ComboFix 13-01-17.04 - Owner 01/19/2013 15:02:24.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.182 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\system32\MpEngineStore\MpKsl08115bda.sys"
"c:\windows\Tasks\MP Scheduled Scan.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\dmlconf.dat
c:\program files\Java
c:\program files\Java\j2re1.4.2_03\bin\jDRM0300.dll
c:\program files\Java\j2re1.4.2_03\lib\applet\WMPNS.jar
c:\program files\Java\j2re1.4.2_03\lib\ext\DRM0300Java.jar
c:\program files\Java\jre1.6.0_07\lib\ext\QTJava.zip
c:\program files\Java\jre6\bin\awt.dll
c:\program files\Java\jre6\bin\axbridge.dll
c:\program files\Java\jre6\bin\client\classes.jsa
c:\program files\Java\jre6\bin\client\jvm.dll
c:\program files\Java\jre6\bin\client\Xusage.txt
c:\program files\Java\jre6\bin\cmm.dll
c:\program files\Java\jre6\bin\dcpr.dll
c:\program files\Java\jre6\bin\deploy.dll
c:\program files\Java\jre6\bin\deploytk.dll
c:\program files\Java\jre6\bin\dt_shmem.dll
c:\program files\Java\jre6\bin\dt_socket.dll
c:\program files\Java\jre6\bin\fontmanager.dll
c:\program files\Java\jre6\bin\hpi.dll
c:\program files\Java\jre6\bin\hprof.dll
c:\program files\Java\jre6\bin\instrument.dll
c:\program files\Java\jre6\bin\ioser12.dll
c:\program files\Java\jre6\bin\j2pcsc.dll
c:\program files\Java\jre6\bin\j2pkcs11.dll
c:\program files\Java\jre6\bin\jaas_nt.dll
c:\program files\Java\jre6\bin\java-rmi.exe
c:\program files\Java\jre6\bin\java.dll
c:\program files\Java\jre6\bin\java.exe
c:\program files\Java\jre6\bin\java_crw_demo.dll
c:\program files\Java\jre6\bin\javacpl.cpl
c:\program files\Java\jre6\bin\javacpl.exe
c:\program files\Java\jre6\bin\javaw.exe
c:\program files\Java\jre6\bin\javaws.exe
c:\program files\Java\jre6\bin\jawt.dll
c:\program files\Java\jre6\bin\jbroker.exe
c:\program files\Java\jre6\bin\JdbcOdbc.dll
c:\program files\Java\jre6\bin\jdwp.dll
c:\program files\Java\jre6\bin\jkernel.dll
c:\program files\Java\jre6\bin\jli.dll
c:\program files\Java\jre6\bin\jp2iexp.dll
c:\program files\Java\jre6\bin\jp2launcher.exe
c:\program files\Java\jre6\bin\jp2native.dll
c:\program files\Java\jre6\bin\jp2ssv.dll
c:\program files\Java\jre6\bin\jpeg.dll
c:\program files\Java\jre6\bin\jpicom.dll
c:\program files\Java\jre6\bin\jpiexp.dll
c:\program files\Java\jre6\bin\jpinscp.dll
c:\program files\Java\jre6\bin\jpioji.dll
c:\program files\Java\jre6\bin\jpishare.dll
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Java\jre6\bin\jqsnotify.exe
c:\program files\Java\jre6\bin\jsound.dll
c:\program files\Java\jre6\bin\jsoundds.dll
c:\program files\Java\jre6\bin\jucheck.exe
c:\program files\Java\jre6\bin\jureg.exe
c:\program files\Java\jre6\bin\jusched.exe
c:\program files\Java\jre6\bin\keytool.exe
c:\program files\Java\jre6\bin\kinit.exe
c:\program files\Java\jre6\bin\klist.exe
c:\program files\Java\jre6\bin\ktab.exe
c:\program files\Java\jre6\bin\management.dll
c:\program files\Java\jre6\bin\mlib_image.dll
c:\program files\Java\jre6\bin\msvcr71.dll
c:\program files\Java\jre6\bin\msvcrt.dll
c:\program files\Java\jre6\bin\net.dll
c:\program files\Java\jre6\bin\new_plugin\msvcr71.dll
c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
c:\program files\Java\jre6\bin\nio.dll
c:\program files\Java\jre6\bin\npdeploytk.dll
c:\program files\Java\jre6\bin\npjpi160_11.dll
c:\program files\Java\jre6\bin\npoji610.dll
c:\program files\Java\jre6\bin\npt.dll
c:\program files\Java\jre6\bin\orbd.exe
c:\program files\Java\jre6\bin\pack200.exe
c:\program files\Java\jre6\bin\policytool.exe
c:\program files\Java\jre6\bin\regutils.dll
c:\program files\Java\jre6\bin\rmi.dll
c:\program files\Java\jre6\bin\rmid.exe
c:\program files\Java\jre6\bin\rmiregistry.exe
c:\program files\Java\jre6\bin\servertool.exe
c:\program files\Java\jre6\bin\splashscreen.dll
c:\program files\Java\jre6\bin\ssvagent.exe
c:\program files\Java\jre6\bin\sunmscapi.dll
c:\program files\Java\jre6\bin\tnameserv.exe
c:\program files\Java\jre6\bin\unicows.dll
c:\program files\Java\jre6\bin\unpack.dll
c:\program files\Java\jre6\bin\unpack200.exe
c:\program files\Java\jre6\bin\verify.dll
c:\program files\Java\jre6\bin\w2k_lsa_auth.dll
c:\program files\Java\jre6\bin\wsdetect.dll
c:\program files\Java\jre6\bin\zip.dll
c:\program files\Java\jre6\COPYRIGHT
c:\program files\Java\jre6\lib\applet\WMPNS.jar
c:\program files\Java\jre6\lib\calendars.properties
c:\program files\Java\jre6\lib\classlist
c:\program files\Java\jre6\lib\cmm\CIEXYZ.pf
c:\program files\Java\jre6\lib\cmm\GRAY.pf
c:\program files\Java\jre6\lib\cmm\LINEAR_RGB.pf
