Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Extensive use of Facebook and viewing other sites slows computer to st


  • Please log in to reply

#16
goodseed

goodseed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Uninstalled:

Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Adobe Reader 9.4.1
Eusing Free Registry Cleaner
getPlus®_ocx
DNA
SUPERAntiSpyware

Unable to uninstall:
Java™ 6 Update 11 "The feature you are trying to use is on a network resource that is unavailable."
Java 2 Runtime Environment, SE v1.4.2_03 did not uninstall because I thought it might affect Java 6 Update 11's uninstall

Adobe Reader 8.1.2 1316A network error C:\WINDOWS\Installer\AcroRead.msi "Fatal error during installation"


Other problems:

Avast keeps trying to update with each reboot but unsuccessfully

I often have a popping sound like something is loading or closing but don't see anything happening


A Found New Hardware Wizard popped up wanting to help install unknown software. I don't have any new hardware.


I don't understand the following instructions:

"Open IE then click on the gear then Click the Safety button, point to SmartScreen Filter, and then click Turn Off SmartScreen Filter. In the Microsoft? SmartScreen Filter dialog box, click OK."
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Ignore the part about IE. You don't need that. I should have deleted it from the text before posting.

Get the free Revo uninstaller and see if it can help you with the java and reader uninstall.

http://www.revounins...e_download.html

Right click on My computer and select Manage then Device Manager. Do you see any in the right pane with red or yellow marks? View, show hidden devices then look again.

Right click on the Avast ball. Select update, Engine and Virus Definitions. Does it update OK?

If not:

Start, Run, cmd, OK then type:

nslookup  avast.com

Does it say:


Non-authoritative answer:
Name: avast.com
Addresses: 74.86.245.122
74.86.245.123
75.126.120.200
75.126.120.205
46.4.58.71
46.4.62.150
46.4.62.212
46.4.66.67
46.4.66.143
46.4.67.14
74.86.245.121

Now type:

ping avast.com

Does it says something like this:

Pinging avast.com [74.86.245.122] with 32 bytes of data:
Reply from 74.86.245.122: bytes=32 time=63ms TTL=56
Reply from 74.86.245.122: bytes=32 time=62ms TTL=56
Reply from 74.86.245.122: bytes=32 time=63ms TTL=56
Reply from 74.86.245.122: bytes=32 time=62ms TTL=56

Ping statistics for 74.86.245.122:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 62ms, Maximum = 63ms, Average = 62ms
  • 0

#18
goodseed

goodseed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Device Manager

Non-plug and player devices:
mrtRate
Rate

both have what looks like a yellow exclamation point

Other Devices
Unknown device

both have a large yellow question mark
  • 0

#19
goodseed

goodseed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Avast says it cannot connect to server
  • 0

#20
goodseed

goodseed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Revo Uninstaller could not uninstall adobe or java update 11 either. I still have not tried to uninstall java2 runtime environment.
  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Did you try the nslookup and ping commands?

Go ahead and see if you can uninstall Java 2 Runtime Environment, SE v1.4.2_03

mrtRate is an old Quicken driver. If you don't use Quicken then go back into Device Manager and right click on it and Delete.

Not sure what Rate is but do the same thing to it.

Now right click on Unknown Device and select Properties. In the Properties window click on Details tab and select Device Instance Id from the drop down.

Write down the number and tell me what it is.

Java files are usually stored under C:\Program Files\Java so try deleting the Java folder. While in Program Files, Look for Adobe and see if you can see an entry for the Reader version that won't uninstall. Delete it.

Now run Combofix again as before and post the log.
  • 0

#22
goodseed

goodseed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Ping:

46.4.62.212 32 bytes tine 152ns TTL45
packets: 4 received 4 sent o lost


Unknown Device:

ROOT\LEGACY_SASKUTL\0000

Uninstalled:

mrtRate
Serial


Java folder would not delete because of jqs.exe.

Java2 Runtime Environment uninstalled

Adobe Reader 8 folder deleted

Now going to run Combofix
  • 0

#23
goodseed

goodseed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
ComboFix 13-01-17.04 - Owner 01/19/2013 13:21:49.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.336 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-19 to 2013-01-19 )))))))))))))))))))))))))))))))
.
.
2013-01-19 16:32 . 2013-01-19 16:32 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\VS Revo Group
2013-01-19 16:32 . 2013-01-19 16:32 -------- d-----w- c:\windows\LastGood
2013-01-19 16:31 . 2009-12-30 17:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-01-19 16:31 . 2013-01-19 16:31 -------- d-----w- c:\program files\VS Revo Group
2013-01-19 04:05 . 2013-01-19 04:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-19 04:05 . 2012-12-14 22:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-19 01:09 . 2013-01-19 01:09 -------- d-----w- C:\_OTL
2013-01-16 02:33 . 2013-01-19 03:57 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-15 01:26 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-15 01:26 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-15 01:25 . 2012-10-30 23:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-01-15 01:25 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-15 01:25 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-15 01:25 . 2012-10-30 23:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2013-01-15 01:25 . 2012-10-30 23:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2013-01-15 01:25 . 2012-10-30 23:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2013-01-15 01:23 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-15 01:23 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-15 01:21 . 2013-01-15 01:21 -------- d-----w- c:\program files\AVAST Software
2013-01-15 01:21 . 2013-01-15 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2013-01-14 20:12 . 2013-01-14 20:12 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2007-10-13 12:05 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2004-05-12 06:16 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2007-05-15 20:43 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2002-12-12 14:14 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2007-10-13 12:07 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2007-10-13 12:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 12:17 . 2004-01-22 06:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 00:35 . 2007-10-13 22:07 385024 ----a-w- c:\windows\system32\html.iec
2013-01-19 14:51 . 2013-01-19 14:51 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 188416]
"Windstream_BCUC_McciTrayApp"="c:\program files\Windstream_BCUC\McciTrayApp.exe" [2010-05-01 1742336]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-04-27 02:21 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-05-03 20:23 2533888 ----a-w- c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-11-07 20:16 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
2004-01-09 08:34 32768 ----a-w- c:\program files\HP\Digital Imaging\bin\BackupNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-02-13 23:09 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-08-20 21:51 118784 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 22:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 03:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2003-08-21 10:15 483328 ----a-w- c:\windows\system32\hphmon05.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2003-08-21 10:23 49152 ----a-w- c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 22:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-08-20 21:55 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 19:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-06-14 16:26 233472 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-05-03 18:21 67584 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LeapFTP\\LeapFTP.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\activePDF\\PrimoPDF\\PrimoPDF.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/14/2013 7:25 PM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/14/2013 7:26 PM 361032]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [12/23/2009 5:21 PM 30656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/14/2013 7:26 PM 21256]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S1 MpKsl08115bda;MpKsl08115bda;\??\c:\windows\system32\MpEngineStore\MpKsl08115bda.sys --> c:\windows\system32\MpEngineStore\MpKsl08115bda.sys [?]
S2 mrtRate;mrtRate; [x]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [1/19/2013 10:31 AM 27064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-14 20:20 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-19 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-01-15 23:50]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-14 20:11]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-14 20:11]
.
2013-01-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5qu4u2c8.default\
FF - prefs.js: browser.startup.homepage - www.startpage.com
FF - prefs.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s=
FF - ExtSQL: 2013-01-14 19:27; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2009-08-14 02:23; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-19 13:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@DACL=(02 0000)
@="Internet Explorer User Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@DACL=(02 0000)
@="Internet Explorer Machine Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3280)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-01-19 13:34:31
ComboFix-quarantined-files.txt 2013-01-19 19:34
ComboFix2.txt 2013-01-19 02:24
.
Pre-Run: 81,086,070,784 bytes free
Post-Run: 81,076,563,968 bytes free
.
- - End Of File - - 7F0FA7BE676FFF86F9F87F2116EC8A9C
  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\MpEngineStore\MpKsl08115bda.sys
c:\windows\Tasks\MP Scheduled Scan.job

