Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

please help - experiencing win*.tmp.exe errors [Solved]

Started by alphabetagamma , Sep 22 2012 06:33 AM

  • This topic is locked This topic is locked

#1
alphabetagamma
Posted 22 September 2012 - 06:33 AM

alphabetagamma

    Member

  • Member
  • PipPip
  • 15 posts
New here - seeking help with the following issue:

Machine: i3 laptop running WinXP SP3. use avast home edition and sygate firewall by way of security.

Problem: Subscribed to an equity data service last week. Each time I run the downloader, at the start where it says 'validating registration', it throws up an error message that win23(or some other two digit number or a number and/or a letter).tmp.exe has encountered a problem and needs to close (screenshot copy attached). It asks whether to send an error report to Microsoft or not. Once I click out of this box, the program launches normally. At each launch of the program two files are created - one in Windows\system 32 directory and the other in 'prefetch' directory. Deletion of these files is of no help since, at the next launch, new files are created. When I checked with the data vendor, they had a look and said the problem did not lie with their software but that my machine was infected. My machine seems otherwise ok, except (in hindsight) the very slightly erratic browsing for the last little while and occasional inability to burn CDs using Nero. Not having the remotest pretensions of being tech-savvy, I don't know if these two niggles are somehow linked to the win*.tmp.exe problem.

Steps I took to remedy the problem: Googled it - went through historical fixes like in http://www.geekstogo...iles resolved/ (of 2006 vintage variety) and http://www.spyware-r...popups-removal. Installed and ran AVG anti-spyware and super anti-spyware - didn't help. Installed and ran Hijackthis log - hoping to find a win???32.dll in line 020 that I could rename with a .txt at the end to get rid of the problem (as made out in certain posts), but didn't find any such file.

Many thanks in advance for your help. The OTL log is appended below:

alphabetagamma

OTL logfile created on: 22-Sep-12 4:31:51 PM - Run 1
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Documents and Settings\KK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.87 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 77.29% Memory free
4.71 Gb Paging File | 4.18 Gb Available in Paging File | 88.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 150.34 Gb Total Space | 121.42 Gb Free Space | 80.77% Space Free | Partition Type: NTFS
Drive D: | 150.34 Gb Total Space | 122.26 Gb Free Space | 81.33% Space Free | Partition Type: NTFS
Drive E: | 150.34 Gb Total Space | 150.03 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
Drive F: | 1.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME_NOTEBOOK | User Name: KK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-09-22 16:29:52 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KK\Desktop\OTL.exe
PRC - [2012-08-30 08:28:46 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012-08-21 14:42:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\Avast\AvastUI.exe
PRC - [2012-08-21 14:42:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Avast\AvastSvc.exe
PRC - [2012-07-12 00:24:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011-10-03 05:06:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java RE 6.24\bin\jqs.exe
PRC - [2010-03-29 15:39:54 | 001,822,600 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010-03-15 20:32:54 | 001,599,368 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2009-12-18 12:28:30 | 004,464,640 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2009-12-09 16:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009-12-09 16:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009-09-15 18:31:30 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files\USB Camera2\VM332_STI.EXE
PRC - [2009-08-14 11:48:52 | 001,455,480 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo Bluetooth Software\BTStackServer.exe
PRC - [2009-08-14 11:48:52 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo Bluetooth Software\BTTray.exe
PRC - [2009-08-14 11:48:52 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo Bluetooth Software\bin\btwdins.exe
PRC - [2009-07-20 02:32:16 | 002,713,144 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
PRC - [2008-04-14 10:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-09-21 09:25:52 | 000,344,064 | ---- | M] () -- C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
PRC - [2007-06-11 14:55:42 | 006,731,312 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
PRC - [2007-05-30 18:01:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
PRC - [2003-12-24 14:44:56 | 002,344,160 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\Smc.exe
PRC - [2002-08-01 03:49:54 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPagePro12.0\opware12.exe


========== Modules (No Company Name) ==========

MOD - [2012-09-21 13:42:20 | 001,811,968 | ---- | M] () -- C:\Program Files\Avast\defs\12092100\algo.dll
MOD - [2012-08-30 08:28:45 | 000,442,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
MOD - [2012-08-30 08:28:44 | 012,237,336 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
MOD - [2012-08-30 08:28:42 | 003,997,720 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
MOD - [2012-08-30 08:27:15 | 000,144,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
MOD - [2012-08-30 08:27:13 | 000,266,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
MOD - [2012-08-30 08:27:12 | 002,480,680 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
MOD - [2009-08-14 11:47:34 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009-08-14 11:45:04 | 000,069,697 | ---- | M] () -- C:\Program Files\Lenovo Bluetooth Software\BTKeyInd.dll
MOD - [2008-05-21 17:33:22 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2008-04-14 10:12:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008-04-14 10:11:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007-09-21 09:25:52 | 000,344,064 | ---- | M] () -- C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
MOD - [2006-05-14 09:53:40 | 000,138,752 | ---- | M] () -- C:\Program Files\7-Zip\7-zip.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012-09-03 09:10:23 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-08-21 14:42:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012-07-12 00:24:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011-10-03 05:06:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java RE 6.24\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-12-09 16:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009-12-09 16:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009-08-14 11:48:52 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007-05-30 18:01:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [Auto | Running] -- C:\Program Files\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)
SRV - [2003-12-24 14:44:56 | 002,344,160 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Program Files\Sygate\Smc.exe -- (SmcService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\cmusbser.sys -- (qcusbser)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- -- (ASPI32)
DRV - [2012-08-21 14:43:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012-08-21 14:43:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012-08-21 14:43:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012-08-21 14:43:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012-08-21 14:43:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012-08-21 14:43:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012-08-21 14:43:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012-03-07 05:32:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2011-07-22 21:57:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011-07-13 03:25:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-07-16 13:17:46 | 001,930,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2010-06-18 13:42:46 | 002,967,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010-02-26 16:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2010-01-19 05:50:10 | 000,235,520 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009-12-11 16:24:36 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009-12-03 10:07:08 | 000,185,072 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vm332avs.sys -- (vm332avs)
DRV - [2009-09-17 12:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2009-09-03 16:27:50 | 000,040,704 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009-08-17 14:00:26 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009-07-28 16:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009-07-09 12:45:00 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009-06-21 09:56:14 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008-07-24 17:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008-02-04 17:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008-02-04 17:57:30 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007-05-30 17:40:42 | 000,011,000 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver)
DRV - [2007-05-30 17:40:42 | 000,010,872 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
DRV - [2003-12-24 14:34:38 | 000,018,515 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2003-12-24 14:32:14 | 000,056,400 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Teefer.sys -- (Teefer)
DRV - [2003-12-24 14:30:18 | 000,011,914 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wg3n.sys -- (wg3n)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
IE - HKCU\..\SearchScopes,DefaultScope = {1D84549F-527B-4AC3-916A-6C048ED13AA0}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000002682e24081
IE - HKCU\..\SearchScopes\{1D84549F-527B-4AC3-916A-6C048ED13AA0}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.0
FF - prefs.js..extensions.enabledAddons: [email protected]:7.0.1466
FF - prefs.js..keyword.URL: "http://search.babylo...02682e24081&q="


FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java RE 6.24\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2088: C:\Program Files\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2146: C:\Program Files\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1069: C:\Program Files\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java RE 6.24\lib\deploy\jqs\ff [2011-03-07 17:52:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST\WebRep\FF [2012-08-31 09:12:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-11-05 12:36:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011-11-05 12:37:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\KK\Application Data\Mozilla\Extensions
[2012-04-07 12:42:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\KK\Application Data\Mozilla\Firefox\Profiles\rq7m0lq3.default\extensions
[2012-04-07 12:42:54 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\KK\Application Data\Mozilla\Firefox\Profiles\rq7m0lq3.default\extensions\[email protected]
[2011-11-05 12:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-08-31 09:12:39 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST\WEBREP\FF
[2011-03-07 17:52:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA RE 6.24\LIB\DEPLOY\JQS\FF
[2011-09-29 12:23:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-09-29 05:56:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - homepage: http://google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\KK\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java RE 6.24\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java RE 6.24\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\RealPlayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Documents and Settings\KK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\KK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\KK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Gmail = C:\Documents and Settings\KK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2007-08-11 12:28:33 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java RE 6.24\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java RE 6.24\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [332BigDog] C:\Program Files\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Opware12] C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant Systems, Inc.)
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\Smc.exe (Sygate Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\Lenovo Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo Bluetooth Software\btsendto_ie.htm ()
O15 - HKCU\..Trusted Domains: religare.in ([crn] http in Trusted sites)
O15 - HKCU\..Trusted Domains: religare.in ([files] ftp in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1299502970375 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96FF19CA-A816-4ACB-9EED-4FC55D8F82BE}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-02-25 20:08:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3899a87f-6cc2-11e1-a275-002682e24081}\Shell - "" = AutoRun
O33 - MountPoints2\{3899a87f-6cc2-11e1-a275-002682e24081}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3899a87f-6cc2-11e1-a275-002682e24081}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{3899a881-6cc2-11e1-a275-002682e24081}\Shell - "" = AutoRun
O33 - MountPoints2\{3899a881-6cc2-11e1-a275-002682e24081}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3899a881-6cc2-11e1-a275-002682e24081}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-09-22 16:29:46 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\KK\Desktop\OTL.exe
[2012-09-21 13:10:03 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\KK\Desktop\HijackThis.exe
[2012-09-21 12:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KK\Application Data\Grisoft
[2012-09-21 12:21:31 | 000,010,872 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgAsCln.sys
[2012-09-21 12:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2012-09-21 12:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Anti-Spyware 7.5
[2012-09-21 10:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KK\Application Data\SUPERAntiSpyware.com
[2012-09-21 10:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012-09-21 10:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012-09-21 10:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012-09-21 10:08:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2012-09-21 10:06:27 | 020,549,528 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\KK\Desktop\SUPERAntiSpyware.exe
[2012-09-20 00:50:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\KK\Recent
[2012-09-18 16:37:49 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2012-09-18 16:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\CoreTrade
[2012-09-18 16:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CoreTrade
[2012-09-18 15:11:53 | 248,614,244 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\KK\Desktop\isseod.exe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-09-22 16:29:52 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KK\Desktop\OTL.exe
[2012-09-22 16:18:01 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-09-22 15:53:58 | 000,463,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-09-22 15:53:58 | 000,079,106 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-09-22 15:50:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012-09-22 15:49:23 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-09-22 15:49:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-09-22 15:49:17 | 3077,464,064 | -HS- | M] () -- C:\hiberfil.sys
[2012-09-21 17:44:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-09-21 17:25:10 | 000,023,545 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\folidx1
[2012-09-21 17:25:10 | 000,002,955 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\sbg.xml
[2012-09-21 12:21:34 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk
[2012-09-21 12:18:35 | 012,413,440 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\avgas-setup-7.5.1.43.exe
[2012-09-21 12:02:44 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\KK\Desktop\HijackThis.exe
[2012-09-21 10:42:24 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012-09-21 10:06:28 | 020,549,528 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\KK\Desktop\SUPERAntiSpyware.exe
[2012-09-20 21:26:26 | 000,059,858 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120920_SA638_NSEF607880_0.htm
[2012-09-20 11:37:58 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2012-09-20 00:52:31 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012-09-18 22:54:14 | 000,062,906 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120918_SA638_NSEF602701_0.htm
[2012-09-18 17:38:11 | 000,001,650 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\Microsoft\Internet Explorer\Quick Launch\CoreTrade.lnk
[2012-09-17 22:22:28 | 000,065,953 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120917_SA638_NSEF597333_0.htm
[2012-09-14 01:01:30 | 000,061,887 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120913_SA638_NSEF585258_0.htm
[2012-09-13 08:43:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-09-12 23:48:22 | 000,061,891 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120912_SA638_NSEF580812_0.htm
[2012-09-12 15:11:03 | 248,614,244 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\KK\Desktop\isseod.exe
[2012-09-12 00:14:52 | 000,063,915 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120911_SA638_NSEF575929_0.htm
[2012-09-10 22:53:06 | 000,062,911 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120910_SA638_NSEF571558_0.htm
[2012-09-10 09:38:10 | 000,002,135 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\Microsoft\Internet Explorer\Quick Launch\StocksUP DayTrader Update Past.lnk
[2012-09-09 13:59:09 | 000,248,887 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\Insurance.pdf
[2012-09-09 13:57:54 | 000,855,137 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\Sec Mkts basic.pdf
[2012-09-09 13:43:27 | 000,966,127 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\Sec. Mkts - Adv..pdf
[2012-09-09 13:36:31 | 000,244,137 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\Fin Mkts - beginner.pdf
[2012-09-07 12:32:58 | 000,464,828 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\GATS ex jurisint.org.pdf
[2012-09-07 11:49:10 | 014,919,628 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\IPR in Indian context.pdf
[2012-09-07 11:45:42 | 015,055,207 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\Dispute resolution under WTO.pdf
[2012-09-05 09:20:48 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012-09-04 18:33:44 | 000,096,101 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\2176456_lk5nb055vlqayamoqsywzj55.pdf
[2012-08-31 09:13:29 | 000,002,616 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-09-21 17:15:23 | 3077,464,064 | -HS- | C] () -- C:\hiberfil.sys
[2012-09-21 12:21:34 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk
[2012-09-21 12:17:29 | 012,413,440 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\avgas-setup-7.5.1.43.exe
[2012-09-21 10:08:26 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012-09-20 21:26:26 | 000,059,858 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120920_SA638_NSEF607880_0.htm
[2012-09-18 22:54:14 | 000,062,906 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120918_SA638_NSEF602701_0.htm
[2012-09-18 17:38:11 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\KK\Application Data\Microsoft\Internet Explorer\Quick Launch\CoreTrade.lnk
[2012-09-18 16:53:15 | 000,002,955 | ---- | C] () -- C:\Documents and Settings\KK\Application Data\sbg.xml
[2012-09-18 16:49:07 | 000,023,545 | ---- | C] () -- C:\Documents and Settings\KK\Application Data\folidx1
[2012-09-17 22:22:28 | 000,065,953 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120917_SA638_NSEF597333_0.htm
[2012-09-14 01:01:30 | 000,061,887 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120913_SA638_NSEF585258_0.htm
[2012-09-12 23:48:22 | 000,061,891 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120912_SA638_NSEF580812_0.htm
[2012-09-12 00:14:52 | 000,063,915 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120911_SA638_NSEF575929_0.htm
[2012-09-10 22:53:06 | 000,062,911 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120910_SA638_NSEF571558_0.htm
[2012-09-09 13:59:19 | 000,248,887 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\Insurance.pdf
[2012-09-09 13:58:16 | 000,855,137 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\Sec Mkts basic.pdf
[2012-09-09 13:43:50 | 000,966,127 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\Sec. Mkts - Adv..pdf
[2012-09-09 13:36:46 | 000,244,137 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\Fin Mkts - beginner.pdf
[2012-09-07 12:33:24 | 000,464,828 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\GATS ex jurisint.org.pdf
[2012-09-07 11:49:27 | 014,919,628 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\IPR in Indian context.pdf
[2012-09-07 11:46:05 | 015,055,207 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\Dispute resolution under WTO.pdf
[2012-09-04 18:33:54 | 000,096,101 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\2176456_lk5nb055vlqayamoqsywzj55.pdf
[2012-08-16 15:13:16 | 000,000,563 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2012-08-16 15:07:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\setscan.ini
[2012-04-10 09:52:35 | 000,029,378 | ---- | C] () -- C:\WINDOWS\Pkunzip.exe
[2012-04-09 10:14:30 | 000,000,285 | ---- | C] () -- C:\WINDOWS\winros.ini
[2012-03-14 12:09:34 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\MetaLib.dll
[2012-03-05 19:04:32 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\fusioncache.dat
[2012-03-05 19:03:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\regset.INI
[2012-03-05 19:02:10 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2012-03-05 19:02:10 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\dbcapi.dll
[2012-03-05 19:02:09 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\LFCMP61N.DLL
[2012-03-05 19:02:09 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\Lfpng61n.dll
[2012-03-05 19:02:09 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL61N.DLL
[2012-03-05 19:02:09 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\MSWTHK32.DLL
[2012-03-05 19:02:09 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2012-03-05 19:02:09 | 000,003,360 | ---- | C] () -- C:\WINDOWS\System32\MSWTHK16.DLL
[2011-09-27 13:22:35 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2011-09-27 13:02:05 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2011-09-27 13:02:00 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2011-09-27 13:02:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2011-08-29 19:36:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\{775FAB5F-8909-4007-A2DF-0D79F8301DFC}
[2011-08-01 19:36:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\{F5D43B68-2EAA-4985-B68A-31D7D1BC0484}
[2011-06-14 20:15:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\{B2D1400A-2469-4B11-9C95-6B588D5F440B}
[2011-04-11 14:37:29 | 000,307,084 | ---- | C] () -- C:\Documents and Settings\KK\U_010311_009_002799_015844.pdf
[2011-03-24 11:21:52 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-03-23 17:33:12 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NT00INJ.DLL
[2011-03-23 17:33:12 | 000,001,024 | R--- | C] () -- C:\WINDOWS\DK00VSYS.DLL
[2011-03-23 17:24:07 | 000,019,083 | ---- | C] () -- C:\WINDOWS\Deltree.exe
[2011-03-07 18:15:27 | 000,864,256 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2011-03-07 18:15:27 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll
[2011-03-07 18:15:27 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2011-03-07 17:59:14 | 000,314,880 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2011-03-07 17:02:11 | 000,442,368 | R--- | C] () -- C:\WINDOWS\System32\zshp1020.exe
[2011-03-07 17:02:11 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2011-03-07 16:47:52 | 000,001,387 | ---- | C] () -- C:\WINDOWS\Bringer.INI
[2011-03-03 17:53:56 | 000,000,114 | ---- | C] () -- C:\Documents and Settings\KK\default.pls
[2011-03-01 13:06:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011-02-28 15:30:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011-02-28 13:38:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\vm332Rmv.ini
[2011-02-28 13:08:33 | 000,870,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng575.bin
[2011-02-28 13:08:33 | 000,127,868 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
[2011-02-28 13:08:33 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011-02-28 13:08:29 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011-02-28 12:08:15 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011-02-26 01:28:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-02-26 01:26:56 | 000,149,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-02-25 20:12:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-02-25 20:05:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2012-03-05 18:52:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

========== LOP Check ==========

[2012-04-03 15:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AMMYY
[2012-03-05 19:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012-04-07 12:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012-03-05 19:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Equis
[2012-09-21 12:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011-02-26 08:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2012-03-24 10:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2012-08-16 15:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2012-08-16 15:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2012-08-16 15:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2012-09-21 10:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2012-03-24 14:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012-04-07 12:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KK\Application Data\Babylon
[2012-09-21 12:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KK\Application Data\Grisoft
[2011-06-27 12:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KK\Application Data\NesterSoft
[2011-04-01 16:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KK\Application Data\Opera
[2012-08-16 15:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KK\Application Data\ScanSoft
[2011-03-30 09:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KK\Application Data\TeamViewer
[2011-03-07 16:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KK\Application Data\Xanadu Tools

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC359956

< End of report >

Attached Thumbnails

  • wintmp.JPG

  • 0

Advertisements

#2
godawgs
Posted 22 September 2012 - 07:34 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello alphabetagamma, :wave:
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.


The OTL scan should have produced a Extras.txt file. It should be on the desktop with the OTL.txt file. Please post the contents of the Extras.txt file in your next reply.

Do you know what these htm files on the desktop are:
C:\Documents and Settings\KK\Desktop\CN_20120920_SA638_NSEF607880_0.htm
C:\Documents and Settings\KK\Desktop\CN_20120918_SA638_NSEF602701_0.htm
C:\Documents and Settings\KK\Desktop\CN_20120917_SA638_NSEF597333_0.htm
C:\Documents and Settings\KK\Desktop\CN_20120913_SA638_NSEF585258_0.htm
C:\Documents and Settings\KK\Desktop\CN_20120912_SA638_NSEF580812_0.htm
C:\Documents and Settings\KK\Desktop\CN_20120911_SA638_NSEF575929_0.htm
C:\Documents and Settings\KK\Desktop\CN_20120910_SA638_NSEF571558_0.htm


Do you know what this file on the desktop is:
C:\Documents and Settings\KK\Desktop\isseod.exe


Step-1.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.


Step-2.

Things For Your Next Post:
1. The Extras.txt log
2. The aswMBR log
3. Answer my question about the .htm files
4. Answer my question about the isseod.exe file.
  • 0

#3
alphabetagamma
Posted 23 September 2012 - 04:40 AM

alphabetagamma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thank you Mr. Godawgs for your kind attention and assuring words. I feel I am in right hands. Coming to the questions:

1. The extras OTL log (sorry, I didn't realize there were two logs - posted just one):

OTL Extras logfile created on: 22-Sep-12 4:31:51 PM - Run 1
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Documents and Settings\KK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.87 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 77.29% Memory free
4.71 Gb Paging File | 4.18 Gb Available in Paging File | 88.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 150.34 Gb Total Space | 121.42 Gb Free Space | 80.77% Space Free | Partition Type: NTFS
Drive D: | 150.34 Gb Total Space | 122.26 Gb Free Space | 81.33% Space Free | Partition Type: NTFS
Drive E: | 150.34 Gb Total Space | 150.03 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
Drive F: | 1.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME_NOTEBOOK | User Name: KK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"G:\Installation\Setupx.exe" = G:\Installation\Setupx.exe:*:Enabled:Nero ControlCenter
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\NOW\NOW.exe" = C:\Program Files\NOW\NOW.exe:*:Enabled:NEAT On Web -- (Omnesys Technologies Pvt Ltd.)
"C:\StocksUP\winros.exe" = C:\StocksUP\winros.exe:*:Enabled: -- (Viratech Software)
"C:\ODIN\Diet\DietOdin.exe" = C:\ODIN\Diet\DietOdin.exe:*:Enabled:odin95 -- (Financial Technologies (India) Ltd.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser
"C:\Documents and Settings\KK\Local Settings\Temp\IXP000.TMP\SMPCSetup.exe" = C:\Documents and Settings\KK\Local Settings\Temp\IXP000.TMP\SMPCSetup.exe:*:Enabled:SMPCSetup
"C:\Documents and Settings\KK\Local Settings\Temp\IXP000.TMP\smwinvnc.exe" = C:\Documents and Settings\KK\Local Settings\Temp\IXP000.TMP\smwinvnc.exe:*:Enabled:TightVNC Win32 Server
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Documents and Settings\KK\My Documents\Downloads\AA_v3.exe" = C:\Documents and Settings\KK\My Documents\Downloads\AA_v3.exe:*:Enabled:Ammyy Admin
"C:\ODIN\Diet\Installer.exe" = C:\ODIN\Diet\Installer.exe:*:Enabled:TODO: <File description> -- (TODO: <Company name>)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{031C88EF-4EA5-4A9D-A77D-857A914CAFA5}" = ScanSoft RealSpeak
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DDFF679-AEDE-4BD3-8B56-0180A96BD1A7}" = OmniPage Pro 12.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 29
"{2F881B56-CBDF-4EC6-A8D2-6412A879C66A}_is1" = AMR Player 1.3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E04ABCA-E154-4A83-87E0-C1325B160968}" = StocksUP DayTrader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}" = LightScribe System Software 1.10.19.1
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65A54DC3-5FF6-4C75-906E-3EA1A3B71033}" = Nero 8 Essentials
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9ED9D728-9D4A-46D8-AF73-264CB0090AEA}" = AxCrypt 1.7.2687.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B43BAE6D-FC7F-4351-AF39-3ABC40C992DE}" = Sygate Personal Firewall
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D265D608-552A-498B-B624-3FD2DB38CF3E}" = CoreTrade
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{FB99AFEA-0B85-4FDB-8026-3B073033CC6D}" = NOW
"7-Zip" = 7-Zip 4.42
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Alarm_is1" = Alarm 2.0.1
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Easy To-Do_is1" = Easy To-Do 1
"Elantech" = ETDWare PS/2-x86 7.0.4.17_WHQL
"FotoTime_FA_3x_is1" = FotoAlbum 3.4.1
"Google Chrome" = Google Chrome
"HindiPad_is1" = HindiPad
"HP-LaserJet 1020 series" = LaserJet 1020 series
"ie8" = Windows Internet Explorer 8
"KeyboardTest_is1" = KeyboardTest V3.0
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"MetaStock Professional 9.1" = MetaStock Professional 9.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Ogg Codecs" = Ogg Codecs 0.81.15562
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"StocksUP EOD" = StocksUP EOD
"TeamViewer 6" = TeamViewer 6
"TIMELEFT3_is1" = TimeLeft Deluxe
"uTorrent" = µTorrent
"VLC media player" = VLC media player 0.9.2
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinZip" = WinZip

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21-Sep-12 12:38:33 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 5.5.0.1016, faulting
module superantispyware.exe, version 5.5.0.1016, fault address 0x00078e38.