c:\program files\Java\jre6\lib\cmm\sRGB.pf
c:\program files\Java\jre6\lib\content-types.properties
c:\program files\Java\jre6\lib\deploy.jar
c:\program files\Java\jre6\lib\deploy\ffjcext.zip
c:\program files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest
c:\program files\Java\jre6\lib\deploy\jqs\ff\chrome\content\overlay.js
c:\program files\Java\jre6\lib\deploy\jqs\ff\chrome\content\overlay.xul
c:\program files\Java\jre6\lib\deploy\jqs\ff\install.rdf
c:\program files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf
c:\program files\Java\jre6\lib\deploy\jqs\jqsmessages.properties
c:\program files\Java\jre6\lib\deploy\lzma.dll
c:\program files\Java\jre6\lib\deploy\messages.properties
c:\program files\Java\jre6\lib\deploy\messages_de.properties
c:\program files\Java\jre6\lib\deploy\messages_es.properties
c:\program files\Java\jre6\lib\deploy\messages_fr.properties
c:\program files\Java\jre6\lib\deploy\messages_it.properties
c:\program files\Java\jre6\lib\deploy\messages_ja.properties
c:\program files\Java\jre6\lib\deploy\messages_ko.properties
c:\program files\Java\jre6\lib\deploy\messages_sv.properties
c:\program files\Java\jre6\lib\deploy\messages_zh_CN.properties
c:\program files\Java\jre6\lib\deploy\messages_zh_HK.properties
c:\program files\Java\jre6\lib\deploy\messages_zh_TW.properties
c:\program files\Java\jre6\lib\deploy\splash.gif
c:\program files\Java\jre6\lib\ext\dnsns.jar
c:\program files\Java\jre6\lib\ext\meta-index
c:\program files\Java\jre6\lib\ext\sunjce_provider.jar
c:\program files\Java\jre6\lib\ext\sunmscapi.jar
c:\program files\Java\jre6\lib\ext\sunpkcs11.jar
c:\program files\Java\jre6\lib\flavormap.properties
c:\program files\Java\jre6\lib\fontconfig.98.bfc
c:\program files\Java\jre6\lib\fontconfig.98.properties.src
c:\program files\Java\jre6\lib\fontconfig.bfc
c:\program files\Java\jre6\lib\fontconfig.properties.src
c:\program files\Java\jre6\lib\fonts\LucidaSansRegular.ttf
c:\program files\Java\jre6\lib\i386\jvm.cfg
c:\program files\Java\jre6\lib\im\indicim.jar
c:\program files\Java\jre6\lib\im\thaiim.jar
c:\program files\Java\jre6\lib\images\cursors\cursors.properties
c:\program files\Java\jre6\lib\images\cursors\invalid32x32.gif
c:\program files\Java\jre6\lib\images\cursors\win32_CopyDrop32x32.gif
c:\program files\Java\jre6\lib\images\cursors\win32_CopyNoDrop32x32.gif
c:\program files\Java\jre6\lib\images\cursors\win32_LinkDrop32x32.gif
c:\program files\Java\jre6\lib\images\cursors\win32_LinkNoDrop32x32.gif
c:\program files\Java\jre6\lib\images\cursors\win32_MoveDrop32x32.gif
c:\program files\Java\jre6\lib\images\cursors\win32_MoveNoDrop32x32.gif
c:\program files\Java\jre6\lib\javaws.jar
c:\program files\Java\jre6\lib\jce.jar
c:\program files\Java\jre6\lib\jsse.jar
c:\program files\Java\jre6\lib\jvm.hprof.txt
c:\program files\Java\jre6\lib\logging.properties
c:\program files\Java\jre6\lib\management-agent.jar
c:\program files\Java\jre6\lib\management\jmxremote.access
c:\program files\Java\jre6\lib\management\jmxremote.password.template
c:\program files\Java\jre6\lib\management\management.properties
c:\program files\Java\jre6\lib\management\snmp.acl.template
c:\program files\Java\jre6\lib\meta-index
c:\program files\Java\jre6\lib\net.properties
c:\program files\Java\jre6\lib\plugin.jar
c:\program files\Java\jre6\lib\psfont.properties.ja
c:\program files\Java\jre6\lib\psfontj2d.properties
c:\program files\Java\jre6\lib\resources.jar
c:\program files\Java\jre6\lib\rt.jar
c:\program files\Java\jre6\lib\security\cacerts
c:\program files\Java\jre6\lib\security\java.policy
c:\program files\Java\jre6\lib\security\java.security
c:\program files\Java\jre6\lib\security\javaws.policy
c:\program files\Java\jre6\lib\security\local_policy.jar
c:\program files\Java\jre6\lib\security\US_export_policy.jar
c:\program files\Java\jre6\lib\servicetag\jdk_header.png
c:\program files\Java\jre6\lib\sound.properties
c:\program files\Java\jre6\lib\tzmappings
c:\program files\Java\jre6\lib\zi\Africa\Abidjan
c:\program files\Java\jre6\lib\zi\Africa\Accra
c:\program files\Java\jre6\lib\zi\Africa\Addis_Ababa
c:\program files\Java\jre6\lib\zi\Africa\Algiers
c:\program files\Java\jre6\lib\zi\Africa\Asmara
c:\program files\Java\jre6\lib\zi\Africa\Bamako
c:\program files\Java\jre6\lib\zi\Africa\Bangui
c:\program files\Java\jre6\lib\zi\Africa\Banjul
c:\program files\Java\jre6\lib\zi\Africa\Bissau
c:\program files\Java\jre6\lib\zi\Africa\Blantyre
c:\program files\Java\jre6\lib\zi\Africa\Brazzaville
c:\program files\Java\jre6\lib\zi\Africa\Bujumbura
c:\program files\Java\jre6\lib\zi\Africa\Cairo
c:\program files\Java\jre6\lib\zi\Africa\Casablanca
c:\program files\Java\jre6\lib\zi\Africa\Ceuta
c:\program files\Java\jre6\lib\zi\Africa\Conakry
c:\program files\Java\jre6\lib\zi\Africa\Dakar
c:\program files\Java\jre6\lib\zi\Africa\Dar_es_Salaam
c:\program files\Java\jre6\lib\zi\Africa\Djibouti
c:\program files\Java\jre6\lib\zi\Africa\Douala
c:\program files\Java\jre6\lib\zi\Africa\El_Aaiun
c:\program files\Java\jre6\lib\zi\Africa\Freetown
c:\program files\Java\jre6\lib\zi\Africa\Gaborone
c:\program files\Java\jre6\lib\zi\Africa\Harare
c:\program files\Java\jre6\lib\zi\Africa\Johannesburg
c:\program files\Java\jre6\lib\zi\Africa\Kampala
c:\program files\Java\jre6\lib\zi\Africa\Khartoum
c:\program files\Java\jre6\lib\zi\Africa\Kigali
c:\program files\Java\jre6\lib\zi\Africa\Kinshasa
c:\program files\Java\jre6\lib\zi\Africa\Lagos
c:\program files\Java\jre6\lib\zi\Africa\Libreville
c:\program files\Java\jre6\lib\zi\Africa\Lome
c:\program files\Java\jre6\lib\zi\Africa\Luanda
c:\program files\Java\jre6\lib\zi\Africa\Lubumbashi
c:\program files\Java\jre6\lib\zi\Africa\Lusaka
c:\program files\Java\jre6\lib\zi\Africa\Malabo
c:\program files\Java\jre6\lib\zi\Africa\Maputo
c:\program files\Java\jre6\lib\zi\Africa\Maseru
c:\program files\Java\jre6\lib\zi\Africa\Mbabane
c:\program files\Java\jre6\lib\zi\Africa\Mogadishu
c:\program files\Java\jre6\lib\zi\Africa\Monrovia
c:\program files\Java\jre6\lib\zi\Africa\Nairobi
c:\program files\Java\jre6\lib\zi\Africa\Ndjamena
c:\program files\Java\jre6\lib\zi\Africa\Niamey
c:\program files\Java\jre6\lib\zi\Africa\Nouakchott
c:\program files\Java\jre6\lib\zi\Africa\Ouagadougou
c:\program files\Java\jre6\lib\zi\Africa\Porto-Novo
c:\program files\Java\jre6\lib\zi\Africa\Sao_Tome
c:\program files\Java\jre6\lib\zi\Africa\Tripoli
c:\program files\Java\jre6\lib\zi\Africa\Tunis
c:\program files\Java\jre6\lib\zi\Africa\Windhoek
c:\program files\Java\jre6\lib\zi\America\Adak
c:\program files\Java\jre6\lib\zi\America\Anchorage
c:\program files\Java\jre6\lib\zi\America\Anguilla
c:\program files\Java\jre6\lib\zi\America\Antigua
c:\program files\Java\jre6\lib\zi\America\Araguaina
c:\program files\Java\jre6\lib\zi\America\Argentina\Buenos_Aires
c:\program files\Java\jre6\lib\zi\America\Argentina\Catamarca
c:\program files\Java\jre6\lib\zi\America\Argentina\Cordoba
c:\program files\Java\jre6\lib\zi\America\Argentina\Jujuy
c:\program files\Java\jre6\lib\zi\America\Argentina\La_Rioja
c:\program files\Java\jre6\lib\zi\America\Argentina\Mendoza
c:\program files\Java\jre6\lib\zi\America\Argentina\Rio_Gallegos
c:\program files\Java\jre6\lib\zi\America\Argentina\Salta
c:\program files\Java\jre6\lib\zi\America\Argentina\San_Juan
c:\program files\Java\jre6\lib\zi\America\Argentina\San_Luis
c:\program files\Java\jre6\lib\zi\America\Argentina\Tucuman
c:\program files\Java\jre6\lib\zi\America\Argentina\Ushuaia
c:\program files\Java\jre6\lib\zi\America\Aruba
c:\program files\Java\jre6\lib\zi\America\Asuncion
c:\program files\Java\jre6\lib\zi\America\Atikokan
c:\program files\Java\jre6\lib\zi\America\Bahia
c:\program files\Java\jre6\lib\zi\America\Barbados
c:\program files\Java\jre6\lib\zi\America\Belem
c:\program files\Java\jre6\lib\zi\America\Belize
c:\program files\Java\jre6\lib\zi\America\Blanc-Sablon
c:\program files\Java\jre6\lib\zi\America\Boa_Vista
c:\program files\Java\jre6\lib\zi\America\Bogota
c:\program files\Java\jre6\lib\zi\America\Boise
c:\program files\Java\jre6\lib\zi\America\Cambridge_Bay
c:\program files\Java\jre6\lib\zi\America\Campo_Grande
c:\program files\Java\jre6\lib\zi\America\Cancun
c:\program files\Java\jre6\lib\zi\America\Caracas
c:\program files\Java\jre6\lib\zi\America\Cayenne
c:\program files\Java\jre6\lib\zi\America\Cayman
c:\program files\Java\jre6\lib\zi\America\Chicago
c:\program files\Java\jre6\lib\zi\America\Chihuahua
c:\program files\Java\jre6\lib\zi\America\Costa_Rica
c:\program files\Java\jre6\lib\zi\America\Cuiaba
c:\program files\Java\jre6\lib\zi\America\Curacao
c:\program files\Java\jre6\lib\zi\America\Danmarkshavn
c:\program files\Java\jre6\lib\zi\America\Dawson
c:\program files\Java\jre6\lib\zi\America\Dawson_Creek
c:\program files\Java\jre6\lib\zi\America\Denver
c:\program files\Java\jre6\lib\zi\America\Detroit
c:\program files\Java\jre6\lib\zi\America\Dominica
c:\program files\Java\jre6\lib\zi\America\Edmonton
c:\program files\Java\jre6\lib\zi\America\Eirunepe
c:\program files\Java\jre6\lib\zi\America\El_Salvador
c:\program files\Java\jre6\lib\zi\America\Fortaleza
c:\program files\Java\jre6\lib\zi\America\Glace_Bay
c:\program files\Java\jre6\lib\zi\America\Godthab
c:\program files\Java\jre6\lib\zi\America\Goose_Bay
c:\program files\Java\jre6\lib\zi\America\Grand_Turk
c:\program files\Java\jre6\lib\zi\America\Grenada
c:\program files\Java\jre6\lib\zi\America\Guadeloupe
c:\program files\Java\jre6\lib\zi\America\Guatemala
c:\program files\Java\jre6\lib\zi\America\Guayaquil
c:\program files\Java\jre6\lib\zi\America\Guyana
c:\program files\Java\jre6\lib\zi\America\Halifax
c:\program files\Java\jre6\lib\zi\America\Havana
c:\program files\Java\jre6\lib\zi\America\Hermosillo
c:\program files\Java\jre6\lib\zi\America\Indiana\Indianapolis
c:\program files\Java\jre6\lib\zi\America\Indiana\Knox
c:\program files\Java\jre6\lib\zi\America\Indiana\Marengo
c:\program files\Java\jre6\lib\zi\America\Indiana\Petersburg
c:\program files\Java\jre6\lib\zi\America\Indiana\Tell_City
c:\program files\Java\jre6\lib\zi\America\Indiana\Vevay
c:\program files\Java\jre6\lib\zi\America\Indiana\Vincennes
c:\program files\Java\jre6\lib\zi\America\Indiana\Winamac
c:\program files\Java\jre6\lib\zi\America\Inuvik
c:\program files\Java\jre6\lib\zi\America\Iqaluit
c:\program files\Java\jre6\lib\zi\America\Jamaica
c:\program files\Java\jre6\lib\zi\America\Juneau
c:\program files\Java\jre6\lib\zi\America\Kentucky\Louisville
c:\program files\Java\jre6\lib\zi\America\Kentucky\Monticello
c:\program files\Java\jre6\lib\zi\America\La_Paz
c:\program files\Java\jre6\lib\zi\America\Lima
c:\program files\Java\jre6\lib\zi\America\Los_Angeles
c:\program files\Java\jre6\lib\zi\America\Maceio
c:\program files\Java\jre6\lib\zi\America\Managua
c:\program files\Java\jre6\lib\zi\America\Manaus
c:\program files\Java\jre6\lib\zi\America\Martinique
c:\program files\Java\jre6\lib\zi\America\Mazatlan
c:\program files\Java\jre6\lib\zi\America\Menominee
c:\program files\Java\jre6\lib\zi\America\Merida
c:\program files\Java\jre6\lib\zi\America\Mexico_City
c:\program files\Java\jre6\lib\zi\America\Miquelon
c:\program files\Java\jre6\lib\zi\America\Moncton
c:\program files\Java\jre6\lib\zi\America\Monterrey
c:\program files\Java\jre6\lib\zi\America\Montevideo
c:\program files\Java\jre6\lib\zi\America\Montreal
c:\program files\Java\jre6\lib\zi\America\Montserrat
c:\program files\Java\jre6\lib\zi\America\Nassau
c:\program files\Java\jre6\lib\zi\America\New_York
c:\program files\Java\jre6\lib\zi\America\Nipigon
c:\program files\Java\jre6\lib\zi\America\Nome
c:\program files\Java\jre6\lib\zi\America\Noronha
c:\program files\Java\jre6\lib\zi\America\North_Dakota\Center
c:\program files\Java\jre6\lib\zi\America\North_Dakota\New_Salem
c:\program files\Java\jre6\lib\zi\America\Panama
c:\program files\Java\jre6\lib\zi\America\Pangnirtung
c:\program files\Java\jre6\lib\zi\America\Paramaribo
c:\program files\Java\jre6\lib\zi\America\Phoenix
c:\program files\Java\jre6\lib\zi\America\Port-au-Prince
c:\program files\Java\jre6\lib\zi\America\Port_of_Spain
c:\program files\Java\jre6\lib\zi\America\Porto_Velho
c:\program files\Java\jre6\lib\zi\America\Puerto_Rico
c:\program files\Java\jre6\lib\zi\America\Rainy_River
c:\program files\Java\jre6\lib\zi\America\Rankin_Inlet
c:\program files\Java\jre6\lib\zi\America\Recife
c:\program files\Java\jre6\lib\zi\America\Regina
c:\program files\Java\jre6\lib\zi\America\Resolute
c:\program files\Java\jre6\lib\zi\America\Rio_Branco
c:\program files\Java\jre6\lib\zi\America\Santarem
c:\program files\Java\jre6\lib\zi\America\Santiago
c:\program files\Java\jre6\lib\zi\America\Santo_Domingo
c:\program files\Java\jre6\lib\zi\America\Sao_Paulo
c:\program files\Java\jre6\lib\zi\America\Scoresbysund
c:\program files\Java\jre6\lib\zi\America\St_Johns
c:\program files\Java\jre6\lib\zi\America\St_Kitts
c:\program files\Java\jre6\lib\zi\America\St_Lucia
c:\program files\Java\jre6\lib\zi\America\St_Thomas
c:\program files\Java\jre6\lib\zi\America\St_Vincent
c:\program files\Java\jre6\lib\zi\America\Swift_Current
c:\program files\Java\jre6\lib\zi\America\Tegucigalpa
c:\program files\Java\jre6\lib\zi\America\Thule
c:\program files\Java\jre6\lib\zi\America\Thunder_Bay
c:\program files\Java\jre6\lib\zi\America\Tijuana
c:\program files\Java\jre6\lib\zi\America\Toronto
c:\program files\Java\jre6\lib\zi\America\Tortola
c:\program files\Java\jre6\lib\zi\America\Vancouver
c:\program files\Java\jre6\lib\zi\America\Whitehorse
c:\program files\Java\jre6\lib\zi\America\Winnipeg
c:\program files\Java\jre6\lib\zi\America\Yakutat
c:\program files\Java\jre6\lib\zi\America\Yellowknife
c:\program files\Java\jre6\lib\zi\Antarctica\Casey
c:\program files\Java\jre6\lib\zi\Antarctica\Davis
c:\program files\Java\jre6\lib\zi\Antarctica\DumontDUrville
c:\program files\Java\jre6\lib\zi\Antarctica\Mawson
c:\program files\Java\jre6\lib\zi\Antarctica\McMurdo
c:\program files\Java\jre6\lib\zi\Antarctica\Palmer
c:\program files\Java\jre6\lib\zi\Antarctica\Rothera
c:\program files\Java\jre6\lib\zi\Antarctica\Syowa
c:\program files\Java\jre6\lib\zi\Antarctica\Vostok
c:\program files\Java\jre6\lib\zi\Asia\Aden
c:\program files\Java\jre6\lib\zi\Asia\Almaty
c:\program files\Java\jre6\lib\zi\Asia\Amman
c:\program files\Java\jre6\lib\zi\Asia\Anadyr
c:\program files\Java\jre6\lib\zi\Asia\Aqtau
c:\program files\Java\jre6\lib\zi\Asia\Aqtobe
c:\program files\Java\jre6\lib\zi\Asia\Ashgabat
c:\program files\Java\jre6\lib\zi\Asia\Baghdad
c:\program files\Java\jre6\lib\zi\Asia\Bahrain
c:\program files\Java\jre6\lib\zi\Asia\Baku
c:\program files\Java\jre6\lib\zi\Asia\Bangkok
c:\program files\Java\jre6\lib\zi\Asia\Beirut
c:\program files\Java\jre6\lib\zi\Asia\Bishkek
c:\program files\Java\jre6\lib\zi\Asia\Brunei
c:\program files\Java\jre6\lib\zi\Asia\Choibalsan
c:\program files\Java\jre6\lib\zi\Asia\Chongqing
c:\program files\Java\jre6\lib\zi\Asia\Colombo
c:\program files\Java\jre6\lib\zi\Asia\Damascus
c:\program files\Java\jre6\lib\zi\Asia\Dhaka
c:\program files\Java\jre6\lib\zi\Asia\Dili
c:\program files\Java\jre6\lib\zi\Asia\Dubai
c:\program files\Java\jre6\lib\zi\Asia\Dushanbe
c:\program files\Java\jre6\lib\zi\Asia\Gaza
c:\program files\Java\jre6\lib\zi\Asia\Harbin
c:\program files\Java\jre6\lib\zi\Asia\Ho_Chi_Minh
c:\program files\Java\jre6\lib\zi\Asia\Hong_Kong
c:\program files\Java\jre6\lib\zi\Asia\Hovd
c:\program files\Java\jre6\lib\zi\Asia\Irkutsk
c:\program files\Java\jre6\lib\zi\Asia\Jakarta
c:\program files\Java\jre6\lib\zi\Asia\Jayapura
c:\program files\Java\jre6\lib\zi\Asia\Jerusalem
c:\program files\Java\jre6\lib\zi\Asia\Kabul
c:\program files\Java\jre6\lib\zi\Asia\Kamchatka
c:\program files\Java\jre6\lib\zi\Asia\Karachi
c:\program files\Java\jre6\lib\zi\Asia\Kashgar
c:\program files\Java\jre6\lib\zi\Asia\Katmandu
c:\program files\Java\jre6\lib\zi\Asia\Kolkata
c:\program files\Java\jre6\lib\zi\Asia\Krasnoyarsk
c:\program files\Java\jre6\lib\zi\Asia\Kuala_Lumpur
c:\program files\Java\jre6\lib\zi\Asia\Kuching
c:\program files\Java\jre6\lib\zi\Asia\Kuwait
c:\program files\Java\jre6\lib\zi\Asia\Macau
c:\program files\Java\jre6\lib\zi\Asia\Magadan
c:\program files\Java\jre6\lib\zi\Asia\Makassar
c:\program files\Java\jre6\lib\zi\Asia\Manila
c:\program files\Java\jre6\lib\zi\Asia\Muscat
c:\program files\Java\jre6\lib\zi\Asia\Nicosia
c:\program files\Java\jre6\lib\zi\Asia\Novosibirsk
c:\program files\Java\jre6\lib\zi\Asia\Omsk
c:\program files\Java\jre6\lib\zi\Asia\Oral
c:\program files\Java\jre6\lib\zi\Asia\Phnom_Penh
c:\program files\Java\jre6\lib\zi\Asia\Pontianak
c:\program files\Java\jre6\lib\zi\Asia\Pyongyang
c:\program files\Java\jre6\lib\zi\Asia\Qatar
c:\program files\Java\jre6\lib\zi\Asia\Qyzylorda
c:\program files\Java\jre6\lib\zi\Asia\Rangoon
c:\program files\Java\jre6\lib\zi\Asia\Riyadh
c:\program files\Java\jre6\lib\zi\Asia\Riyadh87
c:\program files\Java\jre6\lib\zi\Asia\Riyadh88
c:\program files\Java\jre6\lib\zi\Asia\Riyadh89
c:\program files\Java\jre6\lib\zi\Asia\Sakhalin
c:\program files\Java\jre6\lib\zi\Asia\Samarkand
c:\program files\Java\jre6\lib\zi\Asia\Seoul
c:\program files\Java\jre6\lib\zi\Asia\Shanghai
c:\program files\Java\jre6\lib\zi\Asia\Singapore
c:\program files\Java\jre6\lib\zi\Asia\Taipei
c:\program files\Java\jre6\lib\zi\Asia\Tashkent
c:\program files\Java\jre6\lib\zi\Asia\Tbilisi
c:\program files\Java\jre6\lib\zi\Asia\Tehran
c:\program files\Java\jre6\lib\zi\Asia\Thimphu
c:\program files\Java\jre6\lib\zi\Asia\Tokyo
c:\program files\Java\jre6\lib\zi\Asia\Ulaanbaatar
c:\program files\Java\jre6\lib\zi\Asia\Urumqi
c:\program files\Java\jre6\lib\zi\Asia\Vientiane
c:\program files\Java\jre6\lib\zi\Asia\Vladivostok
c:\program files\Java\jre6\lib\zi\Asia\Yakutsk
c:\program files\Java\jre6\lib\zi\Asia\Yekaterinburg
c:\program files\Java\jre6\lib\zi\Asia\Yerevan
c:\program files\Java\jre6\lib\zi\Atlantic\Azores
c:\program files\Java\jre6\lib\zi\Atlantic\Bermuda
c:\program files\Java\jre6\lib\zi\Atlantic\Canary
c:\program files\Java\jre6\lib\zi\Atlantic\Cape_Verde
c:\program files\Java\jre6\lib\zi\Atlantic\Faroe
c:\program files\Java\jre6\lib\zi\Atlantic\Madeira
c:\program files\Java\jre6\lib\zi\Atlantic\Reykjavik
c:\program files\Java\jre6\lib\zi\Atlantic\South_Georgia
c:\program files\Java\jre6\lib\zi\Atlantic\St_Helena
c:\program files\Java\jre6\lib\zi\Atlantic\Stanley
c:\program files\Java\jre6\lib\zi\Australia\Adelaide
c:\program files\Java\jre6\lib\zi\Australia\Brisbane
c:\program files\Java\jre6\lib\zi\Australia\Broken_Hill
c:\program files\Java\jre6\lib\zi\Australia\Currie
c:\program files\Java\jre6\lib\zi\Australia\Darwin
c:\program files\Java\jre6\lib\zi\Australia\Eucla
c:\program files\Java\jre6\lib\zi\Australia\Hobart
c:\program files\Java\jre6\lib\zi\Australia\Lindeman
c:\program files\Java\jre6\lib\zi\Australia\Lord_Howe
c:\program files\Java\jre6\lib\zi\Australia\Melbourne
c:\program files\Java\jre6\lib\zi\Australia\Perth
c:\program files\Java\jre6\lib\zi\Australia\Sydney
c:\program files\Java\jre6\lib\zi\CET
c:\program files\Java\jre6\lib\zi\CST6CDT
c:\program files\Java\jre6\lib\zi\EET
c:\program files\Java\jre6\lib\zi\EST
c:\program files\Java\jre6\lib\zi\EST5EDT
c:\program files\Java\jre6\lib\zi\Etc\GMT-1
c:\program files\Java\jre6\lib\zi\Etc\GMT-10
c:\program files\Java\jre6\lib\zi\Etc\GMT-11
c:\program files\Java\jre6\lib\zi\Etc\GMT-12
c:\program files\Java\jre6\lib\zi\Etc\GMT-13
c:\program files\Java\jre6\lib\zi\Etc\GMT-14
c:\program files\Java\jre6\lib\zi\Etc\GMT-2
c:\program files\Java\jre6\lib\zi\Etc\GMT-3
c:\program files\Java\jre6\lib\zi\Etc\GMT-4
c:\program files\Java\jre6\lib\zi\Etc\GMT-5
c:\program files\Java\jre6\lib\zi\Etc\GMT-6
c:\program files\Java\jre6\lib\zi\Etc\GMT-7
c:\program files\Java\jre6\lib\zi\Etc\GMT-8
c:\program files\Java\jre6\lib\zi\Etc\GMT-9
c:\program files\Java\jre6\lib\zi\Etc\GMT
c:\program files\Java\jre6\lib\zi\Etc\GMT+1
c:\program files\Java\jre6\lib\zi\Etc\GMT+10
c:\program files\Java\jre6\lib\zi\Etc\GMT+11
c:\program files\Java\jre6\lib\zi\Etc\GMT+12
c:\program files\Java\jre6\lib\zi\Etc\GMT+2
c:\program files\Java\jre6\lib\zi\Etc\GMT+3
c:\program files\Java\jre6\lib\zi\Etc\GMT+4
c:\program files\Java\jre6\lib\zi\Etc\GMT+5
c:\program files\Java\jre6\lib\zi\Etc\GMT+6
c:\program files\Java\jre6\lib\zi\Etc\GMT+7
c:\program files\Java\jre6\lib\zi\Etc\GMT+8
c:\program files\Java\jre6\lib\zi\Etc\GMT+9
c:\program files\Java\jre6\lib\zi\Etc\UCT
c:\program files\Java\jre6\lib\zi\Etc\UTC
c:\program files\Java\jre6\lib\zi\Europe\Amsterdam
c:\program files\Java\jre6\lib\zi\Europe\Andorra
c:\program files\Java\jre6\lib\zi\Europe\Athens
c:\program files\Java\jre6\lib\zi\Europe\Belgrade
c:\program files\Java\jre6\lib\zi\Europe\Berlin
c:\program files\Java\jre6\lib\zi\Europe\Brussels
c:\program files\Java\jre6\lib\zi\Europe\Bucharest
c:\program files\Java\jre6\lib\zi\Europe\Budapest
c:\program files\Java\jre6\lib\zi\Europe\Chisinau
c:\program files\Java\jre6\lib\zi\Europe\Copenhagen
c:\program files\Java\jre6\lib\zi\Europe\Dublin
c:\program files\Java\jre6\lib\zi\Europe\Gibraltar
c:\program files\Java\jre6\lib\zi\Europe\Helsinki
c:\program files\Java\jre6\lib\zi\Europe\Istanbul
c:\program files\Java\jre6\lib\zi\Europe\Kaliningrad
c:\program files\Java\jre6\lib\zi\Europe\Kiev
c:\program files\Java\jre6\lib\zi\Europe\Lisbon
c:\program files\Java\jre6\lib\zi\Europe\London
c:\program files\Java\jre6\lib\zi\Europe\Luxembourg
c:\program files\Java\jre6\lib\zi\Europe\Madrid
c:\program files\Java\jre6\lib\zi\Europe\Malta
c:\program files\Java\jre6\lib\zi\Europe\Minsk
c:\program files\Java\jre6\lib\zi\Europe\Monaco
c:\program files\Java\jre6\lib\zi\Europe\Moscow
c:\program files\Java\jre6\lib\zi\Europe\Oslo
c:\program files\Java\jre6\lib\zi\Europe\Paris
c:\program files\Java\jre6\lib\zi\Europe\Prague
c:\program files\Java\jre6\lib\zi\Europe\Riga
c:\program files\Java\jre6\lib\zi\Europe\Rome
c:\program files\Java\jre6\lib\zi\Europe\Samara
c:\program files\Java\jre6\lib\zi\Europe\Simferopol
c:\program files\Java\jre6\lib\zi\Europe\Sofia
c:\program files\Java\jre6\lib\zi\Europe\Stockholm
c:\program files\Java\jre6\lib\zi\Europe\Tallinn
c:\program files\Java\jre6\lib\zi\Europe\Tirane
c:\program files\Java\jre6\lib\zi\Europe\Uzhgorod
c:\program files\Java\jre6\lib\zi\Europe\Vaduz
c:\program files\Java\jre6\lib\zi\Europe\Vienna
c:\program files\Java\jre6\lib\zi\Europe\Vilnius
c:\program files\Java\jre6\lib\zi\Europe\Volgograd
c:\program files\Java\jre6\lib\zi\Europe\Warsaw
c:\program files\Java\jre6\lib\zi\Europe\Zaporozhye
c:\program files\Java\jre6\lib\zi\Europe\Zurich
c:\program files\Java\jre6\lib\zi\GMT
c:\program files\Java\jre6\lib\zi\HST
c:\program files\Java\jre6\lib\zi\Indian\Antananarivo
c:\program files\Java\jre6\lib\zi\Indian\Chagos
c:\program files\Java\jre6\lib\zi\Indian\Christmas
c:\program files\Java\jre6\lib\zi\Indian\Cocos
c:\program files\Java\jre6\lib\zi\Indian\Comoro
c:\program files\Java\jre6\lib\zi\Indian\Kerguelen
c:\program files\Java\jre6\lib\zi\Indian\Mahe
c:\program files\Java\jre6\lib\zi\Indian\Maldives
c:\program files\Java\jre6\lib\zi\Indian\Mauritius
c:\program files\Java\jre6\lib\zi\Indian\Mayotte
c:\program files\Java\jre6\lib\zi\Indian\Reunion
c:\program files\Java\jre6\lib\zi\MET
c:\program files\Java\jre6\lib\zi\MST
c:\program files\Java\jre6\lib\zi\MST7MDT
c:\program files\Java\jre6\lib\zi\Pacific\Apia
c:\program files\Java\jre6\lib\zi\Pacific\Auckland
c:\program files\Java\jre6\lib\zi\Pacific\Chatham
c:\program files\Java\jre6\lib\zi\Pacific\Easter
c:\program files\Java\jre6\lib\zi\Pacific\Efate
c:\program files\Java\jre6\lib\zi\Pacific\Enderbury
c:\program files\Java\jre6\lib\zi\Pacific\Fakaofo
c:\program files\Java\jre6\lib\zi\Pacific\Fiji
c:\program files\Java\jre6\lib\zi\Pacific\Funafuti
c:\program files\Java\jre6\lib\zi\Pacific\Galapagos
c:\program files\Java\jre6\lib\zi\Pacific\Gambier
c:\program files\Java\jre6\lib\zi\Pacific\Guadalcanal
c:\program files\Java\jre6\lib\zi\Pacific\Guam
c:\program files\Java\jre6\lib\zi\Pacific\Honolulu
c:\program files\Java\jre6\lib\zi\Pacific\Johnston
c:\program files\Java\jre6\lib\zi\Pacific\Kiritimati
c:\program files\Java\jre6\lib\zi\Pacific\Kosrae
c:\program files\Java\jre6\lib\zi\Pacific\Kwajalein
c:\program files\Java\jre6\lib\zi\Pacific\Majuro
c:\program files\Java\jre6\lib\zi\Pacific\Marquesas
c:\program files\Java\jre6\lib\zi\Pacific\Midway
c:\program files\Java\jre6\lib\zi\Pacific\Nauru
c:\program files\Java\jre6\lib\zi\Pacific\Niue
c:\program files\Java\jre6\lib\zi\Pacific\Norfolk
c:\program files\Java\jre6\lib\zi\Pacific\Noumea
c:\program files\Java\jre6\lib\zi\Pacific\Pago_Pago
c:\program files\Java\jre6\lib\zi\Pacific\Palau
c:\program files\Java\jre6\lib\zi\Pacific\Pitcairn
c:\program files\Java\jre6\lib\zi\Pacific\Ponape
c:\program files\Java\jre6\lib\zi\Pacific\Port_Moresby
c:\program files\Java\jre6\lib\zi\Pacific\Rarotonga
c:\program files\Java\jre6\lib\zi\Pacific\Saipan
c:\program files\Java\jre6\lib\zi\Pacific\Tahiti
c:\program files\Java\jre6\lib\zi\Pacific\Tarawa
c:\program files\Java\jre6\lib\zi\Pacific\Tongatapu
c:\program files\Java\jre6\lib\zi\Pacific\Truk
c:\program files\Java\jre6\lib\zi\Pacific\Wake
c:\program files\Java\jre6\lib\zi\Pacific\Wallis
c:\program files\Java\jre6\lib\zi\PST8PDT
c:\program files\Java\jre6\lib\zi\SystemV\AST4
c:\program files\Java\jre6\lib\zi\SystemV\AST4ADT
c:\program files\Java\jre6\lib\zi\SystemV\CST6
c:\program files\Java\jre6\lib\zi\SystemV\CST6CDT
c:\program files\Java\jre6\lib\zi\SystemV\EST5
c:\program files\Java\jre6\lib\zi\SystemV\EST5EDT
c:\program files\Java\jre6\lib\zi\SystemV\HST10
c:\program files\Java\jre6\lib\zi\SystemV\MST7
c:\program files\Java\jre6\lib\zi\SystemV\MST7MDT
c:\program files\Java\jre6\lib\zi\SystemV\PST8
c:\program files\Java\jre6\lib\zi\SystemV\PST8PDT
c:\program files\Java\jre6\lib\zi\SystemV\YST9
c:\program files\Java\jre6\lib\zi\SystemV\YST9YDT
c:\program files\Java\jre6\lib\zi\WET
c:\program files\Java\jre6\lib\zi\ZoneInfoMappings
c:\program files\Java\jre6\LICENSE
c:\program files\Java\jre6\README.txt
c:\program files\Java\jre6\THIRDPARTYLICENSEREADME.txt
c:\program files\Java\jre6\Welcome.html
c:\windows\help\wmplayer.bak
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINDEFEND
-------\Service_MpKsl08115bda
-------\Service_mrtRate
-------\Service_WinDefend
.
.
((((((((((((((((((((((((( Files Created from 2012-12-19 to 2013-01-19 )))))))))))))))))))))))))))))))
.
.
2013-01-19 16:32 . 2013-01-19 16:32 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\VS Revo Group
2013-01-19 16:31 . 2009-12-30 17:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-01-19 16:31 . 2013-01-19 16:31 -------- d-----w- c:\program files\VS Revo Group
2013-01-19 04:05 . 2013-01-19 04:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-19 04:05 . 2012-12-14 22:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-19 01:09 . 2013-01-19 01:09 -------- d-----w- C:\_OTL
2013-01-16 02:33 . 2013-01-19 03:57 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-15 01:26 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-15 01:26 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-15 01:25 . 2012-10-30 23:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-01-15 01:25 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-15 01:25 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-15 01:25 . 2012-10-30 23:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2013-01-15 01:25 . 2012-10-30 23:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2013-01-15 01:25 . 2012-10-30 23:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2013-01-15 01:23 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-15 01:23 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-15 01:21 . 2013-01-15 01:21 -------- d-----w- c:\program files\AVAST Software
2013-01-15 01:21 . 2013-01-15 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2013-01-14 20:12 . 2013-01-14 20:12 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2007-10-13 12:05 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2004-05-12 06:16 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2007-05-15 20:43 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2002-12-12 14:14 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2007-10-13 12:07 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2007-10-13 12:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 12:17 . 2004-01-22 06:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 00:35 . 2007-10-13 22:07 385024 ----a-w- c:\windows\system32\html.iec
2013-01-19 14:51 . 2013-01-19 14:51 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 188416]
"Windstream_BCUC_McciTrayApp"="c:\program files\Windstream_BCUC\McciTrayApp.exe" [2010-05-01 1742336]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-04-27 02:21 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-05-03 20:23 2533888 ----a-w- c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-11-07 20:16 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
2004-01-09 08:34 32768 ----a-w- c:\program files\HP\Digital Imaging\bin\BackupNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-02-13 23:09 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-08-20 21:51 118784 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 22:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 03:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2003-08-21 10:15 483328 ----a-w- c:\windows\system32\hphmon05.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2003-08-21 10:23 49152 ----a-w- c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 22:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-08-20 21:55 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 19:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-06-14 16:26 233472 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-05-03 18:21 67584 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LeapFTP\\LeapFTP.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\activePDF\\PrimoPDF\\PrimoPDF.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/14/2013 7:25 PM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/14/2013 7:26 PM 361032]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [12/23/2009 5:21 PM 30656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/14/2013 7:26 PM 21256]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [1/19/2013 10:31 AM 27064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-14 20:20 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-19 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-01-15 23:50]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-14 20:11]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-14 20:11]
.
2013-01-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5qu4u2c8.default\
FF - prefs.js: browser.startup.homepage - www.startpage.com
FF - prefs.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s=
FF - ExtSQL: 2013-01-14 19:27;
[email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2009-08-14 02:23; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2013-01-19 15:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@DACL=(02 0000)
@="Internet Explorer User Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@DACL=(02 0000)
@="Internet Explorer Machine Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1288)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\AGRSMMSG.exe
c:\windows\Logi_MwX.Exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-01-19 15:20:53 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-19 21:20
ComboFix2.txt 2013-01-19 19:34
ComboFix3.txt 2013-01-19 02:24
.
Pre-Run: 81,083,183,104 bytes free
Post-Run: 80,937,603,072 bytes free
.
- - End Of File - - 287C00490BD5C8F238BEA8B02FE2C0D2