[godawgs]

Let's see if this will tell us anything:


Show Hidden Files and Folders

• Click the Start Orb. Click Computer.
• On the next window, at the top of the window, click Tools then click Folder Options.
• On the Folder Options window click the View tab.
• Under the Files and Folders section:
• Click the radio button beside 'Show hidden files and folders' (or 'Show all files') to enable it.
  
  
  
• Also make sure that Hide protected system operating files(recommended) is un-checked.
  
  
  
• Also make sure the Hide extensions for known file types box is un-checked.
  
  

Step-1.

Run SystemLook

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield (Do Not copy the word Quote):
  

  :filefind
  win*.tmp.exe
  
  :reg
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt


Step-2.

Let's get a look at the processes running on the computer

Copy the text below. To do that, highlight the text, right click the mouse and click Copy:

• wmic /output:%userprofile%\desktop\process.txt process get description,executablepath

• Click the Start Orb.
• In the Start Search box type cmd.exe and press the Enter key. A black command window will open.
• Place the mouse cursor inside the command window, right click the mouse and click Paste. This will place the text in the command window just after the blinking cursor.
• Press the Enter key. Windows will process the command and you will be back at the blinking cursor.
• Type Exit and press the Enter key. This will close the command window.

There will be a file on the desktop named Process.txt. Paste the contents of that file in your next post.


Step-3.

Things For Your Next Post:
1. The SystemLook.txt log
2. The Process.txt file

[Advertisements]

Hi,

The info as requested:

1. The systemlook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 09:34 on 05/10/2012 by KK
Administrator - Elevation successful

========== filefind ==========

Searching for "win*.tmp.exe"
No files found.

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]


-= EOF =-

2. The cmd command didn't run - nor was the process.txt file created. A screenshot of the cmd window is attached.

Attached Thumbnails

• 

[alphabetagamma]

Hi,

The info as requested:

1. The systemlook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 09:34 on 05/10/2012 by KK
Administrator - Elevation successful

========== filefind ==========

Searching for "win*.tmp.exe"
No files found.

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]


-= EOF =-

2. The cmd command didn't run - nor was the process.txt file created. A screenshot of the cmd window is attached.

Attached Thumbnails

• 

[godawgs]

Hello again,

I'm still searching and researching. But I'm just about out of ideas and places to look.

As for the wmci script, OK, that's my bad. Windows Xp Home does not include the Windows Instrumentation command-line interface (WCMI). You are going to need to physically look at the running processes and see if there is anything there like winXX.tmp.exe (where the x's stand for alphanumeric characters, like win34.tmp.exe or win1a.tmp.exe)

Right click on the TaskBar and click Task Manager. Click the Processes tab and see if any of the winxx.tmp.exe files are running as processes.

If you see any there write them down or take a screenshot of the taskmanager window and post it in your next reply.


Step-1

Run SystemLook

• Double-click SystemLook.exe to run it.
• Copy the contents of the following quote box into the main textfield (Do Not copy the word Quote):
  

  :reg
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASPI32
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt


Let's update Java while we're at it.


Step-2.

UPDATE JAVA
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:

• Please download JavaRa to your desktop.
  • Click the Download button next to Legacy Version Version 1.1.6 to download JavaRA and unzip it to its own folder.
• Run JavaRa.exe
• Pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts.
  
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
  • The most current version is Java SE 7u7. You want the Offline 32bit version.

Step-3.

Things For Your Next Post:
1. Let me know if you found anything in the Task Manager
2. The SystemLook.txt log
3. Let me know how the Java update went.

[alphabetagamma]

Hi !

1. A look at the processes running: Without any applications open, I can see three processes starting with the letter 'W', namely wdfmgr.exe, winlogon.exe and wscntfy.exe. However, when the win*.tmp.exe message box is on screen, a process with the same name is seen to be added to the list. Once I click on Don't report it to Microsoft button, the process disappears from the list.

2. The systemlook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 09:46 on 08/10/2012 by KK
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASPI32]
"ErrorControl"= 0x0000000001 (1)
"Start"= 0x0000000002 (2)
"Type"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASPI32\Enum]


-= EOF =-

3. Java upgrade - I couldn't find the offline 32bit version. A screen-shot of the available JRE versions is attached. Please advise which one I should install.

Attached Thumbnails

• 

[godawgs]

Hi,

You want the Windows x86 offline vervion...29.73MB.

I'm still researching the win.tmp.exe issue.

[alphabetagamma]

Installed JRE 7u7 x86 offline version.

[godawgs]

Good job on the Java update.

Well I'm down to my last bullet on the win*tmp.exe issue. The OTL log shows a driver named ASPI32.sys that doesn't load because the file can't be found. My research shows that the ASPI32.sys driver is used for anything from Adaptec CD writing software to programs like Nero. I have also seen instances where video cards use the driver, but that can't be it or your video wouldn't be working. But as I'm sure you've figured out by now, there just isn't a lot of information on this issue out there.

I havs also found instances where the win*tmp.exe issue was caused by a faulty program uninstall. There shouldn't be any reason for XP to need the ASPI32 service, but your machine has it...and this too is sometime caused by a faulty program uninstall. This would indicate that something on this machine prevented the removal of some tmp files when the data manager program was cleaning up the installation files after it was installed.

I don't have the ASPI32 service running on my XP system nor do I have a ASPI32.sys file on my XP system.


Step-1.

I want you to look in the Program Files folder for a folder named Adaptec ie: C:/Program Files/Adaptec and see if the folder is there.


Step-2.

I want you to look in the Device Manager and see if there are any red ? or yellow exclamation points ! next to any of the devices...to do that:

Click Start, Click Run.
In the Run box type devmgmt.msc and click the Open button...the Device Manager will open.
Look for any red ? or yellow ! beside any of the devices. If you see any, take a screenshot of the Device Manager window and post it in your next reply.

To upload the screen shot and put it in a post, click on this link for directions.


Step-3.

OTL Custom Scan

NOTE: I have changed the settings for this scan so read the directions carefully. The scan will only take a minute and will produce a very short log.

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:

• Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

/md5start
aspi32.*
/md5stop

2. Re-open OTL on the desktop. To do that:

• Double click on the OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
  Make sure all other windows are closed.
• You will see a console like the one below:
  
  
  
• Click the greyed out None button at the top of the console.<---Very Important
• Make sure the Output box at the top is set to Standard Output.
• Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted. The scan won't take long.
• When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
• Please copy the contents of this file and paste it into your reply. To do that:
• On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Step-4.

Things For Your Next Post:
1. Let me know if there was an Adaptec folder
2. Let me know what the device manager showed
3. The new OTL.txt log

[alphabetagamma]

Hi !

1. No folder called Adaptec found in C:\Program files - it starts wtih 7zip and then the next one is Adobe.

2. The Device manager (somewhat to my surprise) shows no question or exclmation marks against any of the devices. Not a single one of them. I expanded all the '+' signs to make sure of checking the status of each individual device.

3. The OTL log follows:

OTL logfile created on: 10-Oct-12 11:58:50 AM - Run 4
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Documents and Settings\KK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.87 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 84.11% Memory free
4.71 Gb Paging File | 4.42 Gb Available in Paging File | 93.86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 150.34 Gb Total Space | 120.66 Gb Free Space | 80.26% Space Free | Partition Type: NTFS
Drive D: | 150.34 Gb Total Space | 120.82 Gb Free Space | 80.37% Space Free | Partition Type: NTFS
Drive E: | 150.34 Gb Total Space | 150.03 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
Drive F: | 1.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME_NOTEBOOK | User Name: KK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: ASPI32.DLL >
[1999-04-28 10:23:34 | 000,036,352 | ---- | M] () MD5=120DC5E0A0ADA672BCDA67707B3D6C1E -- C:\Program Files\Microtek\ScanWizard 5\Scanners\Aspi32.dll

< >

< >

< >

< End of report >

[godawgs]

Do you still have the Microtek scanner attached to the system or do you still use the scanner?

OK, this is what I'm down to. Let's back up the ASPI32 service registry key, then we will delete the ASPI32 service and see if that resolves the issue.


Step-1.

• Click Start, click Run. A Run box will open.
  In the Open box type or Copy and Paste the following
  • reg export "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspi32" %userprofile%\desktop\aspi32.reg
• Click the OK button.

This should put a file on the desktop named aspi32.reg. The file icon will look like this:

Once you have verified that the aspi32.reg file is on the desktop we will delete the aspi32 service key from the registry.

If the aspi32.reg file is on the desktop:

• Click Start, click Run. This will open a Run box.
  In the Open box type or Copy and Paste the following:
  • reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspi32"
• Click the OK button. (This will delete the registry key.)
• Restart the computer to make the changes take effect.

Upon restart see if the win.tmp.exe issue is still there. If it is restart the system one more time.

If the issue is still there let's check and make sure the aspi32 service is gone...


Step-2.

OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:

• Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspi32

2. Re-open OTL on the desktop. To do that:

• Double click on the OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
  Make sure all other windows are closed.
• You will see a console like the one below:
  
  
  
• Check the box beside the greyed out None button at the top of the console<---Very Important
• Make sure the Output box at the top is set to Standard Output.
• Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted. The scan won't take long.
• When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
• Please copy the contents of this file and paste it into your reply. To do that:
• On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Step-3.

Things For Your Next Post:
Let me know what happened and post the contents of the new OTL.txt log if the problem is still there.

[alphabetagamma]

Did as directed - but the problem remains. At least it should call itself win.prm and not win.tmp. The OTL log:

OTL logfile created on: 11-Oct-12 10:54:55 AM - Run 5
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Documents and Settings\KK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.87 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 85.31% Memory free
4.71 Gb Paging File | 4.46 Gb Available in Paging File | 94.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 150.34 Gb Total Space | 120.54 Gb Free Space | 80.18% Space Free | Partition Type: NTFS
Drive D: | 150.34 Gb Total Space | 120.22 Gb Free Space | 79.97% Space Free | Partition Type: NTFS
Drive E: | 150.34 Gb Total Space | 150.03 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
Drive F: | 1.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME_NOTEBOOK | User Name: KK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-09-22 16:29:52 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KK\Desktop\OTL.exe
PRC - [2012-08-21 14:42:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\Avast\AvastUI.exe
PRC - [2012-08-21 14:42:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Avast\AvastSvc.exe
PRC - [2011-10-03 05:06:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java RE 6.24\bin\jqs.exe
PRC - [2010-03-29 15:39:54 | 001,822,600 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010-03-15 20:32:54 | 001,599,368 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2009-12-18 12:28:30 | 004,464,640 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2009-12-09 16:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009-12-09 16:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009-09-15 18:31:30 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files\USB Camera2\VM332_STI.EXE
PRC - [2009-08-14 11:48:52 | 001,455,480 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo Bluetooth Software\BTStackServer.exe
PRC - [2009-08-14 11:48:52 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo Bluetooth Software\BTTray.exe
PRC - [2009-08-14 11:48:52 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo Bluetooth Software\bin\btwdins.exe
PRC - [2009-07-20 02:32:16 | 002,713,144 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
PRC - [2008-04-14 10:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-09-21 09:25:52 | 000,344,064 | ---- | M] () -- C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe


========== Modules (No Company Name) ==========

MOD - [2012-10-11 02:52:27 | 001,816,064 | ---- | M] () -- C:\Program Files\Avast\defs\12101001\algo.dll
MOD - [2009-08-14 11:47:34 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009-08-14 11:45:04 | 000,069,697 | ---- | M] () -- C:\Program Files\Lenovo Bluetooth Software\BTKeyInd.dll
MOD - [2008-05-21 17:33:22 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2007-09-21 09:25:52 | 000,344,064 | ---- | M] () -- C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012-10-09 10:44:42 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-08-21 14:42:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011-10-03 05:06:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java RE 6.24\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011-06-26 12:15:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2009-12-09 16:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009-12-09 16:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009-08-14 11:48:52 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo Bluetooth Software\bin\btwdins.exe -- (btwdins)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\cmusbser.sys -- (qcusbser)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012-08-21 14:43:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012-08-21 14:43:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012-08-21 14:43:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012-08-21 14:43:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012-08-21 14:43:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012-08-21 14:43:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012-08-21 14:43:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012-03-07 05:32:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2010-07-16 13:17:46 | 001,930,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2010-06-18 13:42:46 | 002,967,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010-02-26 16:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2010-01-19 05:50:10 | 000,235,520 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009-12-11 16:24:36 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009-12-03 10:07:08 | 000,185,072 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vm332avs.sys -- (vm332avs)
DRV - [2009-09-17 12:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2009-09-03 16:27:50 | 000,040,704 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009-08-17 14:00:26 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009-07-28 16:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009-07-09 12:45:00 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009-06-21 09:56:14 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008-07-24 17:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008-02-04 17:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008-02-04 17:57:30 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
IE - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\..\SearchScopes,DefaultScope = {1D84549F-527B-4AC3-916A-6C048ED13AA0}
IE - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\..\SearchScopes\{1D84549F-527B-4AC3-916A-6C048ED13AA0}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2088: C:\Program Files\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2146: C:\Program Files\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1069: C:\Program Files\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java RE 6.24\lib\deploy\jqs\ff [2011-03-07 17:52:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST\WebRep\FF [2012-08-31 09:12:39 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.co.in/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.co.in/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java RE 6.24\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java RE 6.24\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\RealPlayer\Netscape6\nprjplug.dll
CHR - Extension: avast! WebRep = C:\Documents and Settings\KK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

O1 HOSTS File: ([2007-08-11 12:28:33 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java RE 6.24\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [332BigDog] C:\Program Files\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\Lenovo Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\..Trusted Domains: religare.in ([crn] http in Trusted sites)
O15 - HKU\S-1-5-21-1715567821-152049171-1801674531-1003\..Trusted Domains: religare.in ([files] ftp in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1299502970375 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96FF19CA-A816-4ACB-9EED-4FC55D8F82BE}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-02-25 20:08:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-10-09 09:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KK\Local Settings\Application Data\Sun
[2012-10-09 09:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012-10-09 09:42:25 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012-10-09 09:42:25 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012-10-09 09:42:18 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012-10-09 09:42:18 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012-10-09 09:42:18 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012-10-09 09:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012-10-04 17:19:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-10-03 17:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\CoreTrade
[2012-10-03 17:21:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CoreTrade
[2012-10-01 16:24:57 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012-09-28 15:36:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\KK\Recent
[2012-09-27 21:41:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2012-09-26 20:56:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-09-26 20:54:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-09-26 20:54:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-09-26 20:54:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-09-26 20:54:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-09-26 20:54:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-09-26 20:54:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\KK\My Documents\My Videos
[2012-09-26 20:54:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\KK\Start Menu\Programs\Administrative Tools
[2012-09-26 20:54:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012-09-26 20:52:37 | 004,756,346 | R--- | C] (Swearware) -- C:\Documents and Settings\KK\Desktop\ComboFix.exe
[2012-09-25 16:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012-09-25 15:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KK\Application Data\Malwarebytes
[2012-09-25 15:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-09-25 15:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012-09-25 15:46:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-09-25 15:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-09-25 09:37:36 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2012-09-25 09:33:52 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012-09-25 09:29:18 | 002,192,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012-09-25 09:29:18 | 002,148,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012-09-25 09:29:17 | 002,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2012-09-25 09:29:17 | 002,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012-09-25 09:28:32 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2012-09-25 09:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012-09-24 18:48:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2012-09-24 17:40:17 | 000,693,265 | ---- | C] (Farbar) -- C:\Documents and Settings\KK\Desktop\FSS.exe
[2012-09-24 15:54:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-09-23 15:33:47 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\KK\Desktop\aswMBR.exe
[2012-09-22 16:29:46 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\KK\Desktop\OTL.exe
[2012-09-21 12:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2012-09-18 16:37:49 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2012-09-18 15:11:53 | 248,614,244 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\KK\Desktop\isseod.exe
[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-10-11 10:55:40 | 000,463,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-10-11 10:55:40 | 000,079,106 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-10-11 10:53:43 | 000,002,955 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\sbg.xml
[2012-10-11 10:53:42 | 000,023,545 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\folidx1
[2012-10-11 10:51:05 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012-10-11 10:50:29 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-10-11 10:50:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-10-11 10:50:18 | 3077,464,064 | -HS- | M] () -- C:\hiberfil.sys
[2012-10-11 10:44:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-10-11 10:43:32 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\aspi32.reg
[2012-10-11 09:46:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-10-10 22:13:30 | 000,059,859 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20121010_SA638_NSEF675092_0.htm
[2012-10-10 08:59:01 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2012-10-09 21:48:08 | 000,067,632 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20121009_SA638_NSEF670159_0.htm
[2012-10-09 14:48:53 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012-10-09 10:44:42 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-10-09 10:44:42 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-10-09 09:42:05 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012-10-09 09:42:04 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012-10-09 09:42:04 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012-10-09 09:42:04 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012-10-09 09:42:04 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012-10-09 09:42:04 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012-10-09 09:42:03 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012-10-09 09:31:07 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012-10-08 09:15:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-10-05 22:47:16 | 000,060,871 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20121005_SA638_NSEF660364_0.htm
[2012-10-05 09:39:14 | 000,000,002 | ---- | M] () -- C:\Documents
[2012-10-04 22:39:08 | 000,073,908 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20121004_SA638_NSEF655056_0.htm
[2012-10-03 13:59:24 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\SystemLook.exe
[2012-09-27 21:41:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-09-26 20:56:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012-09-26 20:53:48 | 004,756,346 | R--- | M] (Swearware) -- C:\Documents and Settings\KK\Desktop\ComboFix.exe
[2012-09-25 19:54:08 | 000,149,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-09-25 15:46:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012-09-24 17:42:26 | 000,881,724 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\SecurityCheck.exe
[2012-09-24 17:40:27 | 000,693,265 | ---- | M] (Farbar) -- C:\Documents and Settings\KK\Desktop\FSS.exe
[2012-09-23 15:48:52 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\MBR.dat
[2012-09-23 15:34:16 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\KK\Desktop\aswMBR.exe
[2012-09-22 16:29:52 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KK\Desktop\OTL.exe
[2012-09-18 17:38:11 | 000,001,650 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\Microsoft\Internet Explorer\Quick Launch\CoreTrade.lnk
[2012-09-12 15:11:03 | 248,614,244 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\KK\Desktop\isseod.exe
[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-10-11 10:43:32 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\aspi32.reg
[2012-10-10 22:13:30 | 000,059,859 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20121010_SA638_NSEF675092_0.htm
[2012-10-09 21:48:08 | 000,067,632 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20121009_SA638_NSEF670159_0.htm
[2012-10-05 22:47:16 | 000,060,871 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20121005_SA638_NSEF660364_0.htm
[2012-10-05 09:37:20 | 000,000,002 | ---- | C] () -- C:\Documents
[2012-10-04 22:39:08 | 000,073,908 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20121004_SA638_NSEF655056_0.htm
[2012-10-03 13:59:21 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\SystemLook.exe
[2012-09-30 14:36:54 | 3077,464,064 | -HS- | C] () -- C:\hiberfil.sys
[2012-09-26 20:56:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012-09-26 20:56:29 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012-09-26 20:54:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-09-26 20:54:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-09-26 20:54:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-09-26 20:54:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-09-26 20:54:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-09-25 15:46:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012-09-25 09:29:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-09-25 09:29:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012-09-24 17:42:10 | 000,881,724 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\SecurityCheck.exe
[2012-09-23 15:48:52 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\MBR.dat
[2012-09-18 17:38:11 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\KK\Application Data\Microsoft\Internet Explorer\Quick Launch\CoreTrade.lnk
[2012-09-18 16:53:15 | 000,002,955 | ---- | C] () -- C:\Documents and Settings\KK\Application Data\sbg.xml
[2012-09-18 16:49:07 | 000,023,545 | ---- | C] () -- C:\Documents and Settings\KK\Application Data\folidx1
[2012-08-16 15:07:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\setscan.ini
[2012-04-10 09:52:35 | 000,029,378 | ---- | C] () -- C:\WINDOWS\Pkunzip.exe
[2012-04-09 10:14:30 | 000,000,285 | ---- | C] () -- C:\WINDOWS\winros.ini
[2012-03-14 12:09:34 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\MetaLib.dll
[2012-03-05 19:04:32 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\fusioncache.dat
[2012-03-05 19:03:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\regset.INI
[2012-03-05 19:02:10 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2012-03-05 19:02:10 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\dbcapi.dll
[2012-03-05 19:02:09 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\LFCMP61N.DLL
[2012-03-05 19:02:09 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\Lfpng61n.dll
[2012-03-05 19:02:09 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL61N.DLL
[2012-03-05 19:02:09 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\MSWTHK32.DLL
[2012-03-05 19:02:09 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2012-03-05 19:02:09 | 000,003,360 | ---- | C] () -- C:\WINDOWS\System32\MSWTHK16.DLL
[2011-09-27 13:22:35 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2011-09-27 13:02:05 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2011-09-27 13:02:00 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2011-09-27 13:02:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2011-08-29 19:36:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\{775FAB5F-8909-4007-A2DF-0D79F8301DFC}
[2011-08-01 19:36:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\{F5D43B68-2EAA-4985-B68A-31D7D1BC0484}
[2011-06-14 20:15:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\{B2D1400A-2469-4B11-9C95-6B588D5F440B}
[2011-04-11 14:37:29 | 000,307,084 | ---- | C] () -- C:\Documents and Settings\KK\U_010311_009_002799_015844.pdf
[2011-03-24 11:21:52 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-03-23 17:33:12 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NT00INJ.DLL
[2011-03-23 17:33:12 | 000,001,024 | R--- | C] () -- C:\WINDOWS\DK00VSYS.DLL
[2011-03-23 17:24:07 | 000,019,083 | ---- | C] () -- C:\WINDOWS\Deltree.exe
[2011-03-07 18:15:27 | 000,864,256 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2011-03-07 18:15:27 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll
[2011-03-07 18:15:27 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2011-03-07 17:59:14 | 000,314,880 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2011-03-07 17:02:11 | 000,442,368 | R--- | C] () -- C:\WINDOWS\System32\zshp1020.exe
[2011-03-07 17:02:11 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2011-03-07 16:47:52 | 000,001,387 | ---- | C] () -- C:\WINDOWS\Bringer.INI
[2011-03-03 17:53:56 | 000,000,114 | ---- | C] () -- C:\Documents and Settings\KK\default.pls
[2011-03-01 13:06:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011-02-28 15:30:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011-02-28 13:38:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\vm332Rmv.ini
[2011-02-28 13:08:33 | 000,870,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng575.bin
[2011-02-28 13:08:33 | 000,127,868 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
[2011-02-28 13:08:33 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011-02-28 13:08:29 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011-02-28 12:08:15 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011-02-26 01:28:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-02-26 01:26:56 | 000,149,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-02-25 20:12:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-02-25 20:05:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2012-03-05 18:52:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspi32 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC359956

< End of report >

[godawgs]

Hi,

Well I can't find where the win.tmp.exe is trying to load. Sorry about that. When we're finished you can start a topic in the XP Systems forum and maybe one of the Techs can find it. Be sure to put a link to this topic so the Tech can see what we've tried and that the system is malware free.

As for the ASPI32.reg file on your desktop, run the computer until you are sure that you aren't gonna get any errors about the ASPI32 service not being installed. Then you can just delete the .reg file on the desktop. If you do get an error message about the ASPI32 service, simply right click on the .reg file and click Merge and accept any prompts. This will merge the key back into the registry.

The new OTL log shows a folder that hasn't been present before: [2012-10-05 09:37:20 | 000,000,002 | ---- | C] () -- C:\Documents
Folders shouldn't have any data in them but this one has 2 bytes.
We're gonna do one last OTL fix to clean up the stragglers. Then we'll clean up the tools we've used.


Step-1.

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[CREATERESTOREPOINT]

:OTL
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
[2012-10-05 09:37:20 | 000,000,002 | ---- | C] () -- C:\Documents
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC359956

:COMMANDS
[EMPTYTEMP]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open on your desktop.
3. Place the mouse pointer inside the textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the button. Post the log it produces in your next reply.


Step-2.

In an earlier post you asked about a firewall. There are some excellent free ones available. Please go to our Free Antivirus and Antispyware Software page. Scroll down to the Free Firewalls section and download and install the firewall of your choice. NOTE: You must disable the Windows firewall before installing the third party firewall.


Step-3.

Things For Your Next Post:
1. The new OTL.txt log

[alphabetagamma]

1. The OTL 'run fix' report:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Documents moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BC359956 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34046 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: KK
->Temp folder emptied: 291869 bytes
->Temporary Internet Files folder emptied: 45280671 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 355913619 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4853617 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1608 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 4241393559 bytes

Total Files Cleaned = 4,433.00 mb


OTL by OldTimer - Version 3.2.65.1 log created on 10132012_123652

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

2. The OTL log:

OTL logfile created on: 13-Oct-12 12:43:07 PM - Run 6
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Documents and Settings\KK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.87 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 79.57% Memory free
4.71 Gb Paging File | 4.28 Gb Available in Paging File | 90.86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 150.34 Gb Total Space | 120.29 Gb Free Space | 80.02% Space Free | Partition Type: NTFS
Drive D: | 150.34 Gb Total Space | 123.94 Gb Free Space | 82.45% Space Free | Partition Type: NTFS
Drive E: | 150.34 Gb Total Space | 150.03 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
Drive F: | 1.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME_NOTEBOOK | User Name: KK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-10-10 15:36:17 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012-09-22 16:29:52 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KK\Desktop\OTL.exe
PRC - [2012-08-21 14:42:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\Avast\AvastUI.exe
PRC - [2012-08-21 14:42:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Avast\AvastSvc.exe
PRC - [2011-10-03 05:06:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java RE 6.24\bin\jqs.exe
PRC - [2010-03-29 15:39:54 | 001,822,600 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010-03-15 20:32:54 | 001,599,368 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2009-12-18 12:28:30 | 004,464,640 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2009-12-09 16:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009-12-09 16:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009-09-15 18:31:30 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files\USB Camera2\VM332_STI.EXE
PRC - [2009-08-14 11:48:52 | 001,455,480 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo Bluetooth Software\BTStackServer.exe
PRC - [2009-08-14 11:48:52 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo Bluetooth Software\BTTray.exe
PRC - [2009-08-14 11:48:52 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo Bluetooth Software\bin\btwdins.exe
PRC - [2009-07-20 02:32:16 | 002,713,144 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
PRC - [2008-04-14 10:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-09-21 09:25:52 | 000,344,064 | ---- | M] () -- C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe


========== Modules (No Company Name) ==========

MOD - [2012-10-13 11:37:54 | 001,816,064 | ---- | M] () -- C:\Program Files\Avast\defs\12101300\algo.dll
MOD - [2012-10-13 02:08:23 | 001,816,576 | ---- | M] () -- C:\Program Files\Avast\defs\12101202\algo.dll
MOD - [2012-10-10 15:36:15 | 000,460,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012-10-10 15:36:12 | 004,005,912 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012-10-10 15:34:44 | 000,156,712 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012-10-10 15:34:43 | 000,275,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012-10-10 15:34:42 | 002,168,360 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2009-08-14 11:47:34 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009-08-14 11:45:04 | 000,069,697 | ---- | M] () -- C:\Program Files\Lenovo Bluetooth Software\BTKeyInd.dll
MOD - [2008-05-21 17:33:22 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2007-09-21 09:25:52 | 000,344,064 | ---- | M] () -- C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012-10-09 10:44:42 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-08-21 14:42:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011-10-03 05:06:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java RE 6.24\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011-06-26 12:15:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2009-12-09 16:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009-12-09 16:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009-08-14 11:48:52 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo Bluetooth Software\bin\btwdins.exe -- (btwdins)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\cmusbser.sys -- (qcusbser)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012-08-21 14:43:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012-08-21 14:43:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012-08-21 14:43:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012-08-21 14:43:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012-08-21 14:43:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012-08-21 14:43:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012-08-21 14:43:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012-03-07 05:32:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2010-07-16 13:17:46 | 001,930,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2010-06-18 13:42:46 | 002,967,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010-02-26 16:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2010-01-19 05:50:10 | 000,235,520 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009-12-11 16:24:36 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009-12-03 10:07:08 | 000,185,072 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vm332avs.sys -- (vm332avs)
DRV - [2009-09-17 12:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2009-09-03 16:27:50 | 000,040,704 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009-08-17 14:00:26 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009-07-28 16:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009-07-09 12:45:00 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009-06-21 09:56:14 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008-07-24 17:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008-02-04 17:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008-02-04 17:57:30 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
IE - HKCU\..\SearchScopes,DefaultScope = {1D84549F-527B-4AC3-916A-6C048ED13AA0}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1D84549F-527B-4AC3-916A-6C048ED13AA0}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2088: C:\Program Files\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2146: C:\Program Files\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1069: C:\Program Files\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java RE 6.24\lib\deploy\jqs\ff [2011-03-07 17:52:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST\WebRep\FF [2012-08-31 09:12:39 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.co.in/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.co.in/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java RE 6.24\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java RE 6.24\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\RealPlayer\Netscape6\nprjplug.dll
CHR - Extension: avast! WebRep = C:\Documents and Settings\KK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

O1 HOSTS File: ([2007-08-11 12:28:33 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java RE 6.24\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [332BigDog] C:\Program Files\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\Lenovo Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo Bluetooth Software\btsendto_ie.htm ()
O15 - HKCU\..Trusted Domains: religare.in ([crn] http in Trusted sites)
O15 - HKCU\..Trusted Domains: religare.in ([files] ftp in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1299502970375 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96FF19CA-A816-4ACB-9EED-4FC55D8F82BE}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-02-25 20:08:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-10-09 09:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KK\Local Settings\Application Data\Sun
[2012-10-09 09:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012-10-09 09:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012-10-04 17:19:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-10-03 17:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\CoreTrade
[2012-10-03 17:21:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CoreTrade
[2012-10-01 16:24:57 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012-09-28 15:36:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\KK\Recent
[2012-09-27 21:41:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2012-09-26 20:56:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-09-26 20:54:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-09-26 20:54:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-09-26 20:54:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-09-26 20:54:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-09-26 20:54:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-09-26 20:54:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\KK\My Documents\My Videos
[2012-09-26 20:54:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\KK\Start Menu\Programs\Administrative Tools
[2012-09-26 20:54:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012-09-26 20:52:37 | 004,756,346 | R--- | C] (Swearware) -- C:\Documents and Settings\KK\Desktop\ComboFix.exe
[2012-09-25 16:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012-09-25 15:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KK\Application Data\Malwarebytes
[2012-09-25 15:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-09-25 15:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012-09-25 15:46:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-09-25 15:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-09-25 09:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012-09-24 18:48:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2012-09-24 17:40:17 | 000,693,265 | ---- | C] (Farbar) -- C:\Documents and Settings\KK\Desktop\FSS.exe
[2012-09-24 15:54:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-09-23 15:33:47 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\KK\Desktop\aswMBR.exe
[2012-09-22 16:29:46 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\KK\Desktop\OTL.exe
[2012-09-21 12:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2012-09-18 16:37:49 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2012-09-18 15:11:53 | 248,614,244 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\KK\Desktop\isseod.exe

========== Files - Modified Within 30 Days ==========

[2012-10-13 12:46:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-10-13 12:45:45 | 000,463,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-10-13 12:45:45 | 000,079,106 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-10-13 12:44:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-10-13 12:41:17 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012-10-13 12:40:56 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-10-13 12:40:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-10-13 12:40:51 | 3077,464,064 | -HS- | M] () -- C:\hiberfil.sys
[2012-10-12 20:33:56 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012-10-12 20:19:22 | 000,002,955 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\sbg.xml
[2012-10-12 20:19:21 | 000,023,545 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\folidx1
[2012-10-12 09:48:15 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012-10-12 09:35:21 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2012-10-11 22:54:52 | 000,070,688 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20121011_SA638_NSEF680565_0.htm
[2012-10-11 10:43:32 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\aspi32.reg
[2012-10-10 22:13:30 | 000,059,859 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20121010_SA638_NSEF675092_0.htm
[2012-10-09 21:48:08 | 000,067,632 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20121009_SA638_NSEF670159_0.htm
[2012-10-09 09:31:07 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012-10-08 09:15:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-10-05 22:47:16 | 000,060,871 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20121005_SA638_NSEF660364_0.htm
[2012-10-04 22:39:08 | 000,073,908 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\CN_20121004_SA638_NSEF655056_0.htm
[2012-10-03 13:59:24 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\SystemLook.exe
[2012-09-27 21:41:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-09-26 20:56:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012-09-26 20:53:48 | 004,756,346 | R--- | M] (Swearware) -- C:\Documents and Settings\KK\Desktop\ComboFix.exe
[2012-09-25 19:54:08 | 000,149,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-09-25 15:46:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012-09-24 17:42:26 | 000,881,724 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\SecurityCheck.exe
[2012-09-24 17:40:27 | 000,693,265 | ---- | M] (Farbar) -- C:\Documents and Settings\KK\Desktop\FSS.exe
[2012-09-23 15:48:52 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\KK\Desktop\MBR.dat
[2012-09-23 15:34:16 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\KK\Desktop\aswMBR.exe
[2012-09-22 16:29:52 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KK\Desktop\OTL.exe
[2012-09-18 17:38:11 | 000,001,650 | ---- | M] () -- C:\Documents and Settings\KK\Application Data\Microsoft\Internet Explorer\Quick Launch\CoreTrade.lnk

========== Files Created - No Company Name ==========

[2012-10-11 22:54:52 | 000,070,688 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20121011_SA638_NSEF680565_0.htm
[2012-10-11 10:43:32 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\aspi32.reg
[2012-10-10 22:13:30 | 000,059,859 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20121010_SA638_NSEF675092_0.htm
[2012-10-09 21:48:08 | 000,067,632 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20121009_SA638_NSEF670159_0.htm
[2012-10-05 22:47:16 | 000,060,871 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20121005_SA638_NSEF660364_0.htm
[2012-10-04 22:39:08 | 000,073,908 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\CN_20121004_SA638_NSEF655056_0.htm
[2012-10-03 13:59:21 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\SystemLook.exe
[2012-09-30 14:36:54 | 3077,464,064 | -HS- | C] () -- C:\hiberfil.sys
[2012-09-26 20:56:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012-09-26 20:56:29 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012-09-26 20:54:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-09-26 20:54:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-09-26 20:54:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-09-26 20:54:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-09-26 20:54:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-09-25 15:46:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012-09-25 09:29:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-09-25 09:29:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012-09-24 17:42:10 | 000,881,724 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\SecurityCheck.exe
[2012-09-23 15:48:52 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\KK\Desktop\MBR.dat
[2012-09-18 17:38:11 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\KK\Application Data\Microsoft\Internet Explorer\Quick Launch\CoreTrade.lnk
[2012-09-18 16:53:15 | 000,002,955 | ---- | C] () -- C:\Documents and Settings\KK\Application Data\sbg.xml
[2012-09-18 16:49:07 | 000,023,545 | ---- | C] () -- C:\Documents and Settings\KK\Application Data\folidx1
[2012-08-16 15:07:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\setscan.ini
[2012-04-10 09:52:35 | 000,029,378 | ---- | C] () -- C:\WINDOWS\Pkunzip.exe
[2012-04-09 10:14:30 | 000,000,285 | ---- | C] () -- C:\WINDOWS\winros.ini
[2012-03-14 12:09:34 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\MetaLib.dll
[2012-03-05 19:04:32 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\fusioncache.dat
[2012-03-05 19:03:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\regset.INI
[2012-03-05 19:02:10 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2012-03-05 19:02:10 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\dbcapi.dll
[2012-03-05 19:02:09 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\LFCMP61N.DLL
[2012-03-05 19:02:09 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\Lfpng61n.dll
[2012-03-05 19:02:09 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL61N.DLL
[2012-03-05 19:02:09 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\MSWTHK32.DLL
[2012-03-05 19:02:09 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2012-03-05 19:02:09 | 000,003,360 | ---- | C] () -- C:\WINDOWS\System32\MSWTHK16.DLL
[2011-09-27 13:22:35 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2011-09-27 13:02:05 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2011-09-27 13:02:00 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2011-09-27 13:02:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2011-08-29 19:36:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\{775FAB5F-8909-4007-A2DF-0D79F8301DFC}
[2011-08-01 19:36:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\{F5D43B68-2EAA-4985-B68A-31D7D1BC0484}
[2011-06-14 20:15:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\{B2D1400A-2469-4B11-9C95-6B588D5F440B}
[2011-04-11 14:37:29 | 000,307,084 | ---- | C] () -- C:\Documents and Settings\KK\U_010311_009_002799_015844.pdf
[2011-03-24 11:21:52 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\KK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-03-23 17:33:12 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NT00INJ.DLL
[2011-03-23 17:33:12 | 000,001,024 | R--- | C] () -- C:\WINDOWS\DK00VSYS.DLL
[2011-03-23 17:24:07 | 000,019,083 | ---- | C] () -- C:\WINDOWS\Deltree.exe
[2011-03-07 18:15:27 | 000,864,256 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2011-03-07 18:15:27 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll
[2011-03-07 18:15:27 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2011-03-07 17:59:14 | 000,314,880 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2011-03-07 17:02:11 | 000,442,368 | R--- | C] () -- C:\WINDOWS\System32\zshp1020.exe
[2011-03-07 17:02:11 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2011-03-07 16:47:52 | 000,001,387 | ---- | C] () -- C:\WINDOWS\Bringer.INI
[2011-03-03 17:53:56 | 000,000,114 | ---- | C] () -- C:\Documents and Settings\KK\default.pls
[2011-03-01 13:06:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011-02-28 15:30:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011-02-28 13:38:30 | 000,001,308 | ---- | C] () -- C:\WINDOWS\vm332Rmv.ini
[2011-02-28 13:08:33 | 000,870,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng575.bin
[2011-02-28 13:08:33 | 000,127,868 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
[2011-02-28 13:08:33 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011-02-28 13:08:29 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011-02-28 12:08:15 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011-02-26 01:28:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-02-26 01:26:56 | 000,149,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-02-25 20:12:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-02-25 20:05:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2012-03-05 18:52:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

========== LOP Check ==========

[2012-04-03 15:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AMMYY
[2012-03-05 19:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012-03-05 19:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Equis
[2012-09-21 12:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011-02-26 08:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2012-03-24 10:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2012-03-24 14:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011-06-27 12:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KK\Application Data\NesterSoft
[2011-04-01 16:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KK\Application Data\Opera
[2011-03-30 09:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KK\Application Data\TeamViewer
[2011-03-07 16:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KK\Application Data\Xanadu Tools

========== Purity Check ==========



< End of report >

3. Is it safe to assume that the headache is not a brain tumor? That is to say, can we at least conclude that the error, or what remains of it, is NOT a threat?

4. Disabling windows firewall for installation of the third party firewall : Required only during installation - and to be re-enabled once installation is complete?

It was a pleasure working with you. Your meticulous step-by-step instructions made it so easy. Best wishes, and good luck to you.

[godawgs]

Hello,

Yes, the errors aren't malware or a virus or infection. You must disable the Windows firewall permanently if you install a third party firewall. You only want one firewall running.

Thank you for the kind words. But please stay with me through the cleanup of the tools we've used. This step is important. You still need to update your Adobe Reader program and we will do this as part of the cleanup. We do this not only to clean all of the unneeded files from your system, but to make sure that you don't have any outdated tools on the computer. The tools are updated frequently so there isn't any need to keep them on the system. I will be back with clean up instructions and a few suggestions

[godawgs]

Hello again,

Please read the post above this one if you haven't already. It answers the questions in your last post.

We need to update Adobe Reader.

Update Adobe Reader

Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy.

• Windows Vista /7 Users: Click the Start Orb and click Control Panel. Under the Programs heading click Uninstall a program
• Remove ALL instances of Adobe Reader
• Re-boot your computer as required.
• Once ALL versions of Adobe Reader have been uninstalled, download the latest version of Adobe Reader from Here.
• Remove the check mark next to Yes, install McAfee Security Scan Plus-optional box.
• Click the Download Now button to download Adobe Reader and follow the directions.

Alternative Option: After uninstalling Adobe Reader, you could try installing Foxit Reader from HERE. Foxit Reader is a much smaller program. It has fewer add-ons therefore loads more quickly.



OK! Well done. Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please proceed with the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.

Step-1.

Uninstall ESET

1. Please click the Start Orb, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

ESET

3. Click on each program to highlight it and click Change/Remove. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\ESET

2. Close Windows Explorer.

Step-2

Uninstall ComboFix

• Hold down the Windows key + R on your keyboard. This will display the Run dialogue box .
• In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
  
  
  
• Follow the prompts on the screen.
• A message should appear confirming that ComboFix was uninstalled

Step-3.

Uninstall AdwCleaner

Re-open AdwCleaner

• Click the Uninstall button
• Confirm with yes

Step-4.

Delete the following from the desktop:

OTL.exe
OTL.txt
Extras.txt
aswMBR.exe
aswMBR.txt
aswMBR.dat
FSS.exe
FSS.txt
Security check.exe
Checkup.txt
SystemLook.exe
SystemLook.txt
jre-7u7-windows-i586.exe

Step-5.

Folders to delete:

C:\_OTL

Delete any other .bat, .log, .txt, and any other files created during this process (except the ASPI32.reg file), and left on the desktop and empty the Recycle Bin.

Step-5.

Reset Hidden Files and Folders

1. Click Start.
2. Open My Computer.
4. Select the Tools menu and click Folder Options.
5. Select the View tab.
6. Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
7. Click the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK.

Step-6.

Make a Fresh Restore Point, Clear the Old Restore Points, and Re-enable System Restore

The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Windows XP

• Click Start > All Programs > Accessories > System tools > System Restore. The System Restore Wizard opens.
• Note: If the System Restore Wizard does not open, the System Restore feature may be turned off. To turn System Restore on, follow these steps:
• Click Start, click Control Panel, and then double-click System.
• Click the System Restore tab.
• Make sure that the Turn off System Restore check box is not selected. Or, make sure that the Turn off System Restore on all drives check box is not selected.
• Click OK.

[*] On the dialogue box that appears select Create a Restore Point
[*] Click NEXT
[*] Enter a name e.g. Clean
[*] Click CREATE
[*] Close System Restore[/list]Turn OFF System Restore.

• On the Desktop, right-click My Computer.
• Click Properties.
• Click the System Restore tab.
• Check Turn off System Restore.
• Click Apply, and then click OK.
  Restart your computer.

Turn ON System Restore.

• On the Desktop, right-click My Computer.
• Click Properties.
• Click the System Restore tab.
• UN-Check Turn off System Restore.
• Click Apply, and then click OK.
  System Restore will now be active again.

Preventing Re-Infection

Below, I have included a number of recommendations for how to protect your computer against future malware infections.

:Keep Windows Updated:-Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

XP Users: You must use Internet Explorer to Update Windows.
1. Click Start> All Programs, in the programs window that comes up, look for Windows Update toward the top of the list and click it.


:Turn On Automatic Updates:

XP Users:
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them


: Keep Java Updated :

• Click the Start button
• Click Control Panel
• Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
• Click the Update tab
• Click Update Now
• Allow any updates to be downloaded and installed

: Keep Adobe Reader Updated :

• Open Adobe Reader
• Click Help on the menu at the top
• Click Check for Updates
• Allow any updates to be downloaded and installed

NOTE: Whether you use Adobe Reader, Acrobat or Foxit Reader to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Click Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. Click OK Close program. It's the same for Foxit Reader except Preferences is under the Tools menu, and you uncheck Enable Javascript Actions.

:Web Browsers:

:Make your Internet Explorer more secure:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to "Prompt"
6. Change the Download unsigned ActiveX controls to "Disable"
7. Change the Initialize and script ActiveX controls not marked as safe to "Disable"
8. Change the Installation of desktop items to "Prompt"
9. Change the Launching programs and files in an IFRAME to "Prompt"
10. When all these settings have been made, click on the OK button.
11. If it prompts you as to whether or not you want to save the settings, click the Yes button.
12. Next press the Apply button and then the OK to exit the Internet Properties page.

:Alternate Browsers:

If you use Firefox, I highly recommend these add-ons to keep your PC even more secure.

• NoScript - for blocking ads and other potential website attacks
• WebOfTrust - a safe surfing tool for your browser. Traffic-light rating symbols show which websites you can trust when you search, shop and surf on the Web.
• McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

:Install the MVPs Hosts File:(Only needed for Firefox)

• MVPS Hosts file-replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

Preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running a full scan at least once a month. Run Quick Scans at least once a week. Download the Free versions. And update the definitions before running scans.

========Anti Spyware========

• Malwarebytes-Free Version- a powerful tool to search for and eliminate malware found on your computer.
• SUPERAntiSpyware Free Edition-another scanning tool to find and eliminate malware.
• SpywareBlaster-to help prevent spyware from installing in the first place. A tutorial can be found here.
• SpywareGuard-to catch and block spyware before it can execute. A tutorial can be found here.
• WinPatrol - will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found here.

It's a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

========TEMP File Cleaners========

• TFC by OldTimer-A very powerful cleaning program for 32 and 64 bit OS. Note: You may have this already as part of the fixes you have run.
• CleanUP-Click the Download CleanUP! link. There is also a Learn how to use CleanUP! link on this page.

:BACKUPS:

• Keep a backup of your important files.-Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
• ERUNT-(Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

:Keep Installed Programs Up to Date:

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
Download and install the program and run it monthly:
Filehippo Update Checker

Finally, please read How did I Get Infected in the First Place(by Mr. Tony Klein and dvk01)


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For 24 hours or so. If Anything Comes Up - Just Come Back And Let Me Know

Stay Safe
godawgs

[alphabetagamma]

Thank you for your highly informative post on preventing reinfections. It's amazing how thorough your approach is and I remain ever thankful to you. I would just like to seek your response on a couple of small points:

a) Without sounding ungrateful, if I am pretty much where I was when I initially requested help here (i.e., a minor error and nothing else much wrong with the machine), can I feel good about my overall careful use of the computer to not have any serious infections lurking in it? I mean, one look at the various posts here, and one can see a lot of people in serious distress due to infections. Whatever care I have applied is basically four things: 1) have an antivirus, 2) have a firewall, 3) not to open e-mail attachments from unknown (or even known) persons if there's any suspicion, and 4) not to download programs without checking on credentials of the programs and sites (e.g. using site-checking services like http://www.urlvoid.com/). Is this simplistic regime adequate for the times ? So far, it has done nicely for me.

b)does one need to update even those applications that do not normally access the web, e.g., winzip or vlc player. Can even such programs, if not updated, lead to infections? I normally prefer not to have auto-update enabled on any applications(barring anti-virus), just so I am not bombarded by constant reminders etc.

Thanks and regards.