Error - 21-Sep-12 12:40:13 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 5.5.0.1016, faulting
module superantispyware.exe, version 5.5.0.1016, fault address 0x00078e38.

Error - 21-Sep-12 12:48:38 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 5.5.0.1016, faulting
module superantispyware.exe, version 5.5.0.1016, fault address 0x00078e38.

Error - 21-Sep-12 1:12:43 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 5.5.0.1016, faulting
module superantispyware.exe, version 5.5.0.1016, fault address 0x00078ed0.

Error - 21-Sep-12 1:58:00 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application win49.tmp.exe, version 0.0.0.0, faulting module
win49.tmp.exe, version 0.0.0.0, fault address 0x00001c00.

Error - 21-Sep-12 7:46:21 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application win2.tmp.exe, version 0.0.0.0, faulting module
win2.tmp.exe, version 0.0.0.0, fault address 0x00001c00.

Error - 21-Sep-12 7:47:11 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application win4.tmp.exe, version 0.0.0.0, faulting module
win4.tmp.exe, version 0.0.0.0, fault address 0x00001c00.

Error - 21-Sep-12 7:53:09 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application win11.tmp.exe, version 0.0.0.0, faulting module
win11.tmp.exe, version 0.0.0.0, fault address 0x00001c00.

Error - 21-Sep-12 7:55:03 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application win13.tmp.exe, version 0.0.0.0, faulting module
win13.tmp.exe, version 0.0.0.0, fault address 0x00001c00.

Error - 22-Sep-12 7:01:37 AM | Computer Name = HOME_NOTEBOOK | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.65.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 21-Sep-12 6:14:01 AM | Computer Name = HOME_NOTEBOOK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 21-Sep-12 6:16:41 AM | Computer Name = HOME_NOTEBOOK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 21-Sep-12 7:29:14 AM | Computer Name = HOME_NOTEBOOK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 21-Sep-12 7:36:29 AM | Computer Name = HOME_NOTEBOOK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 21-Sep-12 7:39:01 AM | Computer Name = HOME_NOTEBOOK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 21-Sep-12 7:44:39 AM | Computer Name = HOME_NOTEBOOK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 21-Sep-12 7:45:54 AM | Computer Name = HOME_NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = The ASPI32 service failed to start due to the following error: %%2

Error - 21-Sep-12 1:34:17 PM | Computer Name = HOME_NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = The ASPI32 service failed to start due to the following error: %%2

Error - 22-Sep-12 6:19:20 AM | Computer Name = HOME_NOTEBOOK | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 88AE1DD3ED71 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 22-Sep-12 6:19:55 AM | Computer Name = HOME_NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = The ASPI32 service failed to start due to the following error: %%2


< End of report >


2. The aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-23 15:35:41
-----------------------------
15:35:41.234 OS Version: Windows 5.1.2600 Service Pack 3
15:35:41.234 Number of processors: 4 586 0x2505
15:35:41.234 ComputerName: HOME_NOTEBOOK UserName: KK
15:35:43.203 Initialize success
15:35:44.156 AVAST engine defs: 12092300
15:36:00.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:36:00.265 Disk 0 Vendor: HITACHI_HTS545050B9A300 PB4ZC61H Size: 476940MB BusType: 3
15:36:00.281 Disk 0 MBR read successfully
15:36:00.281 Disk 0 MBR scan
15:36:00.359 Disk 0 Windows XP default MBR code
15:36:00.359 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 153943 MB offset 63
15:36:00.359 Disk 0 Partition - 00 0F Extended LBA 307886 MB offset 315275625
15:36:00.375 Disk 0 Partition 2 00 12 Compaq diag NTFS 15109 MB offset 945829888
15:36:00.406 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 153943 MB offset 315275688
15:36:00.406 Disk 0 Partition - 00 05 Extended 153943 MB offset 630551250
15:36:00.421 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 153943 MB offset 630551313
15:36:00.421 Disk 0 scanning sectors +976773168
15:36:00.765 Disk 0 scanning C:\WINDOWS\system32\drivers
15:36:10.640 Service scanning
15:36:28.343 Modules scanning
15:36:42.015 Disk 0 trace - called modules:
15:36:42.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:36:42.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a3c8448]
15:36:42.046 3 CLASSPNP.SYS[b98e8fd7] -> nt!IofCallDriver -> \Device\0000007a[0x8a3a99e8]
15:36:42.046 5 ACPI.sys[b977f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a3a9d98]
15:36:42.765 AVAST engine scan C:\WINDOWS
15:36:48.109 AVAST engine scan C:\WINDOWS\system32
15:38:19.984 AVAST engine scan C:\WINDOWS\system32\drivers
15:38:29.734 AVAST engine scan C:\Documents and Settings\KK
15:48:17.984 AVAST engine scan C:\Documents and Settings\All Users
15:48:35.796 Scan finished successfully
15:48:52.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\KK\Desktop\MBR.dat"
15:48:52.531 The log file has been saved successfully to "C:\Documents and Settings\KK\Desktop\aswMBR.txt"


3. The .htm files are e-contract notes of my securities trades - have been receiving them everyday for years and they never caused any problems in the past.

4. The isseod.exe file is an executable utility to uncompress rar-format historical chart data files. The file was saved onto the desktop and expanded by the data vendor last week at the time of installing the software. I was in front of the machine when this was done (through remote access) and didn't notice anything amiss.

Thanks for your very kind attention, and best wishes,

alphabetagamma
  • 0

#4
godawgs
Posted 23 September 2012 - 11:33 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello, :)

Thanks for your very kind attention, and best wishes,

You're welcome and thank you.

The Sygate firewall is no longer supported. Sygate was purchased by Symantec years ago and folded into the Symantic firewall. It needs to be uninstalled. The good news is the Windows firewall is ON. If you want to install a 3rd party firewall we can address that during the cleanup process.

You have the following Peer-to-Peer program(s) installed:

uTorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors. All programs in black are malware or viruses and must be deleted, along with the corresponding folders and files in black.


Step-1.

Program uninstalls and Optional Removals

1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

Sygate Personal Firewall
uTorrent

3. Click on each program to highlight it and click Change/Remove.
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\Sygate
C:\Program Files\uTorrent
C:\Documents and Settings\All Users\Application Data\uTorrent

2. Close Windows Explorer


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.
:COMMANDS
[CREATERESTOREPOINT]

:OTL
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000002682e24081
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.0
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=110817&tt=050412_30b&babsrc=KW_ss&mntrId=70725ce6000000000000002682e24081&q="
[2012-04-07 12:42:54 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\KK\Application Data\Mozilla\Firefox\Profiles\rq7m0lq3.default\extensions\[email protected]
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\Smc.exe (Sygate Technologies, Inc.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{3899a87f-6cc2-11e1-a275-002682e24081}\Shell - "" = AutoRun
O33 - MountPoints2\{3899a87f-6cc2-11e1-a275-002682e24081}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3899a87f-6cc2-11e1-a275-002682e24081}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{3899a881-6cc2-11e1-a275-002682e24081}\Shell - "" = AutoRun
O33 - MountPoints2\{3899a881-6cc2-11e1-a275-002682e24081}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3899a881-6cc2-11e1-a275-002682e24081}\Shell\AutoRun\command - "" = G:\autorun.exe

:FILES
ipconfig /flushdns /c

:COMMANDS
[EMPTYTEMP]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Re-open OTL
  • Check the box beside Scan All Users at the top of the console.<---Very Important
  • Make sure the Output box at the top is set to Minimal Output.
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is saved in the same location as OTL.
  • Please copy the contents of the OTL.txt file and paste it into your reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.


Step-3.

Virustotal File Upload:

There are some files I need checked.

To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
    NOTE.. Only one file per scan

    • C:\Documents and Settings\KK\Application Data\folidx1
    • C:\Documents and Settings\KK\Application Data\sbg.xml
    • C:\WINDOWS\System32\NT00INJ.DLL
    • C:\WINDOWS\DK00VSYS.DLL
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button.
  • Please be patient while the file is scanned. It may take several minutes.
  • Once the scan results appear, please provide them in your next reply, or copy and paste the Virustotal link(s) (URL) in your next reply
  • Repeat 1 thru 7 for each file listed.


Step-4.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
Doubleclick the FSS.exe file to run it. (Vista and 7 users may need to right click the file and click Run as Administrator)
  • Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Step-5.

Run Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step-6.

Things For Your Next Post:
1. The OTL fixes log
2. The new OTL.txt log
3. The VirusTotal results or links
4. The FSS.txt log
5. The Checkup.txt log
  • 0

#5
alphabetagamma
Posted 24 September 2012 - 06:59 AM

alphabetagamma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi, here are the logs as desired:

a. OTL fixes log: (I should mention here the shut-down post-OTL fixes didn't complete and the machine had to be forced shut and then restarted).

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: [email protected]:1.2.0 removed from extensions.enabledAddons
Prefs.js: "http://search.babylo...02682e24081&q=" removed from keyword.URL
Folder C:\Documents and Settings\KK\Application Data\Mozilla\Firefox\Profiles\rq7m0lq3.default\extensions\[email protected]\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SmcService not found.
File C:\Program Files\Sygate\Smc.exe not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3899a87f-6cc2-11e1-a275-002682e24081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3899a87f-6cc2-11e1-a275-002682e24081}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3899a87f-6cc2-11e1-a275-002682e24081}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3899a87f-6cc2-11e1-a275-002682e24081}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3899a87f-6cc2-11e1-a275-002682e24081}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3899a87f-6cc2-11e1-a275-002682e24081}\ not found.
File G:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3899a881-6cc2-11e1-a275-002682e24081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3899a881-6cc2-11e1-a275-002682e24081}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3899a881-6cc2-11e1-a275-002682e24081}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3899a881-6cc2-11e1-a275-002682e24081}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3899a881-6cc2-11e1-a275-002682e24081}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3899a881-6cc2-11e1-a275-002682e24081}\ not found.
File G:\autorun.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\KK\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\KK\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 3305315 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Google Chrome cache emptied: 8923105 bytes
->Flash cache emptied: 343 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: KK
->Temp folder emptied: 3504263 bytes
->Temporary Internet Files folder emptied: 1058495507 bytes
->Java cache emptied: 379111 bytes
->FireFox cache emptied: 22472393 bytes
->Google Chrome cache emptied: 77770619 bytes
->Opera cache emptied: 169752 bytes
->Flash cache emptied: 754 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1463398 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 304201 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 349957 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 105257579 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 605468605 bytes

Total Files Cleaned = 1,803.00 mb


OTL by OldTimer - Version 3.2.65.1 log created on 09242012_155413

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

b. OTL text log:


OTL logfile created on: 24-Sep-12 4:24:42 PM - Run 2
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Documents and Settings\KK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.87 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 80.34% Memory free
4.71 Gb Paging File | 4.25 Gb Available in Paging File | 90.32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 150.34 Gb Total Space | 123.66 Gb Free Space | 82.26% Space Free | Partition Type: NTFS
Drive D: | 150.34 Gb Total Space | 123.56 Gb Free Space | 82.19% Space Free | Partition Type: NTFS
Drive E: | 150.34 Gb Total Space | 150.03 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
Drive F: | 1.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME_NOTEBOOK | User Name: KK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\KK\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Java RE 6.24\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
PRC - C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.)
PRC - C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
PRC - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\USB Camera2\VM332_STI.EXE (Vimicro)
PRC - C:\Program Files\Lenovo Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe (Conexant Systems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
PRC - C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
PRC - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)
PRC - C:\Program Files\ScanSoft\OmniPagePro12.0\opware12.exe (ScanSoft, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Avast\defs\12092400\algo.dll ()
MOD - C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\21.0.1180.89\avutil-51.dll ()
MOD - C:\Program Files\Google\Chrome\Application\21.0.1180.89\avformat-54.dll ()
MOD - C:\Program Files\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll ()
MOD - C:\WINDOWS\system32\btwicons.dll ()
MOD - C:\Program Files\Lenovo Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Program Files\Lenovo\Energy Management\KbdHook.dll ()
MOD - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()