Driver::
MpKsl08115bda
mrtRate
WinDefend

Folder::
c:\program files\Java


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Ron
  • 0

#25
goodseed

goodseed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
ComboFix 13-01-17.04 - Owner 01/19/2013 15:02:24.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.182 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\system32\MpEngineStore\MpKsl08115bda.sys"
"c:\windows\Tasks\MP Scheduled Scan.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\dmlconf.dat
c:\program files\Java
c:\program files\Java\j2re1.4.2_03\bin\jDRM0300.dll
c:\program files\Java\j2re1.4.2_03\lib\applet\WMPNS.jar
c:\program files\Java\j2re1.4.2_03\lib\ext\DRM0300Java.jar
c:\program files\Java\jre1.6.0_07\lib\ext\QTJava.zip
c:\program files\Java\jre6\bin\awt.dll
c:\program files\Java\jre6\bin\axbridge.dll
c:\program files\Java\jre6\bin\client\classes.jsa
c:\program files\Java\jre6\bin\client\jvm.dll
c:\program files\Java\jre6\bin\client\Xusage.txt
c:\program files\Java\jre6\bin\cmm.dll
c:\program files\Java\jre6\bin\dcpr.dll
c:\program files\Java\jre6\bin\deploy.dll
c:\program files\Java\jre6\bin\deploytk.dll
c:\program files\Java\jre6\bin\dt_shmem.dll
c:\program files\Java\jre6\bin\dt_socket.dll
c:\program files\Java\jre6\bin\fontmanager.dll
c:\program files\Java\jre6\bin\hpi.dll
c:\program files\Java\jre6\bin\hprof.dll
c:\program files\Java\jre6\bin\instrument.dll
c:\program files\Java\jre6\bin\ioser12.dll
c:\program files\Java\jre6\bin\j2pcsc.dll
c:\program files\Java\jre6\bin\j2pkcs11.dll
c:\program files\Java\jre6\bin\jaas_nt.dll
c:\program files\Java\jre6\bin\java-rmi.exe
c:\program files\Java\jre6\bin\java.dll
c:\program files\Java\jre6\bin\java.exe
c:\program files\Java\jre6\bin\java_crw_demo.dll
c:\program files\Java\jre6\bin\javacpl.cpl
c:\program files\Java\jre6\bin\javacpl.exe
c:\program files\Java\jre6\bin\javaw.exe
c:\program files\Java\jre6\bin\javaws.exe
c:\program files\Java\jre6\bin\jawt.dll
c:\program files\Java\jre6\bin\jbroker.exe
c:\program files\Java\jre6\bin\JdbcOdbc.dll
c:\program files\Java\jre6\bin\jdwp.dll
c:\program files\Java\jre6\bin\jkernel.dll
c:\program files\Java\jre6\bin\jli.dll
c:\program files\Java\jre6\bin\jp2iexp.dll
c:\program files\Java\jre6\bin\jp2launcher.exe
c:\program files\Java\jre6\bin\jp2native.dll
c:\program files\Java\jre6\bin\jp2ssv.dll
c:\program files\Java\jre6\bin\jpeg.dll
c:\program files\Java\jre6\bin\jpicom.dll
c:\program files\Java\jre6\bin\jpiexp.dll
c:\program files\Java\jre6\bin\jpinscp.dll
c:\program files\Java\jre6\bin\jpioji.dll
c:\program files\Java\jre6\bin\jpishare.dll
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Java\jre6\bin\jqsnotify.exe
c:\program files\Java\jre6\bin\jsound.dll
c:\program files\Java\jre6\bin\jsoundds.dll
c:\program files\Java\jre6\bin\jucheck.exe
c:\program files\Java\jre6\bin\jureg.exe
c:\program files\Java\jre6\bin\jusched.exe
c:\program files\Java\jre6\bin\keytool.exe
c:\program files\Java\jre6\bin\kinit.exe
c:\program files\Java\jre6\bin\klist.exe
c:\program files\Java\jre6\bin\ktab.exe
c:\program files\Java\jre6\bin\management.dll
c:\program files\Java\jre6\bin\mlib_image.dll
c:\program files\Java\jre6\bin\msvcr71.dll
c:\program files\Java\jre6\bin\msvcrt.dll
c:\program files\Java\jre6\bin\net.dll
c:\program files\Java\jre6\bin\new_plugin\msvcr71.dll
c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
c:\program files\Java\jre6\bin\nio.dll
c:\program files\Java\jre6\bin\npdeploytk.dll
c:\program files\Java\jre6\bin\npjpi160_11.dll
c:\program files\Java\jre6\bin\npoji610.dll
c:\program files\Java\jre6\bin\npt.dll
c:\program files\Java\jre6\bin\orbd.exe
c:\program files\Java\jre6\bin\pack200.exe
c:\program files\Java\jre6\bin\policytool.exe
c:\program files\Java\jre6\bin\regutils.dll
c:\program files\Java\jre6\bin\rmi.dll
c:\program files\Java\jre6\bin\rmid.exe
c:\program files\Java\jre6\bin\rmiregistry.exe
c:\program files\Java\jre6\bin\servertool.exe
c:\program files\Java\jre6\bin\splashscreen.dll
c:\program files\Java\jre6\bin\ssvagent.exe
c:\program files\Java\jre6\bin\sunmscapi.dll
c:\program files\Java\jre6\bin\tnameserv.exe
c:\program files\Java\jre6\bin\unicows.dll
c:\program files\Java\jre6\bin\unpack.dll
c:\program files\Java\jre6\bin\unpack200.exe
c:\program files\Java\jre6\bin\verify.dll
c:\program files\Java\jre6\bin\w2k_lsa_auth.dll
c:\program files\Java\jre6\bin\wsdetect.dll
c:\program files\Java\jre6\bin\zip.dll
c:\program files\Java\jre6\COPYRIGHT
c:\program files\Java\jre6\lib\applet\WMPNS.jar
c:\program files\Java\jre6\lib\calendars.properties
c:\program files\Java\jre6\lib\classlist
c:\program files\Java\jre6\lib\cmm\CIEXYZ.pf
c:\program files\Java\jre6\lib\cmm\GRAY.pf
c:\program files\Java\jre6\lib\cmm\LINEAR_RGB.pf
c:\program files\Java\jre6\lib\cmm\sRGB.pf
c:\program files\Java\jre6\lib\content-types.properties
c:\program files\Java\jre6\lib\deploy.jar
c:\program files\Java\jre6\lib\deploy\ffjcext.zip
c:\program files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest
c:\program files\Java\jre6\lib\deploy\jqs\ff\chrome\content\overlay.js
c:\program files\Java\jre6\lib\deploy\jqs\ff\chrome\content\overlay.xul
c:\program files\Java\jre6\lib\deploy\jqs\ff\install.rdf
c:\program files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf
c:\program files\Java\jre6\lib\deploy\jqs\jqsmessages.properties
c:\program files\Java\jre6\lib\deploy\lzma.dll
c:\program files\Java\jre6\lib\deploy\messages.properties
c:\program files\Java\jre6\lib\deploy\messages_de.properties
c:\program files\Java\jre6\lib\deploy\messages_es.properties
c:\program files\Java\jre6\lib\deploy\messages_fr.properties
c:\program files\Java\jre6\lib\deploy\messages_it.properties
c:\program files\Java\jre6\lib\deploy\messages_ja.properties
c:\program files\Java\jre6\lib\deploy\messages_ko.properties
c:\program files\Java\jre6\lib\deploy\messages_sv.properties
c:\program files\Java\jre6\lib\deploy\messages_zh_CN.properties
c:\program files\Java\jre6\lib\deploy\messages_zh_HK.properties
c:\program files\Java\jre6\lib\deploy\messages_zh_TW.properties
c:\program files\Java\jre6\lib\deploy\splash.gif
c:\program files\Java\jre6\lib\ext\dnsns.jar
c:\program files\Java\jre6\lib\ext\meta-index
c:\program files\Java\jre6\lib\ext\sunjce_provider.jar
c:\program files\Java\jre6\lib\ext\sunmscapi.jar
c:\program files\Java\jre6\lib\ext\sunpkcs11.jar
c:\program files\Java\jre6\lib\flavormap.properties
c:\program files\Java\jre6\lib\fontconfig.98.bfc
c:\program files\Java\jre6\lib\fontconfig.98.properties.src
c:\program files\Java\jre6\lib\fontconfig.bfc
c:\program files\Java\jre6\lib\fontconfig.properties.src
c:\program files\Java\jre6\lib\fonts\LucidaSansRegular.ttf
c:\program files\Java\jre6\lib\i386\jvm.cfg
c:\program files\Java\jre6\lib\im\indicim.jar
c:\program files\Java\jre6\lib\im\thaiim.jar
c:\program files\Java\jre6\lib\images\cursors\cursors.properties
c:\program files\Java\jre6\lib\images\cursors\invalid32x32.gif
c:\program files\Java\jre6\lib\images\cursors\win32_CopyDrop32x32.gif
c:\program files\Java\jre6\lib\images\cursors\win32_CopyNoDrop32x32.gif
c:\program files\Java\jre6\lib\images\cursors\win32_LinkDrop32x32.gif
c:\program files\Java\jre6\lib\images\cursors\win32_LinkNoDrop32x32.gif
c:\program files\Java\jre6\lib\images\cursors\win32_MoveDrop32x32.gif
c:\program files\Java\jre6\lib\images\cursors\win32_MoveNoDrop32x32.gif
c:\program files\Java\jre6\lib\javaws.jar
c:\program files\Java\jre6\lib\jce.jar
c:\program files\Java\jre6\lib\jsse.jar
c:\program files\Java\jre6\lib\jvm.hprof.txt
c:\program files\Java\jre6\lib\logging.properties
c:\program files\Java\jre6\lib\management-agent.jar
c:\program files\Java\jre6\lib\management\jmxremote.access
c:\program files\Java\jre6\lib\management\jmxremote.password.template
c:\program files\Java\jre6\lib\management\management.properties
c:\program files\Java\jre6\lib\management\snmp.acl.template
c:\program files\Java\jre6\lib\meta-index
c:\program files\Java\jre6\lib\net.properties
c:\program files\Java\jre6\lib\plugin.jar
c:\program files\Java\jre6\lib\psfont.properties.ja
c:\program files\Java\jre6\lib\psfontj2d.properties
c:\program files\Java\jre6\lib\resources.jar
c:\program files\Java\jre6\lib\rt.jar
c:\program files\Java\jre6\lib\security\cacerts
c:\program files\Java\jre6\lib\security\java.policy
c:\program files\Java\jre6\lib\security\java.security
c:\program files\Java\jre6\lib\security\javaws.policy
c:\program files\Java\jre6\lib\security\local_policy.jar
c:\program files\Java\jre6\lib\security\US_export_policy.jar
c:\program files\Java\jre6\lib\servicetag\jdk_header.png
c:\program files\Java\jre6\lib\sound.properties
c:\program files\Java\jre6\lib\tzmappings
c:\program files\Java\jre6\lib\zi\Africa\Abidjan
c:\program files\Java\jre6\lib\zi\Africa\Accra
c:\program files\Java\jre6\lib\zi\Africa\Addis_Ababa
c:\program files\Java\jre6\lib\zi\Africa\Algiers
c:\program files\Java\jre6\lib\zi\Africa\Asmara
c:\program files\Java\jre6\lib\zi\Africa\Bamako
c:\program files\Java\jre6\lib\zi\Africa\Bangui
c:\program files\Java\jre6\lib\zi\Africa\Banjul
c:\program files\Java\jre6\lib\zi\Africa\Bissau
c:\program files\Java\jre6\lib\zi\Africa\Blantyre
c:\program files\Java\jre6\lib\zi\Africa\Brazzaville
c:\program files\Java\jre6\lib\zi\Africa\Bujumbura
c:\program files\Java\jre6\lib\zi\Africa\Cairo
c:\program files\Java\jre6\lib\zi\Africa\Casablanca
c:\program files\Java\jre6\lib\zi\Africa\Ceuta
c:\program files\Java\jre6\lib\zi\Africa\Conakry
c:\program files\Java\jre6\lib\zi\Africa\Dakar
c:\program files\Java\jre6\lib\zi\Africa\Dar_es_Salaam
c:\program files\Java\jre6\lib\zi\Africa\Djibouti
c:\program files\Java\jre6\lib\zi\Africa\Douala
c:\program files\Java\jre6\lib\zi\Africa\El_Aaiun
c:\program files\Java\jre6\lib\zi\Africa\Freetown
c:\program files\Java\jre6\lib\zi\Africa\Gaborone
c:\program files\Java\jre6\lib\zi\Africa\Harare
c:\program files\Java\jre6\lib\zi\Africa\Johannesburg
c:\program files\Java\jre6\lib\zi\Africa\Kampala
c:\program files\Java\jre6\lib\zi\Africa\Khartoum
c:\program files\Java\jre6\lib\zi\Africa\Kigali
c:\program files\Java\jre6\lib\zi\Africa\Kinshasa
c:\program files\Java\jre6\lib\zi\Africa\Lagos
c:\program files\Java\jre6\lib\zi\Africa\Libreville
c:\program files\Java\jre6\lib\zi\Africa\Lome
c:\program files\Java\jre6\lib\zi\Africa\Luanda
c:\program files\Java\jre6\lib\zi\Africa\Lubumbashi
c:\program files\Java\jre6\lib\zi\Africa\Lusaka
c:\program files\Java\jre6\lib\zi\Africa\Malabo
c:\program files\Java\jre6\lib\zi\Africa\Maputo
c:\program files\Java\jre6\lib\zi\Africa\Maseru
c:\program files\Java\jre6\lib\zi\Africa\Mbabane
c:\program files\Java\jre6\lib\zi\Africa\Mogadishu
c:\program files\Java\jre6\lib\zi\Africa\Monrovia
c:\program files\Java\jre6\lib\zi\Africa\Nairobi
c:\program files\Java\jre6\lib\zi\Africa\Ndjamena
c:\program files\Java\jre6\lib\zi\Africa\Niamey
c:\program files\Java\jre6\lib\zi\Africa\Nouakchott
c:\program files\Java\jre6\lib\zi\Africa\Ouagadougou
c:\program files\Java\jre6\lib\zi\Africa\Porto-Novo
c:\program files\Java\jre6\lib\zi\Africa\Sao_Tome
c:\program files\Java\jre6\lib\zi\Africa\Tripoli
c:\program files\Java\jre6\lib\zi\Africa\Tunis
c:\program files\Java\jre6\lib\zi\Africa\Windhoek
c:\program files\Java\jre6\lib\zi\America\Adak
c:\program files\Java\jre6\lib\zi\America\Anchorage
c:\program files\Java\jre6\lib\zi\America\Anguilla
c:\program files\Java\jre6\lib\zi\America\Antigua
c:\program files\Java\jre6\lib\zi\America\Araguaina
c:\program files\Java\jre6\lib\zi\America\Argentina\Buenos_Aires
c:\program files\Java\jre6\lib\zi\America\Argentina\Catamarca
c:\program files\Java\jre6\lib\zi\America\Argentina\Cordoba
c:\program files\Java\jre6\lib\zi\America\Argentina\Jujuy
c:\program files\Java\jre6\lib\zi\America\Argentina\La_Rioja
c:\program files\Java\jre6\lib\zi\America\Argentina\Mendoza
c:\program files\Java\jre6\lib\zi\America\Argentina\Rio_Gallegos
c:\program files\Java\jre6\lib\zi\America\Argentina\Salta
c:\program files\Java\jre6\lib\zi\America\Argentina\San_Juan
c:\program files\Java\jre6\lib\zi\America\Argentina\San_Luis
c:\program files\Java\jre6\lib\zi\America\Argentina\Tucuman
c:\program files\Java\jre6\lib\zi\America\Argentina\Ushuaia
c:\program files\Java\jre6\lib\zi\America\Aruba
c:\program files\Java\jre6\lib\zi\America\Asuncion
c:\program files\Java\jre6\lib\zi\America\Atikokan
c:\program files\Java\jre6\lib\zi\America\Bahia
c:\program files\Java\jre6\lib\zi\America\Barbados
c:\program files\Java\jre6\lib\zi\America\Belem
c:\program files\Java\jre6\lib\zi\America\Belize
c:\program files\Java\jre6\lib\zi\America\Blanc-Sablon
c:\program files\Java\jre6\lib\zi\America\Boa_Vista
c:\program files\Java\jre6\lib\zi\America\Bogota
c:\program files\Java\jre6\lib\zi\America\Boise
c:\program files\Java\jre6\lib\zi\America\Cambridge_Bay
c:\program files\Java\jre6\lib\zi\America\Campo_Grande
c:\program files\Java\jre6\lib\zi\America\Cancun
c:\program files\Java\jre6\lib\zi\America\Caracas
c:\program files\Java\jre6\lib\zi\America\Cayenne
c:\program files\Java\jre6\lib\zi\America\Cayman
c:\program files\Java\jre6\lib\zi\America\Chicago
c:\program files\Java\jre6\lib\zi\America\Chihuahua
c:\program files\Java\jre6\lib\zi\America\Costa_Rica
c:\program files\Java\jre6\lib\zi\America\Cuiaba
c:\program files\Java\jre6\lib\zi\America\Curacao
c:\program files\Java\jre6\lib\zi\America\Danmarkshavn
c:\program files\Java\jre6\lib\zi\America\Dawson
c:\program files\Java\jre6\lib\zi\America\Dawson_Creek
c:\program files\Java\jre6\lib\zi\America\Denver
c:\program files\Java\jre6\lib\zi\America\Detroit
c:\program files\Java\jre6\lib\zi\America\Dominica
c:\program files\Java\jre6\lib\zi\America\Edmonton
c:\program files\Java\jre6\lib\zi\America\Eirunepe
c:\program files\Java\jre6\lib\zi\America\El_Salvador
c:\program files\Java\jre6\lib\zi\America\Fortaleza
c:\program files\Java\jre6\lib\zi\America\Glace_Bay
c:\program files\Java\jre6\lib\zi\America\Godthab
c:\program files\Java\jre6\lib\zi\America\Goose_Bay
c:\program files\Java\jre6\lib\zi\America\Grand_Turk
c:\program files\Java\jre6\lib\zi\America\Grenada
c:\program files\Java\jre6\lib\zi\America\Guadeloupe
c:\program files\Java\jre6\lib\zi\America\Guatemala
c:\program files\Java\jre6\lib\zi\America\Guayaquil
c:\program files\Java\jre6\lib\zi\America\Guyana
c:\program files\Java\jre6\lib\zi\America\Halifax
c:\program files\Java\jre6\lib\zi\America\Havana
c:\program files\Java\jre6\lib\zi\America\Hermosillo
c:\program files\Java\jre6\lib\zi\America\Indiana\Indianapolis
c:\program files\Java\jre6\lib\zi\America\Indiana\Knox
c:\program files\Java\jre6\lib\zi\America\Indiana\Marengo
c:\program files\Java\jre6\lib\zi\America\Indiana\Petersburg
c:\program files\Java\jre6\lib\zi\America\Indiana\Tell_City
c:\program files\Java\jre6\lib\zi\America\Indiana\Vevay
c:\program files\Java\jre6\lib\zi\America\Indiana\Vincennes
c:\program files\Java\jre6\lib\zi\America\Indiana\Winamac
c:\program files\Java\jre6\lib\zi\America\Inuvik
c:\program files\Java\jre6\lib\zi\America\Iqaluit
c:\program files\Java\jre6\lib\zi\America\Jamaica
c:\program files\Java\jre6\lib\zi\America\Juneau
c:\program files\Java\jre6\lib\zi\America\Kentucky\Louisville
c:\program files\Java\jre6\lib\zi\America\Kentucky\Monticello
c:\program files\Java\jre6\lib\zi\America\La_Paz
c:\program files\Java\jre6\lib\zi\America\Lima
c:\program files\Java\jre6\lib\zi\America\Los_Angeles
c:\program files\Java\jre6\lib\zi\America\Maceio
c:\program files\Java\jre6\lib\zi\America\Managua
c:\program files\Java\jre6\lib\zi\America\Manaus
c:\program files\Java\jre6\lib\zi\America\Martinique
c:\program files\Java\jre6\lib\zi\America\Mazatlan
c:\program files\Java\jre6\lib\zi\America\Menominee
c:\program files\Java\jre6\lib\zi\America\Merida
c:\program files\Java\jre6\lib\zi\America\Mexico_City
c:\program files\Java\jre6\lib\zi\America\Miquelon
c:\program files\Java\jre6\lib\zi\America\Moncton
c:\program files\Java\jre6\lib\zi\America\Monterrey
c:\program files\Java\jre6\lib\zi\America\Montevideo
c:\program files\Java\jre6\lib\zi\America\Montreal
c:\program files\Java\jre6\lib\zi\America\Montserrat
c:\program files\Java\jre6\lib\zi\America\Nassau
c:\program files\Java\jre6\lib\zi\America\New_York
c:\program files\Java\jre6\lib\zi\America\Nipigon
c:\program files\Java\jre6\lib\zi\America\Nome
c:\program files\Java\jre6\lib\zi\America\Noronha
c:\program files\Java\jre6\lib\zi\America\North_Dakota\Center
c:\program files\Java\jre6\lib\zi\America\North_Dakota\New_Salem
c:\program files\Java\jre6\lib\zi\America\Panama
c:\program files\Java\jre6\lib\zi\America\Pangnirtung
c:\program files\Java\jre6\lib\zi\America\Paramaribo
c:\program files\Java\jre6\lib\zi\America\Phoenix
c:\program files\Java\jre6\lib\zi\America\Port-au-Prince
c:\program files\Java\jre6\lib\zi\America\Port_of_Spain
c:\program files\Java\jre6\lib\zi\America\Porto_Velho
c:\program files\Java\jre6\lib\zi\America\Puerto_Rico
c:\program files\Java\jre6\lib\zi\America\Rainy_River
c:\program files\Java\jre6\lib\zi\America\Rankin_Inlet
c:\program files\Java\jre6\lib\zi\America\Recife
c:\program files\Java\jre6\lib\zi\America\Regina
c:\program files\Java\jre6\lib\zi\America\Resolute
c:\program files\Java\jre6\lib\zi\America\Rio_Branco
c:\program files\Java\jre6\lib\zi\America\Santarem
c:\program files\Java\jre6\lib\zi\America\Santiago
c:\program files\Java\jre6\lib\zi\America\Santo_Domingo
c:\program files\Java\jre6\lib\zi\America\Sao_Paulo
c:\program files\Java\jre6\lib\zi\America\Scoresbysund
c:\program files\Java\jre6\lib\zi\America\St_Johns
c:\program files\Java\jre6\lib\zi\America\St_Kitts
c:\program files\Java\jre6\lib\zi\America\St_Lucia
c:\program files\Java\jre6\lib\zi\America\St_Thomas
c:\program files\Java\jre6\lib\zi\America\St_Vincent
c:\program files\Java\jre6\lib\zi\America\Swift_Current
c:\program files\Java\jre6\lib\zi\America\Tegucigalpa
c:\program files\Java\jre6\lib\zi\America\Thule
c:\program files\Java\jre6\lib\zi\America\Thunder_Bay
c:\program files\Java\jre6\lib\zi\America\Tijuana
c:\program files\Java\jre6\lib\zi\America\Toronto
c:\program files\Java\jre6\lib\zi\America\Tortola
c:\program files\Java\jre6\lib\zi\America\Vancouver
c:\program files\Java\jre6\lib\zi\America\Whitehorse
c:\program files\Java\jre6\lib\zi\America\Winnipeg
c:\program files\Java\jre6\lib\zi\America\Yakutat
c:\program files\Java\jre6\lib\zi\America\Yellowknife
c:\program files\Java\jre6\lib\zi\Antarctica\Casey
c:\program files\Java\jre6\lib\zi\Antarctica\Davis
c:\program files\Java\jre6\lib\zi\Antarctica\DumontDUrville
c:\program files\Java\jre6\lib\zi\Antarctica\Mawson
c:\program files\Java\jre6\lib\zi\Antarctica\McMurdo
c:\program files\Java\jre6\lib\zi\Antarctica\Palmer
c:\program files\Java\jre6\lib\zi\Antarctica\Rothera
c:\program files\Java\jre6\lib\zi\Antarctica\Syowa
c:\program files\Java\jre6\lib\zi\Antarctica\Vostok
c:\program files\Java\jre6\lib\zi\Asia\Aden
c:\program files\Java\jre6\lib\zi\Asia\Almaty
c:\program files\Java\jre6\lib\zi\Asia\Amman
c:\program files\Java\jre6\lib\zi\Asia\Anadyr
c:\program files\Java\jre6\lib\zi\Asia\Aqtau
c:\program files\Java\jre6\lib\zi\Asia\Aqtobe
c:\program files\Java\jre6\lib\zi\Asia\Ashgabat
c:\program files\Java\jre6\lib\zi\Asia\Baghdad
c:\program files\Java\jre6\lib\zi\Asia\Bahrain
c:\program files\Java\jre6\lib\zi\Asia\Baku
c:\program files\Java\jre6\lib\zi\Asia\Bangkok
c:\program files\Java\jre6\lib\zi\Asia\Beirut
c:\program files\Java\jre6\lib\zi\Asia\Bishkek
c:\program files\Java\jre6\lib\zi\Asia\Brunei
c:\program files\Java\jre6\lib\zi\Asia\Choibalsan
c:\program files\Java\jre6\lib\zi\Asia\Chongqing
c:\program files\Java\jre6\lib\zi\Asia\Colombo
c:\program files\Java\jre6\lib\zi\Asia\Damascus
c:\program files\Java\jre6\lib\zi\Asia\Dhaka
c:\program files\Java\jre6\lib\zi\Asia\Dili
c:\program files\Java\jre6\lib\zi\Asia\Dubai
c:\program files\Java\jre6\lib\zi\Asia\Dushanbe
c:\program files\Java\jre6\lib\zi\Asia\Gaza
c:\program files\Java\jre6\lib\zi\Asia\Harbin
c:\program files\Java\jre6\lib\zi\Asia\Ho_Chi_Minh
c:\program files\Java\jre6\lib\zi\Asia\Hong_Kong
c:\program files\Java\jre6\lib\zi\Asia\Hovd
c:\program files\Java\jre6\lib\zi\Asia\Irkutsk
c:\program files\Java\jre6\lib\zi\Asia\Jakarta
c:\program files\Java\jre6\lib\zi\Asia\Jayapura
c:\program files\Java\jre6\lib\zi\Asia\Jerusalem
c:\program files\Java\jre6\lib\zi\Asia\Kabul
c:\program files\Java\jre6\lib\zi\Asia\Kamchatka
c:\program files\Java\jre6\lib\zi\Asia\Karachi
c:\program files\Java\jre6\lib\zi\Asia\Kashgar
c:\program files\Java\jre6\lib\zi\Asia\Katmandu
c:\program files\Java\jre6\lib\zi\Asia\Kolkata
c:\program files\Java\jre6\lib\zi\Asia\Krasnoyarsk
c:\program files\Java\jre6\lib\zi\Asia\Kuala_Lumpur
c:\program files\Java\jre6\lib\zi\Asia\Kuching
c:\program files\Java\jre6\lib\zi\Asia\Kuwait
c:\program files\Java\jre6\lib\zi\Asia\Macau
c:\program files\Java\jre6\lib\zi\Asia\Magadan
c:\program files\Java\jre6\lib\zi\Asia\Makassar
c:\program files\Java\jre6\lib\zi\Asia\Manila
c:\program files\Java\jre6\lib\zi\Asia\Muscat
c:\program files\Java\jre6\lib\zi\Asia\Nicosia
c:\program files\Java\jre6\lib\zi\Asia\Novosibirsk
c:\program files\Java\jre6\lib\zi\Asia\Omsk
c:\program files\Java\jre6\lib\zi\Asia\Oral
c:\program files\Java\jre6\lib\zi\Asia\Phnom_Penh
c:\program files\Java\jre6\lib\zi\Asia\Pontianak
c:\program files\Java\jre6\lib\zi\Asia\Pyongyang
c:\program files\Java\jre6\lib\zi\Asia\Qatar
c:\program files\Java\jre6\lib\zi\Asia\Qyzylorda
c:\program files\Java\jre6\lib\zi\Asia\Rangoon
c:\program files\Java\jre6\lib\zi\Asia\Riyadh
c:\program files\Java\jre6\lib\zi\Asia\Riyadh87
c:\program files\Java\jre6\lib\zi\Asia\Riyadh88
c:\program files\Java\jre6\lib\zi\Asia\Riyadh89
c:\program files\Java\jre6\lib\zi\Asia\Sakhalin
c:\program files\Java\jre6\lib\zi\Asia\Samarkand
c:\program files\Java\jre6\lib\zi\Asia\Seoul
c:\program files\Java\jre6\lib\zi\Asia\Shanghai
c:\program files\Java\jre6\lib\zi\Asia\Singapore
c:\program files\Java\jre6\lib\zi\Asia\Taipei
c:\program files\Java\jre6\lib\zi\Asia\Tashkent
c:\program files\Java\jre6\lib\zi\Asia\Tbilisi
c:\program files\Java\jre6\lib\zi\Asia\Tehran
c:\program files\Java\jre6\lib\zi\Asia\Thimphu
c:\program files\Java\jre6\lib\zi\Asia\Tokyo
c:\program files\Java\jre6\lib\zi\Asia\Ulaanbaatar
c:\program files\Java\jre6\lib\zi\Asia\Urumqi
c:\program files\Java\jre6\lib\zi\Asia\Vientiane
c:\program files\Java\jre6\lib\zi\Asia\Vladivostok
c:\program files\Java\jre6\lib\zi\Asia\Yakutsk
c:\program files\Java\jre6\lib\zi\Asia\Yekaterinburg
c:\program files\Java\jre6\lib\zi\Asia\Yerevan
c:\program files\Java\jre6\lib\zi\Atlantic\Azores
c:\program files\Java\jre6\lib\zi\Atlantic\Bermuda
c:\program files\Java\jre6\lib\zi\Atlantic\Canary
c:\program files\Java\jre6\lib\zi\Atlantic\Cape_Verde
c:\program files\Java\jre6\lib\zi\Atlantic\Faroe
c:\program files\Java\jre6\lib\zi\Atlantic\Madeira
c:\program files\Java\jre6\lib\zi\Atlantic\Reykjavik
c:\program files\Java\jre6\lib\zi\Atlantic\South_Georgia
c:\program files\Java\jre6\lib\zi\Atlantic\St_Helena
c:\program files\Java\jre6\lib\zi\Atlantic\Stanley
c:\program files\Java\jre6\lib\zi\Australia\Adelaide
c:\program files\Java\jre6\lib\zi\Australia\Brisbane
c:\program files\Java\jre6\lib\zi\Australia\Broken_Hill
c:\program files\Java\jre6\lib\zi\Australia\Currie
c:\program files\Java\jre6\lib\zi\Australia\Darwin
c:\program files\Java\jre6\lib\zi\Australia\Eucla
c:\program files\Java\jre6\lib\zi\Australia\Hobart
c:\program files\Java\jre6\lib\zi\Australia\Lindeman
c:\program files\Java\jre6\lib\zi\Australia\Lord_Howe
c:\program files\Java\jre6\lib\zi\Australia\Melbourne
c:\program files\Java\jre6\lib\zi\Australia\Perth
c:\program files\Java\jre6\lib\zi\Australia\Sydney
c:\program files\Java\jre6\lib\zi\CET
c:\program files\Java\jre6\lib\zi\CST6CDT
c:\program files\Java\jre6\lib\zi\EET
c:\program files\Java\jre6\lib\zi\EST
c:\program files\Java\jre6\lib\zi\EST5EDT
c:\program files\Java\jre6\lib\zi\Etc\GMT-1
c:\program files\Java\jre6\lib\zi\Etc\GMT-10
c:\program files\Java\jre6\lib\zi\Etc\GMT-11
c:\program files\Java\jre6\lib\zi\Etc\GMT-12
c:\program files\Java\jre6\lib\zi\Etc\GMT-13
c:\program files\Java\jre6\lib\zi\Etc\GMT-14
c:\program files\Java\jre6\lib\zi\Etc\GMT-2
c:\program files\Java\jre6\lib\zi\Etc\GMT-3
c:\program files\Java\jre6\lib\zi\Etc\GMT-4
c:\program files\Java\jre6\lib\zi\Etc\GMT-5
c:\program files\Java\jre6\lib\zi\Etc\GMT-6
c:\program files\Java\jre6\lib\zi\Etc\GMT-7
c:\program files\Java\jre6\lib\zi\Etc\GMT-8
c:\program files\Java\jre6\lib\zi\Etc\GMT-9
c:\program files\Java\jre6\lib\zi\Etc\GMT
c:\program files\Java\jre6\lib\zi\Etc\GMT+1
c:\program files\Java\jre6\lib\zi\Etc\GMT+10
c:\program files\Java\jre6\lib\zi\Etc\GMT+11
c:\program files\Java\jre6\lib\zi\Etc\GMT+12
c:\program files\Java\jre6\lib\zi\Etc\GMT+2
c:\program files\Java\jre6\lib\zi\Etc\GMT+3
c:\program files\Java\jre6\lib\zi\Etc\GMT+4
c:\program files\Java\jre6\lib\zi\Etc\GMT+5
c:\program files\Java\jre6\lib\zi\Etc\GMT+6
c:\program files\Java\jre6\lib\zi\Etc\GMT+7
c:\program files\Java\jre6\lib\zi\Etc\GMT+8
c:\program files\Java\jre6\lib\zi\Etc\GMT+9
c:\program files\Java\jre6\lib\zi\Etc\UCT
c:\program files\Java\jre6\lib\zi\Etc\UTC
c:\program files\Java\jre6\lib\zi\Europe\Amsterdam
c:\program files\Java\jre6\lib\zi\Europe\Andorra
c:\program files\Java\jre6\lib\zi\Europe\Athens
c:\program files\Java\jre6\lib\zi\Europe\Belgrade
c:\program files\Java\jre6\lib\zi\Europe\Berlin
c:\program files\Java\jre6\lib\zi\Europe\Brussels
c:\program files\Java\jre6\lib\zi\Europe\Bucharest
c:\program files\Java\jre6\lib\zi\Europe\Budapest
c:\program files\Java\jre6\lib\zi\Europe\Chisinau
c:\program files\Java\jre6\lib\zi\Europe\Copenhagen
c:\program files\Java\jre6\lib\zi\Europe\Dublin
c:\program files\Java\jre6\lib\zi\Europe\Gibraltar
c:\program files\Java\jre6\lib\zi\Europe\Helsinki
c:\program files\Java\jre6\lib\zi\Europe\Istanbul
c:\program files\Java\jre6\lib\zi\Europe\Kaliningrad
c:\program files\Java\jre6\lib\zi\Europe\Kiev
c:\program files\Java\jre6\lib\zi\Europe\Lisbon
c:\program files\Java\jre6\lib\zi\Europe\London
c:\program files\Java\jre6\lib\zi\Europe\Luxembourg
c:\program files\Java\jre6\lib\zi\Europe\Madrid
c:\program files\Java\jre6\lib\zi\Europe\Malta
c:\program files\Java\jre6\lib\zi\Europe\Minsk
c:\program files\Java\jre6\lib\zi\Europe\Monaco
c:\program files\Java\jre6\lib\zi\Europe\Moscow
c:\program files\Java\jre6\lib\zi\Europe\Oslo
c:\program files\Java\jre6\lib\zi\Europe\Paris
c:\program files\Java\jre6\lib\zi\Europe\Prague
c:\program files\Java\jre6\lib\zi\Europe\Riga
c:\program files\Java\jre6\lib\zi\Europe\Rome
c:\program files\Java\jre6\lib\zi\Europe\Samara
c:\program files\Java\jre6\lib\zi\Europe\Simferopol
c:\program files\Java\jre6\lib\zi\Europe\Sofia
c:\program files\Java\jre6\lib\zi\Europe\Stockholm
c:\program files\Java\jre6\lib\zi\Europe\Tallinn
c:\program files\Java\jre6\lib\zi\Europe\Tirane
c:\program files\Java\jre6\lib\zi\Europe\Uzhgorod
c:\program files\Java\jre6\lib\zi\Europe\Vaduz
c:\program files\Java\jre6\lib\zi\Europe\Vienna
c:\program files\Java\jre6\lib\zi\Europe\Vilnius
c:\program files\Java\jre6\lib\zi\Europe\Volgograd
c:\program files\Java\jre6\lib\zi\Europe\Warsaw
c:\program files\Java\jre6\lib\zi\Europe\Zaporozhye
c:\program files\Java\jre6\lib\zi\Europe\Zurich
c:\program files\Java\jre6\lib\zi\GMT
c:\program files\Java\jre6\lib\zi\HST
c:\program files\Java\jre6\lib\zi\Indian\Antananarivo
c:\program files\Java\jre6\lib\zi\Indian\Chagos
c:\program files\Java\jre6\lib\zi\Indian\Christmas
c:\program files\Java\jre6\lib\zi\Indian\Cocos
c:\program files\Java\jre6\lib\zi\Indian\Comoro
c:\program files\Java\jre6\lib\zi\Indian\Kerguelen
c:\program files\Java\jre6\lib\zi\Indian\Mahe
c:\program files\Java\jre6\lib\zi\Indian\Maldives
c:\program files\Java\jre6\lib\zi\Indian\Mauritius
c:\program files\Java\jre6\lib\zi\Indian\Mayotte
c:\program files\Java\jre6\lib\zi\Indian\Reunion
c:\program files\Java\jre6\lib\zi\MET
c:\program files\Java\jre6\lib\zi\MST
c:\program files\Java\jre6\lib\zi\MST7MDT
c:\program files\Java\jre6\lib\zi\Pacific\Apia
c:\program files\Java\jre6\lib\zi\Pacific\Auckland
c:\program files\Java\jre6\lib\zi\Pacific\Chatham
c:\program files\Java\jre6\lib\zi\Pacific\Easter
c:\program files\Java\jre6\lib\zi\Pacific\Efate
c:\program files\Java\jre6\lib\zi\Pacific\Enderbury
c:\program files\Java\jre6\lib\zi\Pacific\Fakaofo
c:\program files\Java\jre6\lib\zi\Pacific\Fiji
c:\program files\Java\jre6\lib\zi\Pacific\Funafuti
c:\program files\Java\jre6\lib\zi\Pacific\Galapagos
c:\program files\Java\jre6\lib\zi\Pacific\Gambier
c:\program files\Java\jre6\lib\zi\Pacific\Guadalcanal
c:\program files\Java\jre6\lib\zi\Pacific\Guam
c:\program files\Java\jre6\lib\zi\Pacific\Honolulu
c:\program files\Java\jre6\lib\zi\Pacific\Johnston
c:\program files\Java\jre6\lib\zi\Pacific\Kiritimati
c:\program files\Java\jre6\lib\zi\Pacific\Kosrae
c:\program files\Java\jre6\lib\zi\Pacific\Kwajalein
c:\program files\Java\jre6\lib\zi\Pacific\Majuro
c:\program files\Java\jre6\lib\zi\Pacific\Marquesas
c:\program files\Java\jre6\lib\zi\Pacific\Midway
c:\program files\Java\jre6\lib\zi\Pacific\Nauru
c:\program files\Java\jre6\lib\zi\Pacific\Niue
c:\program files\Java\jre6\lib\zi\Pacific\Norfolk
c:\program files\Java\jre6\lib\zi\Pacific\Noumea
c:\program files\Java\jre6\lib\zi\Pacific\Pago_Pago
c:\program files\Java\jre6\lib\zi\Pacific\Palau
c:\program files\Java\jre6\lib\zi\Pacific\Pitcairn
c:\program files\Java\jre6\lib\zi\Pacific\Ponape
c:\program files\Java\jre6\lib\zi\Pacific\Port_Moresby
c:\program files\Java\jre6\lib\zi\Pacific\Rarotonga
c:\program files\Java\jre6\lib\zi\Pacific\Saipan
c:\program files\Java\jre6\lib\zi\Pacific\Tahiti
c:\program files\Java\jre6\lib\zi\Pacific\Tarawa
c:\program files\Java\jre6\lib\zi\Pacific\Tongatapu
c:\program files\Java\jre6\lib\zi\Pacific\Truk
c:\program files\Java\jre6\lib\zi\Pacific\Wake
c:\program files\Java\jre6\lib\zi\Pacific\Wallis
c:\program files\Java\jre6\lib\zi\PST8PDT
c:\program files\Java\jre6\lib\zi\SystemV\AST4
c:\program files\Java\jre6\lib\zi\SystemV\AST4ADT
c:\program files\Java\jre6\lib\zi\SystemV\CST6
c:\program files\Java\jre6\lib\zi\SystemV\CST6CDT
c:\program files\Java\jre6\lib\zi\SystemV\EST5
c:\program files\Java\jre6\lib\zi\SystemV\EST5EDT
c:\program files\Java\jre6\lib\zi\SystemV\HST10
c:\program files\Java\jre6\lib\zi\SystemV\MST7
c:\program files\Java\jre6\lib\zi\SystemV\MST7MDT
c:\program files\Java\jre6\lib\zi\SystemV\PST8
c:\program files\Java\jre6\lib\zi\SystemV\PST8PDT
c:\program files\Java\jre6\lib\zi\SystemV\YST9
c:\program files\Java\jre6\lib\zi\SystemV\YST9YDT
c:\program files\Java\jre6\lib\zi\WET
c:\program files\Java\jre6\lib\zi\ZoneInfoMappings
c:\program files\Java\jre6\LICENSE
c:\program files\Java\jre6\README.txt
c:\program files\Java\jre6\THIRDPARTYLICENSEREADME.txt
c:\program files\Java\jre6\Welcome.html
c:\windows\help\wmplayer.bak
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINDEFEND
-------\Service_MpKsl08115bda
-------\Service_mrtRate
-------\Service_WinDefend
.
.
((((((((((((((((((((((((( Files Created from 2012-12-19 to 2013-01-19 )))))))))))))))))))))))))))))))
.
.
2013-01-19 16:32 . 2013-01-19 16:32 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\VS Revo Group
2013-01-19 16:31 . 2009-12-30 17:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-01-19 16:31 . 2013-01-19 16:31 -------- d-----w- c:\program files\VS Revo Group
2013-01-19 04:05 . 2013-01-19 04:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-19 04:05 . 2012-12-14 22:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-19 01:09 . 2013-01-19 01:09 -------- d-----w- C:\_OTL
2013-01-16 02:33 . 2013-01-19 03:57 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-15 01:26 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-15 01:26 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-15 01:25 . 2012-10-30 23:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-01-15 01:25 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-15 01:25 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-15 01:25 . 2012-10-30 23:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2013-01-15 01:25 . 2012-10-30 23:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2013-01-15 01:25 . 2012-10-30 23:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2013-01-15 01:23 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-15 01:23 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-15 01:21 . 2013-01-15 01:21 -------- d-----w- c:\program files\AVAST Software
2013-01-15 01:21 . 2013-01-15 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2013-01-14 20:12 . 2013-01-14 20:12 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2007-10-13 12:05 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2004-05-12 06:16 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2007-05-15 20:43 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2002-12-12 14:14 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2007-10-13 12:07 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2007-10-13 12:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 12:17 . 2004-01-22 06:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 00:35 . 2007-10-13 22:07 385024 ----a-w- c:\windows\system32\html.iec
2013-01-19 14:51 . 2013-01-19 14:51 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 188416]
"Windstream_BCUC_McciTrayApp"="c:\program files\Windstream_BCUC\McciTrayApp.exe" [2010-05-01 1742336]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-04-27 02:21 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-05-03 20:23 2533888 ----a-w- c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-11-07 20:16 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
2004-01-09 08:34 32768 ----a-w- c:\program files\HP\Digital Imaging\bin\BackupNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-02-13 23:09 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-08-20 21:51 118784 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 22:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 03:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2003-08-21 10:15 483328 ----a-w- c:\windows\system32\hphmon05.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2003-08-21 10:23 49152 ----a-w- c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 22:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-08-20 21:55 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 19:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-06-14 16:26 233472 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-05-03 18:21 67584 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LeapFTP\\LeapFTP.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\activePDF\\PrimoPDF\\PrimoPDF.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/14/2013 7:25 PM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/14/2013 7:26 PM 361032]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [12/23/2009 5:21 PM 30656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/14/2013 7:26 PM 21256]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [1/19/2013 10:31 AM 27064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-14 20:20 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-19 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-01-15 23:50]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-14 20:11]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-14 20:11]
.
2013-01-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5qu4u2c8.default\
FF - prefs.js: browser.startup.homepage - www.startpage.com
FF - prefs.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s=
FF - ExtSQL: 2013-01-14 19:27; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2009-08-14 02:23; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-19 15:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@DACL=(02 0000)
@="Internet Explorer User Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@DACL=(02 0000)
@="Internet Explorer Machine Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1288)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\AGRSMMSG.exe
c:\windows\Logi_MwX.Exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-01-19 15:20:53 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-19 21:20
ComboFix2.txt 2013-01-19 19:34
ComboFix3.txt 2013-01-19 02:24
.
Pre-Run: 81,083,183,104 bytes free
Post-Run: 80,937,603,072 bytes free
.
- - End Of File - - 287C00490BD5C8F238BEA8B02FE2C0D2
  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Click on the Download button where it says:
Update avast! VPS
avast! 5 & 6 & 7 series VPS update

on http://www.avast.com/download-update

Save it and then Run it. Once it installs, click on the Avast ball and tell me what the first Current Version: says.
  • 0

#27
goodseed

goodseed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Database updated form 121217-00 to 130119-01

Virus definitions version 130119-01
Program version 7.0.147-4
  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
That's one newer than mine so I guess it worked OK. Does it still fail to connect for updates? Is there a firewall involved anywhere that might object to Avast trying to call home?
  • 0

#29
goodseed

goodseed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
As far as I know the only firewall I have is the Windows firewall which is currently off.

I checked Avast updates and it still cannot connect to server.

Why do you think the hardware wizard loads on reboot for an Unknown hardware? The last reboot it only blinked on for a split second.
  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
The unknown device was a leftover from SAS. Not sure what it is doing now. Check the Device Manager and see if there are any yellow marks left.

I would turn on Windows Firewall or install the free Online Armor: http://www.online-armor.com/

Let's try Farber again:


Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP