ComboFix 12-01-12.02 - user 01/12/2012  18:16:36.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.597 [GMT 5.5:30]
Running from: f:\my documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\user\WINDOWS
c:\program files\Internet Explorer\dmlconf.dat
c:\windows\system32\Thumbs.db
D:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-12-12 to 2012-01-12  )))))))))))))))))))))))))))))))
.
.
2012-01-12 10:07 . 2012-01-12 10:07	--------	d-----w-	c:\documents and settings\user\Local Settings\Application Data\PCHealth
2012-01-11 16:15 . 2012-01-11 16:15	--------	d-----w-	c:\windows\system32\wbem\Repository
2012-01-11 16:14 . 2012-01-11 16:14	--------	d-----w-	c:\program files\Winamp Detect
2012-01-11 16:14 . 2012-01-11 16:14	--------	d-----w-	c:\program files\onOne Software
2012-01-11 16:13 . 2012-01-11 16:14	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-01-11 16:13 . 2012-01-11 16:13	--------	d-----w-	c:\program files\Adobe Download Assistant
2012-01-04 14:31 . 2012-01-04 14:31	--------	d-----w-	c:\documents and settings\user\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-12-16 16:22 . 2011-12-16 16:22	--------	d-----w-	c:\documents and settings\All Users\Application Data\McAfee
2011-12-16 16:20 . 2011-12-16 16:20	--------	d-----w-	c:\documents and settings\user\Local Settings\Application Data\Solid State Networks
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-16 16:46 . 2011-07-29 17:22	414368	-c--a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2011-07-27 12:16	41184	----a-w-	c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-07-27 12:16	199816	----a-w-	c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-07-31 16:29	435032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-07-27 12:16	314456	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-07-27 12:16	34392	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-07-27 12:16	52952	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-07-27 12:16	111320	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2011-07-27 12:16	105176	----a-w-	c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2011-07-27 12:16	20568	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2011-07-27 12:16	30808	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2011-11-28 12:53 . 2011-11-28 12:54	10944	----a-w-	c:\windows\BYEFISH.EXE
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01	122512	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\user\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-12-12 3305760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"FineReader7NewsReaderPro"="c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-08-19 278528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2007-11-30 53760]
.
c:\documents and settings\user\Start Menu\Programs\Startup\
Mopy Points Collector.lnk - c:\mopyfish\GETPOINT.EXE [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2009-03-02 05:44	57344	-c--a-w-	c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2008-06-19 11:12	2808832	-c--a-w-	c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22	3739648	----a-w-	c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 19:17	31016	-c--a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-01-21 05:50	166912	-c--a-w-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-01-21 05:50	134656	-c--a-w-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-11-26 09:24	1057064	----a-w-	c:\program files\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 04:47	5252408	-c--a-w-	c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 09:27	153136	-c--a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-01-21 05:48	134656	-c--a-w-	c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-08-24 10:31	18702336	-c--a-w-	c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-11-26 09:24	1629480	-c--a-w-	c:\program files\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2008-08-19 07:56	77824	-c--a-w-	c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
2007-03-03 08:42	341488	-c--a-w-	c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-12-06 22:02	74752	-c--a-w-	c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\user\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Documents and Settings\\user\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/31/2011 9:59 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/27/2011 5:46 PM 314456]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [11/30/2007 6:56 PM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/27/2011 5:46 PM 20568]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2/22/2011 2:47 AM 66560]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [11/25/2011 6:58 PM 104704]
S2 UDisk Monitor;UDisk Monitor;c:\program files\Reliance Netconnect - Broadband+\bin\MonServiceUDisk.exe [11/25/2011 6:58 PM 512000]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/27/2011 5:34 PM 1684736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
Akamai	REG_MULTI_SZ   	Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-06 c:\windows\Tasks\expressShakeIcon.job
- c:\program files\NCH Software\Express\express.exe [2011-09-05 05:27]
.
2012-01-08 c:\windows\Tasks\expresszipShakeIcon.job
- c:\program files\NCH Software\ExpressZip\expresszip.exe [2011-09-18 06:08]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1060284298-682003330-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-02 13:55]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1060284298-682003330-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-02 13:55]
.
2012-01-04 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files\NCH Software\Scribe\scribe.exe [2011-09-05 05:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\88r1gxr7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://in.yahoo.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-12 18:21
Windows 5.1.2600 Service Pack 3, v.3264 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
Completion time: 2012-01-12  18:23:03
ComboFix-quarantined-files.txt  2012-01-12 12:53
.
Pre-Run: 12,640,292,864 bytes free
Post-Run: 12,722,634,752 bytes free
.
- - End Of File - - 53A03BEBB962889B8E1CF715CFF92BE4