========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\Avast\AvastSvc.exe (AVAST Software)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java RE 6.24\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (UNS) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (btwdins) -- C:\Program Files\Lenovo Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (AVG Anti-Spyware Guard) -- C:\Program Files\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (qcusbser) -- system32\DRIVERS\cmusbser.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (ASPI32) -- File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswKbd) -- C:\WINDOWS\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDAU32.sys (Conexant Systems Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (Impcd) -- C:\WINDOWS\system32\drivers\Impcd.sys (Intel Corporation)
DRV - (IntcDAud) -- C:\WINDOWS\system32\drivers\IntcDAud.sys (Intel® Corporation)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (vm332avs) -- C:\WINDOWS\system32\drivers\vm332avs.sys (Vimicro Corporation)
DRV - (HECI) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (ACPIVPC) -- C:\WINDOWS\system32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (AVG Anti-Spyware Driver) -- C:\Program Files\AVG Anti-Spyware 7.5\guard.sys ()
DRV - (AvgAsCln) -- C:\WINDOWS\system32\drivers\AvgAsCln.sys (GRISOFT, s.r.o.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
IE - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\..\SearchScopes,DefaultScope = {1D84549F-527B-4AC3-916A-6C048ED13AA0}
IE - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\..\SearchScopes\{1D84549F-527B-4AC3-916A-6C048ED13AA0}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: [email protected]:7.0.1466


FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java RE 6.24\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2088: C:\Program Files\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2146: C:\Program Files\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1069: C:\Program Files\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java RE 6.24\lib\deploy\jqs\ff [2011-03-07 17:52:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST\WebRep\FF [2012-08-31 09:12:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-11-05 12:36:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011-11-05 12:37:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\KK\Application Data\Mozilla\Extensions
[2012-04-07 12:42:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\KK\Application Data\Mozilla\Firefox\Profiles\rq7m0lq3.default\extensions
[2012-04-07 12:42:54 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\KK\Application Data\Mozilla\Firefox\Profiles\rq7m0lq3.default\extensions\[email protected]
[2011-11-05 12:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-08-31 09:12:39 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST\WEBREP\FF
[2011-03-07 17:52:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA RE 6.24\LIB\DEPLOY\JQS\FF
[2011-09-29 12:23:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-09-29 05:56:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - homepage: http://google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\KK\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java RE 6.24\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java RE 6.24\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\RealPlayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Documents and Settings\KK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\KK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\KK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Gmail = C:\Documents and Settings\KK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2007-08-11 12:28:33 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java RE 6.24\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java RE 6.24\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [332BigDog] C:\Program Files\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Opware12] C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\Lenovo Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\..Trusted Domains: religare.in ([crn] http in Trusted sites)
O15 - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\..Trusted Domains: religare.in ([files] ftp in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1299502970375 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96FF19CA-A816-4ACB-9EED-4FC55D8F82BE}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-02-25 20:08:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-09-24 15:54:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-09-23 15:33:47 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\KK\Desktop\aswMBR.exe
[2012-09-22 16:29:46 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\KK\Desktop\OTL.exe
[2012-09-21 13:10:03 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\KK\Desktop\HijackThis.exe
[2012-09-21 12:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KK\Application Data\Grisoft
[2012-09-21 12:21:31 | 000,010,872 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgAsCln.sys
[2012-09-21 12:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2012-09-21 12:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Anti-Spyware 7.5
[2012-09-21 10:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KK\Application Data\SUPERAntiSpyware.com
[2012-09-21 10:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012-09-21 10:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012-09-21 10:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012-09-21 10:08:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2012-09-21 10:06:27 | 020,549,528 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\KK\Desktop\SUPERAntiSpyware.exe
[2012-09-20 00:50:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\KK\Recent
[2012-09-18 16:37:49 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2012-09-18 16:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\CoreTrade
[2012-09-18 16:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CoreTrade
[2012-09-18 15:11:53 | 248,614,244 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\KK\Desktop\isseod.exe

========== Files - Modified Within 30 Days ==========

[2012-09-24 16:18:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-09-24 16:08:12 | 000,463,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-09-24 16:08:12 | 000,079,106 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-09-24 16:04:21 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012-09-24 16:03:52 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-09-24 16:03:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-09-24 16:03:44 | 3077,464,064 | -HS- | M] () -- C:\hiberfil.sys
[2012-09-24 15:44:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-09-24 14:28:20 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2012-09-23 17:38:29 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012-09-23 15:48:52 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\MBR.dat
[2012-09-23 15:34:16 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\KK\Desktop\aswMBR.exe
[2012-09-23 14:48:42 | 000,002,955 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\sbg.xml
[2012-09-23 14:48:40 | 000,023,545 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\folidx1
[2012-09-22 16:29:52 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KK\Desktop\OTL.exe
[2012-09-21 12:21:34 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk
[2012-09-21 12:18:35 | 012,413,440 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\avgas-setup-7.5.1.43.exe
[2012-09-21 12:02:44 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\KK\Desktop\HijackThis.exe
[2012-09-21 10:42:24 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012-09-21 10:06:28 | 020,549,528 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\KK\Desktop\SUPERAntiSpyware.exe
[2012-09-20 21:26:26 | 000,059,858 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120920_SA638_NSEF607880_0.htm
[2012-09-18 22:54:14 | 000,062,906 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120918_SA638_NSEF602701_0.htm
[2012-09-18 17:38:11 | 000,001,650 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\Microsoft\Internet Explorer\Quick Launch\CoreTrade.lnk
[2012-09-17 22:22:28 | 000,065,953 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120917_SA638_NSEF597333_0.htm
[2012-09-14 01:01:30 | 000,061,887 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120913_SA638_NSEF585258_0.htm
[2012-09-13 08:43:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-09-12 23:48:22 | 000,061,891 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120912_SA638_NSEF580812_0.htm
[2012-09-12 15:11:03 | 248,614,244 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\KK\Desktop\isseod.exe
[2012-09-12 00:14:52 | 000,063,915 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120911_SA638_NSEF575929_0.htm
[2012-09-10 22:53:06 | 000,062,911 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120910_SA638_NSEF571558_0.htm
[2012-09-10 09:38:10 | 000,002,135 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\Microsoft\Internet Explorer\Quick Launch\StocksUP DayTrader Update Past.lnk
[2012-09-09 13:59:09 | 000,248,887 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\Insurance.pdf
[2012-09-09 13:57:54 | 000,855,137 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\Sec Mkts basic.pdf
[2012-09-09 13:43:27 | 000,966,127 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\Sec. Mkts - Adv..pdf
[2012-09-09 13:36:31 | 000,244,137 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\Fin Mkts - beginner.pdf
[2012-09-07 12:32:58 | 000,464,828 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\GATS ex jurisint.org.pdf
[2012-09-07 11:49:10 | 014,919,628 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\IPR in Indian context.pdf
[2012-09-07 11:45:42 | 015,055,207 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\Dispute resolution under WTO.pdf
[2012-09-05 09:20:48 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012-09-04 18:33:44 | 000,096,101 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\2176456_lk5nb055vlqayamoqsywzj55.pdf
[2012-09-03 09:10:14 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-09-03 09:10:13 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-08-31 09:13:29 | 000,002,616 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

========== Files Created - No Company Name ==========

[2012-09-23 15:48:52 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\MBR.dat
[2012-09-21 17:15:23 | 3077,464,064 | -HS- | C] () -- C:\hiberfil.sys
[2012-09-21 12:21:34 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk
[2012-09-21 12:17:29 | 012,413,440 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\avgas-setup-7.5.1.43.exe
[2012-09-21 10:08:26 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012-09-20 21:26:26 | 000,059,858 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120920_SA638_NSEF607880_0.htm
[2012-09-18 22:54:14 | 000,062,906 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120918_SA638_NSEF602701_0.htm
[2012-09-18 17:38:11 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\KK\Application Data\Microsoft\Internet Explorer\Quick Launch\CoreTrade.lnk
[2012-09-18 16:53:15 | 000,002,955 | ---- | C] () -- C:\Documents and Settings\KK\Application Data\sbg.xml
[2012-09-18 16:49:07 | 000,023,545 | ---- | C] () -- C:\Documents and Settings\KK\Application Data\folidx1
[2012-09-17 22:22:28 | 000,065,953 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120917_SA638_NSEF597333_0.htm
[2012-09-14 01:01:30 | 000,061,887 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120913_SA638_NSEF585258_0.htm
[2012-09-12 23:48:22 | 000,061,891 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120912_SA638_NSEF580812_0.htm
[2012-09-12 00:14:52 | 000,063,915 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120911_SA638_NSEF575929_0.htm
[2012-09-10 22:53:06 | 000,062,911 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120910_SA638_NSEF571558_0.htm
[2012-09-09 13:59:19 | 000,248,887 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\Insurance.pdf
[2012-09-09 13:58:16 | 000,855,137 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\Sec Mkts basic.pdf
[2012-09-09 13:43:50 | 000,966,127 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\Sec. Mkts - Adv..pdf
[2012-09-09 13:36:46 | 000,244,137 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\Fin Mkts - beginner.pdf
[2012-09-07 12:33:24 | 000,464,828 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\GATS ex jurisint.org.pdf
[2012-09-07 11:49:27 | 014,919,628 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\IPR in Indian context.pdf
[2012-09-07 11:46:05 | 015,055,207 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\Dispute resolution under WTO.pdf
[2012-09-04 18:33:54 | 000,096,101 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\2176456_lk5nb055vlqayamoqsywzj55.pdf
[2012-08-16 15:13:16 | 000,000,563 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2012-08-16 15:07:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\setscan.ini
[2012-04-10 09:52:35 | 000,029,378 | ---- | C] () -- C:\WINDOWS\Pkunzip.exe
[2012-04-09 10:14:30 | 000,000,285 | ---- | C] () -- C:\WINDOWS\winros.ini
[2012-03-14 12:09:34 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\MetaLib.dll
[2012-03-05 19:04:32 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\fusioncache.dat
[2012-03-05 19:03:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\regset.INI
[2012-03-05 19:02:10 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2012-03-05 19:02:10 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\dbcapi.dll
[2012-03-05 19:02:09 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\LFCMP61N.DLL
[2012-03-05 19:02:09 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\Lfpng61n.dll
[2012-03-05 19:02:09 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL61N.DLL
[2012-03-05 19:02:09 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\MSWTHK32.DLL
[2012-03-05 19:02:09 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2012-03-05 19:02:09 | 000,003,360 | ---- | C] () -- C:\WINDOWS\System32\MSWTHK16.DLL
[2011-09-27 13:22:35 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2011-09-27 13:02:05 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2011-09-27 13:02:00 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2011-09-27 13:02:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2011-08-29 19:36:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\{775FAB5F-8909-4007-A2DF-0D79F8301DFC}
[2011-08-01 19:36:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\{F5D43B68-2EAA-4985-B68A-31D7D1BC0484}
[2011-06-14 20:15:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\{B2D1400A-2469-4B11-9C95-6B588D5F440B}
[2011-04-11 14:37:29 | 000,307,084 | ---- | C] () -- C:\Documents and Settings\KK\U_010311_009_002799_015844.pdf
[2011-03-24 11:21:52 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-03-23 17:33:12 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NT00INJ.DLL
[2011-03-23 17:33:12 | 000,001,024 | R--- | C] () -- C:\WINDOWS\DK00VSYS.DLL
[2011-03-23 17:24:07 | 000,019,083 | ---- | C] () -- C:\WINDOWS\Deltree.exe
[2011-03-07 18:15:27 | 000,864,256 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2011-03-07 18:15:27 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll
[2011-03-07 18:15:27 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2011-03-07 17:59:14 | 000,314,880 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2011-03-07 17:02:11 | 000,442,368 | R--- | C] () -- C:\WINDOWS\System32\zshp1020.exe
[2011-03-07 17:02:11 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2011-03-07 16:47:52 | 000,001,387 | ---- | C] () -- C:\WINDOWS\Bringer.INI
[2011-03-03 17:53:56 | 000,000,114 | ---- | C] () -- C:\Documents and Settings\KK\default.pls
[2011-03-01 13:06:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011-02-28 15:30:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011-02-28 13:38:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\vm332Rmv.ini
[2011-02-28 13:08:33 | 000,870,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng575.bin
[2011-02-28 13:08:33 | 000,127,868 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
[2011-02-28 13:08:33 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011-02-28 13:08:29 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011-02-28 12:08:15 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011-02-26 01:28:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-02-26 01:26:56 | 000,149,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-02-25 20:12:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-02-25 20:05:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2012-03-05 18:52:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC359956

< End of report >

c. virustotal reports in respect of four items:

