C:\Windows\game.ini
[2009/12/22 23:49:33 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/12/22 23:49:31 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/12/22 23:49:31 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/12/22 23:49:31 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/12/22 23:49:30 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/12/22 23:49:30 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/12/22 22:53:52 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/15 00:42:44 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2009/12/15 00:42:44 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/09/28 08:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
[2009/07/16 17:46:47 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2010/03/09 23:02:12 | 000,000,000 | ---D | M] -- C:\Users\Rabindra\AppData\Roaming\Canon
[2010/04/30 06:12:21 | 000,000,000 | ---D | M] -- C:\Users\Rabindra\AppData\Roaming\EssentialPIM
[2010/02/27 21:10:21 | 000,000,000 | ---D | M] -- C:\Users\Rabindra\AppData\Roaming\Facebook
[2010/01/14 23:30:06 | 000,000,000 | ---D | M] -- C:\Users\Rabindra\AppData\Roaming\LimeWire
[2010/04/14 12:40:24 | 000,000,000 | ---D | M] -- C:\Users\Rabindra\AppData\Roaming\NCH Swift Sound
[2010/01/14 23:30:13 | 000,000,000 | ---D | M] -- C:\Users\Rabindra\AppData\Roaming\PC Suite
[2010/04/12 16:34:41 | 000,000,000 | ---D | M] -- C:\Users\Rabindra\AppData\Roaming\Recordpad
[2010/01/14 23:30:13 | 000,000,000 | ---D | M] -- C:\Users\Rabindra\AppData\Roaming\Softland
[2010/01/14 23:30:13 | 000,000,000 | ---D | M] -- C:\Users\Rabindra\AppData\Roaming\TeamViewer
[2010/03/08 09:49:38 | 000,000,000 | ---D | M] -- C:\Users\Rabindra\AppData\Roaming\Template
[2010/03/11 22:50:30 | 000,000,000 | ---D | M] -- C:\Users\Rabindra\AppData\Roaming\Tencent
[2010/01/14 23:30:13 | 000,000,000 | ---D | M] -- C:\Users\Rabindra\AppData\Roaming\Thunderbird
[2010/02/02 23:28:28 | 000,000,000 | ---D | M] -- C:\Users\Rabindra\AppData\Roaming\TomTom
[2010/05/01 00:04:50 | 000,000,000 | ---D | M] -- C:\Users\Rabindra\AppData\Roaming\uTorrent
[2010/04/29 18:59:39 | 000,018,250 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/11 07:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 11:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/01/15 18:13:48 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/11 07:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/07/16 20:31:40 | 000,003,716 | RH-- | M] () -- C:\dell.sdr
[2010/05/07 00:01:47 | 2386,317,312 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/07 00:01:47 | 3181,760,512 | -HS- | M] () -- C:\pagefile.sys
[2010/04/04 08:30:57 | 000,000,132 | RHS- | M] () -- C:\rising.ini
[2010/05/03 17:04:32 | 000,000,142 | ---- | M] () -- C:\í‚pctlsp.log
[2010/05/05 00:33:58 | 000,000,142 | ---- | M] () -- C:\î¬pctlsp.log
[2010/05/04 19:18:09 | 000,000,284 | ---- | M] () -- C:\îËpctlsp.log
[2010/05/02 19:20:19 | 000,000,142 | ---- | M] () -- C:\îšpctlsp.log
[2010/05/02 19:28:46 | 000,000,142 | ---- | M] () -- C:\ï¡pctlsp.log
[2010/05/05 18:57:11 | 000,000,142 | ---- | M] () -- C:\ïŽpctlsp.log
[2010/05/03 14:21:58 | 000,000,142 | ---- | M] () -- C:\ïƒpctlsp.log
[2010/05/06 22:49:37 | 000,000,142 | ---- | M] () -- C:\ðÉpctlsp.log
[2010/05/05 01:03:30 | 000,000,142 | ---- | M] () -- C:\ðùpctlsp.log
[2010/05/04 00:12:06 | 000,000,142 | ---- | M] () -- C:\ð‚pctlsp.log
[2010/05/03 02:44:46 | 000,000,142 | ---- | M] () -- C:\ñ¢pctlsp.log
[2010/05/05 19:02:40 | 000,000,142 | ---- | M] () -- C:\ñÌpctlsp.log
[2010/05/02 23:21:42 | 000,000,142 | ---- | M] () -- C:\ñÐpctlsp.log
[2010/05/03 05:20:58 | 000,000,142 | ---- | M] () -- C:\òÒpctlsp.log
[2010/05/07 10:29:12 | 000,000,142 | ---- | M] () -- C:\óòpctlsp.log
[2010/05/01 20:31:05 | 000,000,142 | ---- | M] () -- C:\ôpctlsp.log
[2010/05/04 23:56:35 | 000,001,109 | ---- | M] () -- C:\ô§pctlsp.log
[2010/05/03 01:21:04 | 000,000,142 | ---- | M] () -- C:\ô«pctlsp.log
[2010/05/02 21:03:06 | 000,000,142 | ---- | M] () -- C:\ôÆpctlsp.log
[2010/05/03 18:20:29 | 000,000,142 | ---- | M] () -- C:\ô‚pctlsp.log
[2010/05/01 21:02:53 | 000,000,142 | ---- | M] () -- C:\õ”pctlsp.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 11:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/14 11:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/04 08:37:04 | 000,021,144 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\System32\drivers\HookCont.sys
[2010/04/04 08:36:05 | 000,037,912 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\System32\drivers\HookHelp.sys
[2010/04/04 08:36:05 | 000,228,504 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\System32\drivers\HookSys.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/04 08:40:38 | 000,012,056 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\System32\drivers\rsassist.sys
[2010/04/26 16:17:07 | 000,011,320 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\System32\drivers\RsNTGdi.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 3982 bytes -> C:\Windows\System32\4ð:pctlsp.log
@Alternate Data Stream - 3796 bytes -> C:\Windows\System32:îÖpctlsp.log
@Alternate Data Stream - 3065 bytes -> C:\Windows\System32\ìò:pctlsp.log
@Alternate Data Stream - 284 bytes -> C:\Windows\System32\¨ñ:pctlsp.log
@Alternate Data Stream - 18602 bytes -> C:\Windows\System32\8k:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\xó:Ÿswlpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Xò:Ÿsevpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\xó:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\xñ: çaw.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\xí:ŸsRvlpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Xï:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\xî:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\xí:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Xð:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Üô: çhw.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\üñ: çhw.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Üî:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\tñ:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Tî:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\pô:ŸsRvlpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\pô:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\pó:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\pò: çBw.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\pñ: çhw.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Pî:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Øô:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\ôô:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\ôñ:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\øï:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\øî:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\øÅ:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\î£fwDò:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\hñ:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Hí:Ÿswlpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\hï: çBw.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Hð: çhw.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\èØ:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\èô:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Èó:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\èò: çhw.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Èó: çhw.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\èò: çaw.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Èó: çaw.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\èñ: çBw.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\èì:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Èð:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Ðò: ç$w.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\ðì:Ÿsevlpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Àô:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Äó: çhw.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\àï:Ÿsevlpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Àì:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\àí:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\äî: ç$w.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\æhw:Ï«å¨î´pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\8ó:Ÿswlpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\8î:Ÿs£vlpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\8î:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\8í: çaw.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\4ó:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\4ñ:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\4ï:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\4í:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\0ô:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\0ñ: ç$w.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\°ò:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\°ñ:ŸsRvlpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\°ñ:Ÿsevlpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\°î:Ÿswlpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\°í:ŸsRvlpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\°ì:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\°ð:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\¬ð: çaw.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\€ò:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\€ò: çhw.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\¤ô: ç$w.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\„ï: çhw.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\”ï:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\˜í:Ÿsàulpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\¸ò:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\¸ñ:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\¸î:Ÿs£vlpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\¸ï:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\¸ì:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\´ò:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\´ð:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\¨ó:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\¨ô: ç$w.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\¨í:Ÿswlpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\`î:Ÿswlpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\`î:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\ˆú:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\ˆô:Ÿswlpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\@ó:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\@ò: çaw.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\@ô: ç³w.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\@ñ:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\,ò:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\(ï: çaw.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\ ó:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\ ó: çhw.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\ î:Ÿsàulpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\ ì:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\ ó: çhw.pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\ ï:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\ ð:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\ ð: ç$w.pctlsp.log
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:7E95B6FD

< End of report >

OTL Extras logfile created on: 7/05/2010 7:13:58 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Rabindra\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 185.75 Gb Total Space | 55.42 Gb Free Space | 29.84% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 31.86 Gb Free Space | 32.63% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 8.56 Gb Free Space | 58.46% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: B
Current User Name: Rabindra
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{36F4AF22-A159-4E0F-AABE-67638D2B939D}" = Super Webcam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A20A58C4-6784-4B4B-86CC-94E2E3671033}" = Nero 7 Premium
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1BBDCDD-8F08-4DE6-BA11-E7B14F7E129B}" = Nokia PC Suite 6.1
"{C552184B-E4BE-479E-9A4A-6E51ED46ABE7}" = LiveUpload to Facebook
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"360Share Pro" = 360Share Pro(remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"doPDF 7 printer_is1" = doPDF 7.0 printer
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"eMule" = eMule
"ERUNT_is1" = ERUNT 1.1j
"EssentialPIM" = EssentialPIM
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{C1BBDCDD-8F08-4DE6-BA11-E7B14F7E129B}" = Nokia PC Suite 6.1
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.9.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mozilla Thunderbird (3.0.3)" = Mozilla Thunderbird (3.0.3)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"Rav" = Rising Antivirus
"Recordpad" = RecordPad Sound Recorder
"TeamViewer 5" = TeamViewer 5
"TomTom HOME" = TomTom HOME 2.7.3.1894
"TVWiz" = Intel® TV Wizard
"uTorrent" = µTorrent
"WavePad" = WavePad Sound Editor
"WinLiveSuite_Wave3" = Windows Live Essentials
"迅雷看看播放器" = 迅雷看看播放器

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Market Data Streamer (hltn)" = Market Data Streamer (hltn)

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#2
RKinner

Posted 09 May 2010 - 12:19 AM

Malware Expert

Expert
24,625 posts

Copy the text between the lines of stars by highlighting and Ctrl + c
***************************************************************************************************:OTL
DRV - [2009/08/24 13:05:06 | 000,206,256 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/02/10 09:13:18 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVRec.sys -- (AVRec)
DRV - [2009/02/10 09:13:16 | 000,028,560 | ---- | M] (PC Tools Research Pty Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVHook.sys -- (AVHook)
DRV - [2009/02/10 09:13:16 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\AVFilter.sys -- (AVFilter)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
[2010/05/07 11:18:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\˜í
[2010/05/07 10:49:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ î
[2010/05/06 19:12:59 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ˆú
[2010/05/05 18:40:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\@ô
[2010/05/04 22:46:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Üô
[2010/05/04 22:43:51 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ ó
[2010/05/04 16:53:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\üñ
[2010/05/04 15:34:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Xò
[2010/05/04 14:28:45 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Äó
[2010/05/04 00:35:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ðì
[2010/05/04 00:15:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pñ
[2010/05/03 15:18:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Hð
[2010/05/03 11:37:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\„ï
[2010/05/03 11:20:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\àï
[2010/05/03 08:51:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\æhw
[2010/05/02 01:13:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\î£fwDò
[2010/04/30 21:29:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Ðò
[2010/04/30 10:32:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\0ñ
[2010/04/29 22:40:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\°í
[2010/04/29 18:36:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Xð
[2010/04/29 16:59:07 | 000,000,000 | ---- | C] () -- C:\Windows\System32\¨ô
[2010/04/29 16:53:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\äî
[2010/04/29 13:41:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\¤ô
[2010/04/29 12:48:55 | 000,000,000 | ---- | C] () -- C:\Windows\System32\°ñ
[2010/04/28 12:08:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\(ï
[2010/04/28 11:14:50 | 000,000,000 | ---- | C] () -- C:\Windows\System32\¸ò
[2010/04/28 10:59:22 | 000,000,000 | ---- | C] () -- C:\Windows\System32\øÅ
[2010/04/28 00:41:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\¬ð
[2010/04/27 23:03:57 | 000,000,000 | ---- | C] () -- C:\Windows\System32\¨í
[2010/04/27 20:13:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\8í
[2010/04/27 15:16:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\èò
[2010/04/26 21:25:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\°î
[2010/04/26 21:14:09 | 000,000,000 | ---- | C] () -- C:\Windows\System32\°ð
[2010/04/26 20:44:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\@ò
[2010/04/26 20:21:59 | 000,000,000 | ---- | C] () -- C:\Windows\System32\xñ
[2010/04/26 19:19:47 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ˆô
[2010/04/26 18:31:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ ð
[2010/04/26 17:41:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Hí
[2010/04/26 14:06:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\8ó
[2010/04/26 11:39:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\¸ñ
[2010/04/25 18:41:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\4ó
[2010/04/25 02:21:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\èØ
[2010/04/24 21:39:39 | 000,000,000 | ---- | C] () -- C:\Windows\System32\4ð

:Files
C:\Program Files\Common Files\PC Tools
C:\Windows\system32\drivers\PCTCore.sys
C:\Windows\System32\drivers\AVRec.sys
C:\Windows\System32\drivers\AVHook.sys
C:\Windows\System32\drivers\AVFilter.sys

:Commands
[purity]
[emptytemp]
[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron

#3
ratnam

Posted 09 May 2010 - 05:48 AM

New Member

Topic Starter
Member
4 posts

Hi Ron

I cut and pasted the text you posted and ran OTL.
Then I clicked OK to reboot.
But now the PC wont startup into windows.
It starts to load normally, then I see a real quick flash of the dreeded blue screen with white writing and then it goes into a window auto recovery - which fails.

I managed to start it up and get to the DOS prompt and the ran the ERDNT recovery file to restore the registry, but that failed to have any effect, it still wont load windows.

Any suggestions what I should do now?

#4
RKinner

Posted 09 May 2010 - 10:11 AM

Malware Expert

Expert
24,625 posts

I assume you were not able to load Safe Mode but can run Command Prompt?

There is an option in the Safe Mode menu to turn off the auto reboot on crash. I would do that then reboot and it should stop at the blue screen so you can see what it is complaining about.

OTL stores the files it removes under a folder C:\_OTL. It may change the extension or zip them up. Not sure. You could try putting the files and folders back where they were.

C:\Program Files\Common Files\PC Tools <==Folder the others are files and probably more important.
C:\Windows\system32\drivers\PCTCore.sys
C:\Windows\System32\drivers\AVRec.sys
C:\Windows\System32\drivers\AVHook.sys
C:\Windows\System32\drivers\AVFilter.sys

Ron

#5
ratnam

Posted 10 May 2010 - 07:17 AM

New Member

Topic Starter
Member
4 posts

Hi,
i managed to use the Windows 7 disk to restore the pc - so it works again.
I tried running OTL again - but same result - can bootup afterwards.

Should I skip this and run combofix ?

#6
RKinner

Posted 10 May 2010 - 08:01 AM

Malware Expert

Expert
24,625 posts

Glad you got back to running. No idea why it decided not to boot. The stuff we did was pretty simple. You can try Combofix but it may not want to run on Windows 7. (It will tell you if it thinks it is not a good idea.)

Ron