SHA256: 70cdc62ed89345fcba5e8dd18f767532d05193f069160fd73161066f66e9b7de
SHA1: 1140e21b660a5b73ee49e162ef2f12bd0fbb327f
MD5: 0fe123fd5b8b0b672183c42b4b4e6986
File size: 23.0 KB ( 23545 bytes )
File name: folidx1
File type: unknown
Detection ratio: 0 / 43
Analysis date: 2012-09-24 12:52:29 UTC ( 0 minutes ago )
00
More details
Antivirus Result Update
Agnitum - 20120923
AhnLab-V3 - 20120924
AntiVir - 20120924
Antiy-AVL - 20120911
Avast - 20120924
AVG - 20120923
BitDefender - 20120924
ByteHero - 20120918
CAT-QuickHeal - 20120924
ClamAV - 20120924
Commtouch - 20120924
Comodo - 20120924
DrWeb - 20120924
Emsisoft - 20120919
eSafe - 20120920
ESET-NOD32 - 20120924
F-Prot - 20120924
F-Secure - 20120924
Fortinet - 20120924
GData - 20120924
Ikarus - 20120924
Jiangmin - 20120924
K7AntiVirus - 20120921
Kaspersky - 20120924
Kingsoft - 20120918
McAfee - 20120924
McAfee-GW-Edition - 20120924
Microsoft - 20120924
Norman - 20120924
nProtect - 20120924
Panda - 20120923
PCTools - 20120924
Rising - 20120924
Sophos - 20120924
SUPERAntiSpyware - 20120911
Symantec - 20120924
TheHacker - 20120923
TotalDefense - 20120923
TrendMicro - 20120924
TrendMicro-HouseCall - 20120924
VBA32 - 20120924
VIPRE - 20120924
ViRobot - 20120924
Comments
Votes
Additional information
No comments

SHA256: 87c8db9e3c0fb1ad15ccb479dd112c096c4fdec2a5c32f1163c40783810e2bba
SHA1: e7c612177b914bf0b818ba8fb3e056fb35fc63d5
MD5: d00a5fde55d5cf4188fa5687f8d161a6
File size: 2.9 KB ( 2955 bytes )
File name: sbg.xml
File type: XML
Detection ratio: 0 / 43
Analysis date: 2012-09-24 12:55:27 UTC ( 0 minutes ago )
00
More details
Antivirus Result Update
Agnitum - 20120923
AhnLab-V3 - 20120924
AntiVir - 20120924
Antiy-AVL - 20120911
Avast - 20120924
AVG - 20120923
BitDefender - 20120924
ByteHero - 20120924
CAT-QuickHeal - 20120924
ClamAV - 20120924
Commtouch - 20120924
Comodo - 20120924
DrWeb - 20120924
Emsisoft - 20120919
eSafe - 20120920
ESET-NOD32 - 20120924
F-Prot - 20120924
F-Secure - 20120924
Fortinet - 20120924
GData - 20120924
Ikarus - 20120924
Jiangmin - 20120924
K7AntiVirus - 20120921
Kaspersky - 20120924
Kingsoft - 20120918
McAfee - 20120924
McAfee-GW-Edition - 20120924
Microsoft - 20120924
Norman - 20120924
nProtect - 20120924
Panda - 20120923
PCTools - 20120924
Rising - 20120924
Sophos - 20120924
SUPERAntiSpyware - 20120911
Symantec - 20120924
TheHacker - 20120923
TotalDefense - 20120923
TrendMicro - 20120924
TrendMicro-HouseCall - 20120924
VBA32 - 20120924
VIPRE - 20120924
ViRobot - 20120924
Comments
Votes
Additional information
No comments


SHA256: 337226cc623206696e503b2a327e1d0b19af2d19da98d4cfcb7c219aa49e92fc
File name: NT00INJ.DLL
Detection ratio: 0 / 43
Analysis date: 2012-09-24 11:05:44 UTC ( 1 minute ago )
00
More details
Antivirus Result Update
Agnitum - 20120923
AhnLab-V3 - 20120923
AntiVir - 20120924
Antiy-AVL - 20120911
Avast - 20120924
AVG - 20120923
BitDefender - 20120924
ByteHero - 20120924
CAT-QuickHeal - 20120924
ClamAV - 20120924
Commtouch - 20120924
Comodo - 20120924
DrWeb - 20120924
Emsisoft - 20120919
eSafe - 20120920
ESET-NOD32 - 20120924
F-Prot - 20120924
F-Secure - 20120924
Fortinet - 20120924
GData - 20120924
Ikarus - 20120924
Jiangmin - 20120924
K7AntiVirus - 20120921
Kaspersky - 20120924
Kingsoft - 20120918
McAfee - 20120924
McAfee-GW-Edition - 20120924
Microsoft - 20120924
Norman - 20120924
nProtect - 20120924
Panda - 20120923
PCTools - 20120924
Rising - 20120924
Sophos - 20120924
SUPERAntiSpyware - 20120911
Symantec - 20120924
TheHacker - 20120923
TotalDefense - 20120923
TrendMicro - 20120924
TrendMicro-HouseCall - 20120924
VBA32 - 20120924
VIPRE - 20120924
ViRobot - 20120924

SHA256: 337226cc623206696e503b2a327e1d0b19af2d19da98d4cfcb7c219aa49e92fc
SHA1: c96ae077c5f91087af87874a4aa909a4f1d59658
MD5: 7a9dd0e195deb4a910c58af9fc1983e7
File size: 1.0 KB ( 1024 bytes )
File name: DK00VSYS.DLL
File type: unknown
Detection ratio: 0 / 43
Analysis date: 2012-09-24 11:11:28 UTC ( 0 minutes ago )
00
More details
Antivirus Result Update
Agnitum - 20120923
AhnLab-V3 - 20120923
AntiVir - 20120924
Antiy-AVL - 20120911
Avast - 20120924
AVG - 20120923
BitDefender - 20120924
ByteHero - 20120918
CAT-QuickHeal - 20120924
ClamAV - 20120924
Commtouch - 20120924
Comodo - 20120924
DrWeb - 20120924
Emsisoft - 20120919
eSafe - 20120920
ESET-NOD32 - 20120924
F-Prot - 20120924
F-Secure - 20120924
Fortinet - 20120924
GData - 20120924
Ikarus - 20120924
Jiangmin - 20120924
K7AntiVirus - 20120921
Kaspersky - 20120924
Kingsoft - 20120918
McAfee - 20120924
McAfee-GW-Edition - 20120924
Microsoft - 20120924
Norman - 20120924
nProtect - 20120924
Panda - 20120923
PCTools - 20120924
Rising - 20120924
Sophos - 20120924
SUPERAntiSpyware - 20120911
Symantec - 20120924
TheHacker - 20120923
TotalDefense - 20120923
TrendMicro - 20120924
TrendMicro-HouseCall - 20120924
VBA32 - 20120924
VIPRE - 20120924
ViRobot - 20120924

d. The fss log:

Farbar Service Scanner Version: 19-09-2012
Ran by KK (administrator) on 24-09-2012 at 17:41:22
Running from "C:\Documents and Settings\KK\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000A00000009000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

e. The securitycheck.exe log:

Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
AVG Anti-Spyware 7.5
SUPERAntiSpyware
Java™ 6 Update 29
Java version out of Date!
Adobe Reader 6 Adobe Reader out of Date!
Mozilla Firefox (7.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
AVAST AvastSvc.exe
AVAST avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 28% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


As advised, I uninstalled the sygate and utorrent applications. Would you be able to recommend some replacement for sygate personal firewall. Also, if I may ask, is it your position that being outdated and unsupported, sygate is not very effective as a firewall, or do you believe it also potentially could cause some harm?

Once again your help is greatly appreciated.

Best wishes,

alphabetagamma
  • 0

#6
godawgs
Posted 24 September 2012 - 08:38 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

As advised, I uninstalled the sygate and utorrent applications.

Thank you.

Would you be able to recommend some replacement for sygate personal firewall.

Yep! We will address that after we are sure your symptoms are gone. For now the Windows Firewall is running, so you are being protected.

Also, if I may ask, is it your position that being outdated and unsupported, sygate is not very effective as a firewall, or do you believe it also potentially could cause some harm?

Yes, and yes. Since it is no longer supported you can't get updates for it, that can harm the computer by letting threats thru that hadn't been discovered years ago.

Let's do a sweep for any malware remnants. After this round tell me how the computer is running. Are you still getting the win.temp.exe errors?


Step-1.

Posted ImageMalwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Once downloaded, close all programs and browsers on your computer.

Double Click the mbam-setup.exe file to install the application. (Windows Vista/7 users will need to right click on the file and click Run As Administrator, then click the Continue button on the UAC window.)
  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings.
  • When the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan.
  • As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.

    NOTE: When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)

    Posted Image
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
  • MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image
    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.<---Very Important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

I would suggest that you keep this antimalware program. Run a Quick Scan frequently and a Full Scan every week or so. Update the definition files before running a scan. Click the Update tab and update from there.


Step-2.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
  • When completed Do Not select Uninstall application on close
  • Make sure you copy the logfile.
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step-3.

AdwCleaner by Xplode

Download AdwCleaner from here to your desktop.
Close all open windows and browsers.

  • XP users, double click the adwcleaner.exe file to run AdwCleaner. (Vista and 7 users)right click The adwcleaner.exe, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    Posted Image
  • Click the Search button and wait for the scan to finish.
  • Once done it will ask to reboot, allow this.
  • On reboot a log will be produced please attach that. This report is also saved to C:\AdwCleaner[R1].txt


Step-4.

Things For Your Next Post:
1. The MalwareBytes log
2. The ESET log
3. The AdwCleaner[R1].txt log
  • 0

#7
alphabetagamma
Posted 25 September 2012 - 06:56 AM

alphabetagamma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello sir,

The logs as desired:

a) The malwarebyte log:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.25.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
KK :: HOME_NOTEBOOK [administrator]

25-Sep-12 3:49:53 PM
mbam-log-2012-09-25 (15-49-53).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 284149
Time elapsed: 44 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

2.The ESTonlinescanner log:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=fa4aa77196d5304aac906cdc3d34cbbd
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-25 11:58:08
# local_time=2012-09-25 05:28:08 (+0530, India Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=76548
# found=0
# cleaned=0
# scan_time=1907

3. The Adwcleaner log:


# AdwCleaner v2.003 - Logfile created 09/25/2012 at 17:52:28
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : KK - HOME_NOTEBOOK
# Boot Mode : Normal
# Running from : C:\Documents and Settings\KK\My Documents\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\user.js
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\KK\Application Data\Babylon
Folder Found : C:\Documents and Settings\KK\Application Data\Mozilla\Firefox\Profiles\rq7m0lq3.default\extensions\[email protected]

***** [Registry] *****

Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110817&tt=050412_30b&babsrc=NT_ss&mntrId=70725ce6000000000000002682e24081

-\\ Mozilla Firefox v7.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\KK\Application Data\Mozilla\Firefox\Profiles\rq7m0lq3.default\prefs.js

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.babExt", "");
Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=110817&tt=050412_30b");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 20);
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Found : user_pref("extensions.BabylonToolbar.hmpg", true);
Found : user_pref("extensions.BabylonToolbar.id", "70725ce6000000000000002682e24081");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15437");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=110817&tt=050412[...]
Found : user_pref("extensions.BabylonToolbar.lastDP", 20);
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1712:42:53");
Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "7.0");
Found : user_pref("extensions.BabylonToolbar.newTab", true);
Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.propectorlck", 86705598);
Found : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Found : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1712:42:53");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110817&tt=050412_30b");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "70725ce6000000000000002682e24081");
Found : user_pref("extensions.BabylonToolbar_i.id", "70725ce6000000000000002682e24081");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15437");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1712:42:53");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\KK\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v [Unable to get version]

File : C:\Documents and Settings\KK\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5454 octets] - [25/09/2012 17:52:28]

########## EOF - C:\AdwCleaner[R1].txt - [5514 octets] ##########

As to the status of my computer, unfortunately the original problem remains unchanged. A screenshot of the latest search result of files in question is attached.

Best wishes,

alphabetagamma

Attached Thumbnails

  • wintmp.JPG

  • 0

#8
godawgs
Posted 25 September 2012 - 11:04 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
The MalwareBytes and ESET scans look good. But Adwcleaner found more Babylon entries. At the end of this run let me know if the problem remains.


Step-1.

Re-run AdwCleaner Fix

Close all open windows and browsers.

Re-open AdwCleaner
  • Double click the adwcleaner.exe file to run AdwCleaner. (Vista and 7 users)right click The adwcleaner.exe, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Deletion button and wait for the scan.
    Posted Image
  • Everything that was found will be deleted.
  • When the scan ends, a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please attach that. This report is also saved to C:\AdwCleaner[S1].txt


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.
:COMMANDS
[CREATERESTOREPOINT]

:FILES
%systemroot%\prefetch\*.* 

:COMMANDS
[EMPTYTEMP]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

Posted Image Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications before downloading ComboFix. This is usually done via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

Download ComboFix from one of the following locations:

Link 1
Link 2

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console (XP only)

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer. That will cure it.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Don't forget to re-enable your Firewall and Anti-Virus


Step-4.

Things For Your Next Post:
1. The AdwCleaner[S1].txt log
2. The OTL fixes log
3. The ComboFix log
  • 0

#9
alphabetagamma
Posted 26 September 2012 - 11:40 AM

alphabetagamma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi,

This round didn't go smoothly. The machine went into a hang at the shut-down stage while performing post-Adwcleaner and OTL-fix reboots. Had to be force-shut. Also the combofix operation didn't complete even after an hour and a half - nothing seemed to be happening - so forced-shut the machine - didn't re-run combofix following clear advice not to do so - apparently no log was generated. Here are the two logs:

1. The Adwcleaner log:


# AdwCleaner v2.003 - Logfile created 09/26/2012 at 20:30:12
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : KK - HOME_NOTEBOOK
# Boot Mode : Normal
# Running from : C:\Documents and Settings\KK\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110817&tt=050412_30b&babsrc=NT_ss&mntrId=70725ce6000000000000002682e24081 --> hxxp://www.google.com

-\\ Mozilla Firefox v7.0.1 (en-US)

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\KK\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v [Unable to get version]

File : C:\Documents and Settings\KK\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5583 octets] - [25/09/2012 17:52:28]
AdwCleaner[S1].txt - [2155 octets] - [26/09/2012 20:30:12]

########## EOF - C:\AdwCleaner[S1].txt - [2215 octets] ##########

2. The OTL fix log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\WINDOWS\prefetch\ADWCLEANER.EXE-2160882E.pf moved successfully.
C:\WINDOWS\prefetch\ALG.EXE-0F138680.pf moved successfully.
C:\WINDOWS\prefetch\AVAST.SETUP-1B9EC024.pf moved successfully.
C:\WINDOWS\prefetch\BTWDINS.EXE-39CE055F.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-06157C0F.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-06157C12.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-06157C16.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-06157C1C.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-06157C1D.pf moved successfully.
C:\WINDOWS\prefetch\CORETRADE.EXE-259BF275.pf moved successfully.
C:\WINDOWS\prefetch\DIETODIN.EXE-199D27A7.pf moved successfully.
C:\WINDOWS\prefetch\DRWTSN32.EXE-2B4B52AC.pf moved successfully.
C:\WINDOWS\prefetch\DWWIN.EXE-30875ADC.pf moved successfully.
C:\WINDOWS\prefetch\EQDATSRV.EXE-10FA8318.pf moved successfully.
C:\WINDOWS\prefetch\EQFILSRV.EXE-1623D7C6.pf moved successfully.
C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf moved successfully.
C:\WINDOWS\prefetch\FLASHPLAYERUPDATESERVICE.EXE-34BC5027.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-1A47A643.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATE.EXE-1E123D86.pf moved successfully.
C:\WINDOWS\prefetch\HELPSVC.EXE-2878DDA2.pf moved successfully.
C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf moved successfully.
C:\WINDOWS\prefetch\IGFXSRVC.EXE-2FB63FE8.pf moved successfully.
C:\WINDOWS\prefetch\IMAPI.EXE-0BF740A4.pf moved successfully.
C:\WINDOWS\prefetch\JAVA.EXE-22CEDF25.pf moved successfully.
C:\WINDOWS\prefetch\JQS.EXE-00542422.pf moved successfully.
C:\WINDOWS\prefetch\JUCHECK.EXE-1B0E4D0A.pf moved successfully.
C:\WINDOWS\prefetch\Layout.ini moved successfully.
C:\WINDOWS\prefetch\LMS.EXE-34044993.pf moved successfully.
C:\WINDOWS\prefetch\LODCTR.EXE-1009C3B4.pf moved successfully.
C:\WINDOWS\prefetch\LOGONUI.EXE-0AF22957.pf moved successfully.
C:\WINDOWS\prefetch\LSSRVC.EXE-04067753.pf moved successfully.
C:\WINDOWS\prefetch\MSCORSVW.EXE-1366B4F5.pf moved successfully.
C:\WINDOWS\prefetch\MSIMN.EXE-38BA891D.pf moved successfully.
C:\WINDOWS\prefetch\MSMSGS.EXE-2B6052DE.pf moved successfully.
C:\WINDOWS\prefetch\MSWIN.EXE-08AB5493.pf moved successfully.
C:\WINDOWS\prefetch\NBSERVICE.EXE-0EB57776.pf moved successfully.
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
C:\WINDOWS\prefetch\ODINARBITRAGE.EXE-06FBAE6C.pf moved successfully.
C:\WINDOWS\prefetch\ODINFTP.EXE-0EFDA2E4.pf moved successfully.
C:\WINDOWS\prefetch\OTL.EXE-22983BC8.pf moved successfully.
C:\WINDOWS\prefetch\REGSVR32.EXE-25EEFE2F.pf moved successfully.
C:\WINDOWS\prefetch\SASCORE.EXE-22E1D4D0.pf moved successfully.
C:\WINDOWS\prefetch\SCRNSAVE.SCR-017F06EB.pf moved successfully.
C:\WINDOWS\prefetch\SVCHOST.EXE-3530F672.pf moved successfully.
C:\WINDOWS\prefetch\UNS.EXE-24E755A3.pf moved successfully.
C:\WINDOWS\prefetch\UPDATE.EXE-1D0B15B9.pf moved successfully.
C:\WINDOWS\prefetch\UPDATE.EXE-2AB87697.pf moved successfully.
C:\WINDOWS\prefetch\WDFMGR.EXE-2CF4013B.pf moved successfully.
C:\WINDOWS\prefetch\WINROS.EXE-16C4AA3A.pf moved successfully.
C:\WINDOWS\prefetch\WMIADAP.EXE-2DF425B2.pf moved successfully.
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf moved successfully.
C:\WINDOWS\prefetch\WMPLAYER.EXE-18DDEF9D.pf moved successfully.
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: KK
->Temp folder emptied: 568131 bytes
->Temporary Internet Files folder emptied: 17398758 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 326622113 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 75123 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 34791346 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 362.00 mb


OTL by OldTimer - Version 3.2.65.1 log created on 09262012_204210

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


As at this point of time, the win*.tmp.exe problem hasn't gone away - it's still there.

Appreciate your help.

best wishes,

alphabetagamma
  • 0

#10
godawgs
Posted 26 September 2012 - 05:25 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

Please look in the C:\ folder for a file named ComboFix.txt....C:\Combofix.txt. If you find the file post it's contents.
If you don't find a Combofix.txt file, look in the C:\Qoobox\LastRun folder and see if there is a file or data there. I'm not sure how it will be named, but data from failed ComboFix runs are put in this folder.
  • 0

Advertisements

#11
alphabetagamma
Posted 26 September 2012 - 10:28 PM

alphabetagamma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Looked for but didn't find combofix.txt anywhere on c drive. The qoobox\last run folder contains only one file called 'gateway'. This file, of a size of 13 bytes, shows just one line of content when opened with notepad, which is:

192.168.1.1

A strange thing I just noticed was that the file search utility has gone into hyperactive mode. It now goes on tirelessly searching - doesn't stop by itself. It'll repeatedly keep on flipping through c and d drives (even if search was set just to c drive) whether or not it finds a matching file. And where it does find a match, it seems to not mind finding and listing it again - so we have more than one identical finds in the results area. And the search goes on. To my recollection, it didn't do that before. The plot thickens. (nothing else seems amiss upto this time - the machine is still a docile pet in other respects).

best wishes,

alphabetagamma
  • 0

#12
godawgs
Posted 29 September 2012 - 09:32 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

Sorry for the delay. I've been doing some research. The AVG AntiSpyware 7.5 program may be preventing ComboFix from running. The program is old and outdated...kinda the same thing as the Sygate firewall. I have been told by some colleagues that Omnipage may be interfering with it. The AVG Anti-Virus program has been known to cause it to hang, even when it has been disabled.
And at times, ComboFix just won't run on certain machines.

I want to remove the AVG Anti-Spyware program (the MalwareBytes program you downloaded is much better).. and do some in-depth maintenance on the hard drive.


Step-1.

Uninstall AVG AntiSpyware

1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

AVG Anti-Spyware 7.5

3. Click on each program to highlight it and click Change/Remove.
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\AVG Anti-Spyware 7.5

2. Close Windows Explorer.


Step-2.

Reset SP3 Firewall:

  • Click on Start, click Run. The Run window will open.
  • In the Open box, copy and paste in the following and click on OK
    • firewall.cpl
  • On the Windows Firewall Settings Window, click on the Advanced tab.
  • Click the Restore Defaults button. At the prompt click on Yes.
  • Now click on the Exceptions tab. Deselect Remote Assistance and click OK
  • Close the Windows firewall settings windows.


Step-3.

Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to this tutorial made by Dakeyras here and follow the instructions for Graphical Mode if you so wish.

  • Click Start, click Run. The Run window will open.
  • In the Open box, type in CMD and click on OK. A black command window will open.
  • At the Command Prompt C:\ >, type the following and press the Enter key:
    • CD C:\
  • Now type the following and press the Enter key:
    • DEFRAG C: -F
    A analysis report will be displayed and then Windows will start the Defragmentation run automatically.This may take some time.
  • When completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter key.
  • When prompted with:

    CHKDSK cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked next time the system restarts (Y/N)

  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and hit the Enter key.
  • Now Reboot(Restart) your computer.
Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Posted Image

Note: Do not touch either the Keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.


Step-4.

AntiVirus Scan

Please open your Panda AntiVirus and do a Full scan.


Step-5.

Posted Image OTL Scan

Please re-open OTL
  • Double click the Posted Image on your desktop. Vista /7 users right click and click Run as Administrator. Make sure all other windows are closed .
  • You will see a console like the one below:

    Posted Image
  • Make sure the box beside Scan All Users is checked.
  • Do Not check the box beside Include 64bit Scans
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section click the circle beside Use Safelist.<---Important
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open two notepad windows, OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy the contents of these files, one at a time, and paste them into your reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.


Step-6.

Things For Your Next Post:
1. Let me know how the Defragmentation went.
2. Let me know if chkdsk found any errors.
3. Let me know if the scan with Panda found anything.
4. The new OTL.txt log
5. The new Extras.txt log
6. Are the winxx.tmp.exe error still present?
  • 0

#13
alphabetagamma
Posted 30 September 2012 - 06:21 AM

alphabetagamma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi,

Removed avg anti-spyware, and for good measure - omnipage and superantispyware too.

The defrag and checkdisk operations went through smoothly. The checkdisk results summary went by in a flash - had just enough time to make out that some corrections to the file system had been made - what exactly they were, I couldn't read.

Don't have Panda antivirus. Ran avast full scan and it showed a totally clean result.

Here are the two OTL logs:

OTL logfile created on: 30-Sep-12 5:20:30 PM - Run 3
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Documents and Settings\KK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.87 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 81.99% Memory free
4.71 Gb Paging File | 4.40 Gb Available in Paging File | 93.50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 150.34 Gb Total Space | 120.53 Gb Free Space | 80.17% Space Free | Partition Type: NTFS
Drive D: | 150.34 Gb Total Space | 123.60 Gb Free Space | 82.22% Space Free | Partition Type: NTFS
Drive E: | 150.34 Gb Total Space | 150.03 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
Drive F: | 1.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME_NOTEBOOK | User Name: KK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-09-22 16:29:52 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KK\Desktop\OTL.exe
PRC - [2012-08-21 14:42:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\Avast\AvastUI.exe
PRC - [2012-08-21 14:42:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Avast\AvastSvc.exe
PRC - [2011-10-03 05:06:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java RE 6.24\bin\jqs.exe
PRC - [2010-03-29 15:39:54 | 001,822,600 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010-03-15 20:32:54 | 001,599,368 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2009-12-18 12:28:30 | 004,464,640 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2009-12-09 16:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009-12-09 16:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009-09-15 18:31:30 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files\USB Camera2\VM332_STI.EXE
PRC - [2009-08-14 11:48:52 | 001,455,480 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo Bluetooth Software\BTStackServer.exe
PRC - [2009-08-14 11:48:52 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo Bluetooth Software\BTTray.exe
PRC - [2009-08-14 11:48:52 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo Bluetooth Software\bin\btwdins.exe
PRC - [2009-07-20 02:32:16 | 002,713,144 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
PRC - [2008-04-14 10:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-09-21 09:25:52 | 000,344,064 | ---- | M] () -- C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe


========== Modules (No Company Name) ==========

MOD - [2012-09-30 13:18:38 | 001,813,504 | ---- | M] () -- C:\Program Files\Avast\defs\12093000\algo.dll
MOD - [2009-08-14 11:47:34 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009-08-14 11:45:04 | 000,069,697 | ---- | M] () -- C:\Program Files\Lenovo Bluetooth Software\BTKeyInd.dll
MOD - [2008-05-21 17:33:22 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2007-09-21 09:25:52 | 000,344,064 | ---- | M] () -- C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012-09-03 09:10:23 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-08-21 14:42:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011-10-03 05:06:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java RE 6.24\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011-06-26 12:15:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2009-12-09 16:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009-12-09 16:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009-08-14 11:48:52 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo Bluetooth Software\bin\btwdins.exe -- (btwdins)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\cmusbser.sys -- (qcusbser)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- -- (ASPI32)
DRV - [2012-08-21 14:43:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012-08-21 14:43:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012-08-21 14:43:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012-08-21 14:43:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012-08-21 14:43:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012-08-21 14:43:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012-08-21 14:43:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012-03-07 05:32:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2010-07-16 13:17:46 | 001,930,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2010-06-18 13:42:46 | 002,967,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010-02-26 16:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2010-01-19 05:50:10 | 000,235,520 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009-12-11 16:24:36 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009-12-03 10:07:08 | 000,185,072 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vm332avs.sys -- (vm332avs)
DRV - [2009-09-17 12:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2009-09-03 16:27:50 | 000,040,704 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009-08-17 14:00:26 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009-07-28 16:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009-07-09 12:45:00 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009-06-21 09:56:14 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008-07-24 17:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008-02-04 17:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008-02-04 17:57:30 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
IE - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\..\SearchScopes,DefaultScope = {1D84549F-527B-4AC3-916A-6C048ED13AA0}
IE - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\..\SearchScopes\{1D84549F-527B-4AC3-916A-6C048ED13AA0}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java RE 6.24\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2088: C:\Program Files\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2146: C:\Program Files\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1069: C:\Program Files\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java RE 6.24\lib\deploy\jqs\ff [2011-03-07 17:52:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST\WebRep\FF [2012-08-31 09:12:39 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.co.in/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.co.in/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java RE 6.24\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java RE 6.24\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\RealPlayer\Netscape6\nprjplug.dll
CHR - Extension: avast! WebRep = C:\Documents and Settings\KK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

O1 HOSTS File: ([2007-08-11 12:28:33 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java RE 6.24\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java RE 6.24\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [332BigDog] C:\Program Files\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\Lenovo Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\..Trusted Domains: religare.in ([crn] http in Trusted sites)
O15 - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\..Trusted Domains: religare.in ([files] ftp in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1299502970375 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96FF19CA-A816-4ACB-9EED-4FC55D8F82BE}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-02-25 20:08:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-09-28 15:36:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\KK\Recent
[2012-09-27 21:41:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2012-09-27 09:22:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-09-26 20:56:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-09-26 20:54:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-09-26 20:54:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-09-26 20:54:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-09-26 20:54:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-09-26 20:54:48 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012-09-26 20:54:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-09-26 20:54:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\KK\My Documents\My Videos
[2012-09-26 20:54:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\KK\Start Menu\Programs\Administrative Tools
[2012-09-26 20:54:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012-09-26 20:52:37 | 004,756,346 | R--- | C] (Swearware) -- C:\Documents and Settings\KK\Desktop\ComboFix.exe
[2012-09-25 16:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012-09-25 15:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KK\Application Data\Malwarebytes
[2012-09-25 15:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-09-25 15:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012-09-25 15:46:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-09-25 15:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-09-25 09:37:36 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2012-09-25 09:33:52 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012-09-25 09:29:18 | 002,192,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012-09-25 09:29:18 | 002,148,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012-09-25 09:29:17 | 002,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2012-09-25 09:29:17 | 002,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012-09-25 09:28:32 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2012-09-25 09:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012-09-24 18:48:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2012-09-24 17:40:17 | 000,693,265 | ---- | C] (Farbar) -- C:\Documents and Settings\KK\Desktop\FSS.exe
[2012-09-24 15:54:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-09-23 15:33:47 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\KK\Desktop\aswMBR.exe
[2012-09-22 16:29:46 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\KK\Desktop\OTL.exe
[2012-09-21 13:10:03 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\KK\Desktop\HijackThis.exe
[2012-09-21 12:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2012-09-21 10:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012-09-21 10:06:27 | 020,549,528 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\KK\Desktop\SUPERAntiSpyware.exe
[2012-09-18 16:37:49 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2012-09-18 16:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\CoreTrade
[2012-09-18 16:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CoreTrade
[2012-09-18 15:11:53 | 248,614,244 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\KK\Desktop\isseod.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-09-30 16:46:02 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-09-30 16:44:17 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-09-30 16:14:26 | 000,463,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-09-30 16:14:26 | 000,079,106 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-09-30 16:10:20 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012-09-30 16:09:49 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-09-30 16:09:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-09-30 16:09:28 | 3077,464,064 | -HS- | M] () -- C:\hiberfil.sys
[2012-09-30 13:46:01 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2012-09-29 12:42:25 | 000,002,955 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\sbg.xml
[2012-09-29 12:42:24 | 000,023,545 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\folidx1
[2012-09-28 22:18:58 | 000,061,887 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120928_SA638_NSEF642047_0.htm
[2012-09-28 21:55:28 | 000,057,048 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120928_SA638_NSE1482306_0.htm
[2012-09-28 21:43:38 | 000,057,048 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120928_KK59_NSE1474191_0.htm
[2012-09-28 15:37:04 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012-09-28 13:01:01 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012-09-28 13:01:01 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012-09-27 23:26:26 | 000,065,949 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120927_SA638_NSEF636425_0.htm
[2012-09-27 21:41:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-09-27 09:48:06 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012-09-26 21:34:22 | 000,061,888 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120926_SA638_NSEF630132_0.htm
[2012-09-26 20:56:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012-09-26 20:53:48 | 004,756,346 | R--- | M] (Swearware) -- C:\Documents and Settings\KK\Desktop\ComboFix.exe
[2012-09-25 22:54:14 | 000,063,922 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120925_SA638_NSEF624912_0.htm
[2012-09-25 19:54:08 | 000,149,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-09-25 15:46:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012-09-24 17:42:26 | 000,881,724 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\SecurityCheck.exe
[2012-09-24 17:40:27 | 000,693,265 | ---- | M] (Farbar) -- C:\Documents and Settings\KK\Desktop\FSS.exe
[2012-09-23 15:48:52 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\MBR.dat
[2012-09-23 15:34:16 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\KK\Desktop\aswMBR.exe
[2012-09-22 16:29:52 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KK\Desktop\OTL.exe
[2012-09-21 12:18:35 | 012,413,440 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\avgas-setup-7.5.1.43.exe
[2012-09-21 12:02:44 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\KK\Desktop\HijackThis.exe
[2012-09-21 10:42:24 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012-09-21 10:06:28 | 020,549,528 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\KK\Desktop\SUPERAntiSpyware.exe
[2012-09-20 21:26:26 | 000,059,858 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120920_SA638_NSEF607880_0.htm
[2012-09-18 22:54:14 | 000,062,906 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120918_SA638_NSEF602701_0.htm
[2012-09-18 17:38:11 | 000,001,650 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\Microsoft\Internet Explorer\Quick Launch\CoreTrade.lnk
[2012-09-17 22:22:28 | 000,065,953 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120917_SA638_NSEF597333_0.htm
[2012-09-14 01:01:30 | 000,061,887 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120913_SA638_NSEF585258_0.htm
[2012-09-13 08:43:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-09-12 23:48:22 | 000,061,891 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120912_SA638_NSEF580812_0.htm
[2012-09-12 15:11:03 | 248,614,244 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\KK\Desktop\isseod.exe
[2012-09-12 00:14:52 | 000,063,915 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120911_SA638_NSEF575929_0.htm
[2012-09-10 22:53:06 | 000,062,911 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20120910_SA638_NSEF571558_0.htm
[2012-09-10 09:38:10 | 000,002,135 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\Microsoft\Internet Explorer\Quick Launch\StocksUP DayTrader Update Past.lnk
[2012-09-09 13:59:09 | 000,248,887 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\Insurance.pdf
[2012-09-09 13:57:54 | 000,855,137 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\Sec Mkts basic.pdf
[2012-09-09 13:43:27 | 000,966,127 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\Sec. Mkts - Adv..pdf
[2012-09-09 13:36:31 | 000,244,137 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\Fin Mkts - beginner.pdf
[2012-09-07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-09-07 12:32:58 | 000,464,828 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\GATS ex jurisint.org.pdf
[2012-09-07 11:49:10 | 014,919,628 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\IPR in Indian context.pdf
[2012-09-07 11:45:42 | 015,055,207 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\Dispute resolution under WTO.pdf
[2012-09-03 09:10:14 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-09-03 09:10:13 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-09-30 14:36:54 | 3077,464,064 | -HS- | C] () -- C:\hiberfil.sys
[2012-09-28 22:18:58 | 000,061,887 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120928_SA638_NSEF642047_0.htm
[2012-09-28 21:55:28 | 000,057,048 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120928_SA638_NSE1482306_0.htm
[2012-09-28 21:43:38 | 000,057,048 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120928_KK59_NSE1474191_0.htm
[2012-09-28 13:01:01 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012-09-28 13:01:01 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012-09-27 23:26:26 | 000,065,949 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120927_SA638_NSEF636425_0.htm
[2012-09-26 21:34:22 | 000,061,888 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120926_SA638_NSEF630132_0.htm
[2012-09-26 20:56:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012-09-26 20:56:29 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012-09-26 20:54:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-09-26 20:54:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-09-26 20:54:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-09-26 20:54:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-09-26 20:54:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-09-25 22:54:14 | 000,063,922 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120925_SA638_NSEF624912_0.htm
[2012-09-25 15:46:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012-09-25 09:29:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-09-25 09:29:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012-09-24 17:42:10 | 000,881,724 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\SecurityCheck.exe
[2012-09-23 15:48:52 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\MBR.dat
[2012-09-21 12:17:29 | 012,413,440 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\avgas-setup-7.5.1.43.exe
[2012-09-21 10:08:26 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012-09-20 21:26:26 | 000,059,858 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120920_SA638_NSEF607880_0.htm
[2012-09-18 22:54:14 | 000,062,906 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120918_SA638_NSEF602701_0.htm
[2012-09-18 17:38:11 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\KK\Application Data\Microsoft\Internet Explorer\Quick Launch\CoreTrade.lnk
[2012-09-18 16:53:15 | 000,002,955 | ---- | C] () -- C:\Documents and Settings\KK\Application Data\sbg.xml
[2012-09-18 16:49:07 | 000,023,545 | ---- | C] () -- C:\Documents and Settings\KK\Application Data\folidx1
[2012-09-17 22:22:28 | 000,065,953 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120917_SA638_NSEF597333_0.htm
[2012-09-14 01:01:30 | 000,061,887 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120913_SA638_NSEF585258_0.htm
[2012-09-12 23:48:22 | 000,061,891 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120912_SA638_NSEF580812_0.htm
[2012-09-12 00:14:52 | 000,063,915 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120911_SA638_NSEF575929_0.htm
[2012-09-10 22:53:06 | 000,062,911 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20120910_SA638_NSEF571558_0.htm
[2012-09-09 13:59:19 | 000,248,887 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\Insurance.pdf
[2012-09-09 13:58:16 | 000,855,137 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\Sec Mkts basic.pdf
[2012-09-09 13:43:50 | 000,966,127 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\Sec. Mkts - Adv..pdf
[2012-09-09 13:36:46 | 000,244,137 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\Fin Mkts - beginner.pdf
[2012-09-07 12:33:24 | 000,464,828 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\GATS ex jurisint.org.pdf
[2012-09-07 11:49:27 | 014,919,628 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\IPR in Indian context.pdf
[2012-09-07 11:46:05 | 015,055,207 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\Dispute resolution under WTO.pdf
[2012-08-16 15:07:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\setscan.ini
[2012-04-10 09:52:35 | 000,029,378 | ---- | C] () -- C:\WINDOWS\Pkunzip.exe
[2012-04-09 10:14:30 | 000,000,285 | ---- | C] () -- C:\WINDOWS\winros.ini
[2012-03-14 12:09:34 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\MetaLib.dll
[2012-03-05 19:04:32 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\fusioncache.dat
[2012-03-05 19:03:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\regset.INI
[2012-03-05 19:02:10 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2012-03-05 19:02:10 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\dbcapi.dll
[2012-03-05 19:02:09 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\LFCMP61N.DLL
[2012-03-05 19:02:09 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\Lfpng61n.dll
[2012-03-05 19:02:09 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL61N.DLL
[2012-03-05 19:02:09 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\MSWTHK32.DLL
[2012-03-05 19:02:09 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2012-03-05 19:02:09 | 000,003,360 | ---- | C] () -- C:\WINDOWS\System32\MSWTHK16.DLL
[2011-09-27 13:22:35 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2011-09-27 13:02:05 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2011-09-27 13:02:00 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2011-09-27 13:02:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2011-08-29 19:36:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\{775FAB5F-8909-4007-A2DF-0D79F8301DFC}
[2011-08-01 19:36:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\{F5D43B68-2EAA-4985-B68A-31D7D1BC0484}
[2011-06-14 20:15:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\{B2D1400A-2469-4B11-9C95-6B588D5F440B}
[2011-04-11 14:37:29 | 000,307,084 | ---- | C] () -- C:\Documents and Settings\KK\U_010311_009_002799_015844.pdf
[2011-03-24 11:21:52 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-03-23 17:33:12 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NT00INJ.DLL
[2011-03-23 17:33:12 | 000,001,024 | R--- | C] () -- C:\WINDOWS\DK00VSYS.DLL
[2011-03-23 17:24:07 | 000,019,083 | ---- | C] () -- C:\WINDOWS\Deltree.exe
[2011-03-07 18:15:27 | 000,864,256 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2011-03-07 18:15:27 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll
[2011-03-07 18:15:27 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2011-03-07 17:59:14 | 000,314,880 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2011-03-07 17:02:11 | 000,442,368 | R--- | C] () -- C:\WINDOWS\System32\zshp1020.exe
[2011-03-07 17:02:11 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2011-03-07 16:47:52 | 000,001,387 | ---- | C] () -- C:\WINDOWS\Bringer.INI
[2011-03-03 17:53:56 | 000,000,114 | ---- | C] () -- C:\Documents and Settings\KK\default.pls
[2011-03-01 13:06:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011-02-28 15:30:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011-02-28 13:38:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\vm332Rmv.ini
[2011-02-28 13:08:33 | 000,870,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng575.bin
[2011-02-28 13:08:33 | 000,127,868 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
[2011-02-28 13:08:33 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011-02-28 13:08:29 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011-02-28 12:08:15 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011-02-26 01:28:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-02-26 01:26:56 | 000,149,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-02-25 20:12:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-02-25 20:05:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2012-03-05 18:52:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC359956

< End of report >

The extras OTL log:

OTL Extras logfile created on: 30-Sep-12 5:20:30 PM - Run 3
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Documents and Settings\KK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.87 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 81.99% Memory free
4.71 Gb Paging File | 4.40 Gb Available in Paging File | 93.50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 150.34 Gb Total Space | 120.53 Gb Free Space | 80.17% Space Free | Partition Type: NTFS
Drive D: | 150.34 Gb Total Space | 123.60 Gb Free Space | 82.22% Space Free | Partition Type: NTFS
Drive E: | 150.34 Gb Total Space | 150.03 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
Drive F: | 1.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME_NOTEBOOK | User Name: KK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1715567821-152049171-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 29
"{2F881B56-CBDF-4EC6-A8D2-6412A879C66A}_is1" = AMR Player 1.3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E04ABCA-E154-4A83-87E0-C1325B160968}" = StocksUP DayTrader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}" = LightScribe System Software 1.10.19.1
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65A54DC3-5FF6-4C75-906E-3EA1A3B71033}" = Nero 8 Essentials
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9ED9D728-9D4A-46D8-AF73-264CB0090AEA}" = AxCrypt 1.7.2687.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D265D608-552A-498B-B624-3FD2DB38CF3E}" = CoreTrade
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{FB99AFEA-0B85-4FDB-8026-3B073033CC6D}" = NOW
"7-Zip" = 7-Zip 4.42
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Alarm_is1" = Alarm 2.0.1
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Easy To-Do_is1" = Easy To-Do 1
"Elantech" = ETDWare PS/2-x86 7.0.4.17_WHQL
"ESET Online Scanner" = ESET Online Scanner v3
"FotoTime_FA_3x_is1" = FotoAlbum 3.4.1
"Google Chrome" = Google Chrome
"HindiPad_is1" = HindiPad
"HP-LaserJet 1020 series" = LaserJet 1020 series
"ie8" = Windows Internet Explorer 8
"KeyboardTest_is1" = KeyboardTest V3.0
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"MetaStock Professional 9.1" = MetaStock Professional 9.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Ogg Codecs" = Ogg Codecs 0.81.15562
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"StocksUP EOD" = StocksUP EOD
"TeamViewer 6" = TeamViewer 6
"TIMELEFT3_is1" = TimeLeft Deluxe
"VLC media player" = VLC media player 0.9.2
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinZip" = WinZip

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23-Sep-12 5:18:37 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application win3.tmp.exe, version 0.0.0.0, faulting module
win3.tmp.exe, version 0.0.0.0, fault address 0x00001c00.

Error - 24-Sep-12 9:10:45 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application win84.tmp.exe, version 0.0.0.0, faulting module
win84.tmp.exe, version 0.0.0.0, fault address 0x00001c00.

Error - 25-Sep-12 6:19:03 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.62.0.140, faulting module
msvbvm60.dll, version 6.0.98.2, fault address 0x000e450a.

Error - 25-Sep-12 8:27:12 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application winae1c.tmp.exe, version 0.0.0.0, faulting module
winae1c.tmp.exe, version 0.0.0.0, fault address 0x00001c00.

Error - 25-Sep-12 8:32:28 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application win2.tmp.exe, version 0.0.0.0, faulting module
win2.tmp.exe, version 0.0.0.0, fault address 0x00001c00.

Error - 25-Sep-12 11:02:34 PM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application winb.tmp.exe, version 0.0.0.0, faulting module
winb.tmp.exe, version 0.0.0.0, fault address 0x00001c00.

Error - 26-Sep-12 1:22:09 PM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application win8.tmp.exe, version 0.0.0.0, faulting module
win8.tmp.exe, version 0.0.0.0, fault address 0x00001c00.

Error - 27-Sep-12 11:29:45 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application win18.tmp.exe, version 0.0.0.0, faulting module
win18.tmp.exe, version 0.0.0.0, fault address 0x00001c00.

Error - 29-Sep-12 12:49:40 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application win2.tmp.exe, version 0.0.0.0, faulting module
win2.tmp.exe, version 0.0.0.0, fault address 0x00001c00.

Error - 29-Sep-12 3:12:21 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application win1a.tmp.exe, version 0.0.0.0, faulting module
win1a.tmp.exe, version 0.0.0.0, fault address 0x00001c00.

[ Application Events ]
Error - 23-Sep-12 5:18:37 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application win3.tmp.exe, version 0.0.0.0, faulting module
win3.tmp.exe, version 0.0.0.0, fault address 0x00001c00.

Error - 24-Sep-12 9:10:45 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application win84.tmp.exe, version 0.0.0.0, faulting module
win84.tmp.exe, version 0.0.0.0, fault address 0x00001c00.

Error - 25-Sep-12 6:19:03 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.62.0.140, faulting module
msvbvm60.dll, version 6.0.98.2, fault address 0x000e450a.

Error - 25-Sep-12 8:27:12 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application winae1c.tmp.exe, version 0.0.0.0, faulting module
winae1c.tmp.exe, version 0.0.0.0, fault address 0x00001c00.

Error - 25-Sep-12 8:32:28 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application win2.tmp.exe, version 0.0.0.0, faulting module
win2.tmp.exe, version 0.0.0.0, fault address 0x00001c00.

Error - 25-Sep-12 11:02:34 PM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application winb.tmp.exe, version 0.0.0.0, faulting module
winb.tmp.exe, version 0.0.0.0, fault address 0x00001c00.

Error - 26-Sep-12 1:22:09 PM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application win8.tmp.exe, version 0.0.0.0, faulting module
win8.tmp.exe, version 0.0.0.0, fault address 0x00001c00.

Error - 27-Sep-12 11:29:45 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application win18.tmp.exe, version 0.0.0.0, faulting module
win18.tmp.exe, version 0.0.0.0, fault address 0x00001c00.

Error - 29-Sep-12 12:49:40 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application win2.tmp.exe, version 0.0.0.0, faulting module
win2.tmp.exe, version 0.0.0.0, fault address 0x00001c00.

Error - 29-Sep-12 3:12:21 AM | Computer Name = HOME_NOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application win1a.tmp.exe, version 0.0.0.0, faulting module
win1a.tmp.exe, version 0.0.0.0, fault address 0x00001c00.

[ System Events ]
Error - 29-Sep-12 12:48:43 AM | Computer Name = HOME_NOTEBOOK | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 88AE1DD3ED71 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 29-Sep-12 12:49:23 AM | Computer Name = HOME_NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = The ASPI32 service failed to start due to the following error: %%2

Error - 29-Sep-12 2:42:49 AM | Computer Name = HOME_NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = The ASPI32 service failed to start due to the following error: %%2

Error - 29-Sep-12 6:45:11 AM | Computer Name = HOME_NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = The ASPI32 service failed to start due to the following error: %%2

Error - 29-Sep-12 1:31:50 PM | Computer Name = HOME_NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = The ASPI32 service failed to start due to the following error: %%2

Error - 30-Sep-12 12:56:27 AM | Computer Name = HOME_NOTEBOOK | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 88AE1DD3ED71 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 30-Sep-12 12:56:54 AM | Computer Name = HOME_NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = The ASPI32 service failed to start due to the following error: %%2

Error - 30-Sep-12 6:40:17 AM | Computer Name = HOME_NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = The SAS Core Service service failed to start due to the following
error: %%3

Error - 30-Sep-12 6:40:17 AM | Computer Name = HOME_NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = The ASPI32 service failed to start due to the following error: %%2

Error - 30-Sep-12 6:40:18 AM | Computer Name = HOME_NOTEBOOK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL


< End of report >

Sorry to say, the win*.tmp.exe error messages do still appear.

Best regards,

alphabetagamma
  • 0

#14
godawgs
Posted 30 September 2012 - 08:32 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Don't have Panda antivirus. Ran avast full scan and it showed a totally clean result.

My bad!

Let's see if ComboFix will run now. All of the logs appear to be clean. I want to run ComboFix just because it is a little bigger tool and I want to be sure there isn't something on the system that the other tools have missed. It's unlikely, but it does happen.

If CF won't run or doesn't find anything, we will update your out of date programs and clean up the tools we've used.

Then I can direct you to one of the technical forums so a system tech can have a look at the winxx.tmp.exe issue. But since the problem surfaced after you subscribed to the data service, my money says that it has something to do with that download or that service.

Make sure that the AVAST AutoSandbox and the anti virus are both disabled before running ComboFix:

  • Right click on the Avast ball in the system tray. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. Then click OK. (When we are done you can go back in and Enable Sandbox again.)

    Next:
  • Right click on the orange avast ball in the system tray and go to avast shields control. There will be options to disable avast for 10 minutes, 1 hour, until the computer is restarted or permanently. Choose Permanently


Step-1.

Posted Image Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications before downloading ComboFix. This is usually done via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console (XP only)

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer. That will cure it.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Don't forget to reenable your Anti-Virus


Step-2.

Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
win??.tmp.exe
%windir%\system32\win?.tmp
%windir%\system32\win??.tmp
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Step-3.

Things For Your Next Post:
1. The ComboFix log
2. The SystemLook.txt log

Don't forget to re-enable the Avast anti virus and auto sandbox.
  • 0

#15
alphabetagamma
Posted 03 October 2012 - 06:30 AM

alphabetagamma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi there,

1. The combofix failed to run again - nor did it leave any logs.

2. The systemlook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 14:00 on 03/10/2012 by KK
Administrator - Elevation successful

========== filefind ==========

Searching for "win??.tmp.exe"
No files found.

Searching for "%windir%\system32\win?.tmp"
No files found.

Searching for "%windir%\system32\win??.tmp"
No files found.

-= EOF =-

3. The linkage of the error to the new data download program (coretrade) seemed obvious to me too, especialy since this was the only application triggering this error. But I couldn't account for the fact that the current installation of the program was preceded by a four-day demo on my home desktop which was a completely error-free experience. The home desktop also runs winXP SP3 and the same set-up file was used for both installations. Nevertheless, I got the vendor to un- and re-install the software today, but sadly that changed nothing.

I feel bad putting you through so much trouble over something that is more of a minor annoyance than a full-scale disaster. But not knowing what is what, I was just keen to avoid letting something persist that might go on growing invidiously inside the entrails of the machine like a malignancy. I do have a 04/2011 clonezilla image of c drive that I could restore, but didn't do that hoping to avoid having to run through all the intervening updations etc.

That you stuck with me through this rather thankless process of exorcism and extermination, I truly appreciate. What's the next step?

best wishes,

alphabetagamma
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP