That ran okay. It took awhile and I thought that it was stuck a couple of times. But after patiently waiting it finished. Here is the contents of the Log File.
ComboFix 10-01-13.07 - Power User 01/13/2010 21:06:20.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.567 [GMT -5:00]
Running from: c:\documents and settings\Power User\Desktop\ComboFix.exe
AV: ZoneAlarm Extreme Security Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Extreme Security Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Power User\Application Data\EurekaLog
c:\documents and settings\Power User\Application Data\EurekaLog\EurekaLog.ini
c:\program files\pdfforge Toolbar\SeARchsettings.dll
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\system32\Data
c:\windows\system32\Data\CT0060W.DAT
c:\windows\system32\Data\ctd20x.dat
c:\windows\system32\Data\CTEAPSW.DAT
c:\windows\system32\Data\CTEDSP2W.DAT
c:\windows\system32\Data\CTEDSPHW.DAT
c:\windows\system32\Data\CTEDSPKW.DAT
c:\windows\system32\Data\CTEDSPLW.DAT
c:\windows\system32\Data\CTEDSPPW.DAT
c:\windows\system32\Data\CTEDSPTW.DAT
c:\windows\system32\Data\CTEDSPUW.DAT
c:\windows\system32\Data\CTEDSPW.DAT
c:\windows\system32\Data\CTP0060W.DAT
c:\windows\system32\Data\CTP0061W.DAT
c:\windows\system32\Data\CTP0070W.DAT
c:\windows\system32\Data\CTP0073W.DAT
c:\windows\system32\Data\CTP0090W.DAT
c:\windows\system32\Data\CTP0091W.DAT
c:\windows\system32\Data\CTP0092W.DAT
c:\windows\system32\Data\CTP0095W.DAT
c:\windows\system32\Data\CTP0100W.DAT
c:\windows\system32\Data\CTP0101W.DAT
c:\windows\system32\Data\CTP0102W.DAT
c:\windows\system32\Data\CTP0103W.DAT
c:\windows\system32\Data\CTP0105W.DAT
c:\windows\system32\Data\CTP0150W.DAT
c:\windows\system32\Data\CTP0161W.DAT
c:\windows\system32\Data\CTP0162W.DAT
c:\windows\system32\Data\CTP0170W.DAT
c:\windows\system32\Data\CTP017AW.DAT
c:\windows\system32\Data\CTP017BW.DAT
c:\windows\system32\Data\CTP017CW.DAT
c:\windows\system32\Data\CTP017DW.DAT
c:\windows\system32\Data\CTP017EW.DAT
c:\windows\system32\Data\CTP017FW.DAT
c:\windows\system32\Data\CTP017GW.DAT
c:\windows\system32\Data\CTP017HW.DAT
c:\windows\system32\Data\CTP0191W.DAT
c:\windows\system32\Data\CTP0192W.DAT
c:\windows\system32\Data\CTP0221W.DAT
c:\windows\system32\Data\CTP0222W.DAT
c:\windows\system32\Data\CTP0230W.DAT
c:\windows\system32\Data\CTP0231W.DAT
c:\windows\system32\Data\CTP0232W.DAT
c:\windows\system32\Data\CTP0238W.DAT
c:\windows\system32\Data\CTP0240W.DAT
c:\windows\system32\Data\CTP0242W.DAT
c:\windows\system32\Data\CTP0243W.DAT
c:\windows\system32\Data\CTP0244W.DAT
c:\windows\system32\Data\CTP0245W.DAT
c:\windows\system32\Data\CTP0246W.DAT
c:\windows\system32\Data\CTP0249W.DAT
c:\windows\system32\Data\CTP0280W.DAT
c:\windows\system32\Data\CTP0320W.DAT
c:\windows\system32\Data\CTP0350W.DAT
c:\windows\system32\Data\CTP0352W.DAT
c:\windows\system32\Data\CTP0355W.DAT
c:\windows\system32\Data\CTP0358W.DAT
c:\windows\system32\Data\CTP0359W.DAT
c:\windows\system32\Data\CTP0360W.DAT
c:\windows\system32\Data\CTP0380W.DAT
c:\windows\system32\Data\CTP0400W.DAT
c:\windows\system32\Data\CTP0460W.DAT
c:\windows\system32\Data\CTP0462W.DAT
c:\windows\system32\Data\CTP0463W.DAT
c:\windows\system32\Data\CTP0464W.DAT
c:\windows\system32\Data\CTP0465W.DAT
c:\windows\system32\Data\CTP0466W.DAT
c:\windows\system32\Data\CTP0468W.DAT
c:\windows\system32\Data\CTP0469W.DAT
c:\windows\system32\Data\CTP046AW.DAT
c:\windows\system32\Data\CTP046BW.DAT
c:\windows\system32\Data\CTP046CW.DAT
c:\windows\system32\Data\CTP0530L.DAT
c:\windows\system32\Data\CTP0530W.DAT
c:\windows\system32\Data\CTP0531L.DAT
c:\windows\system32\Data\CTP0531W.DAT
c:\windows\system32\Data\CTP0550W.DAT
c:\windows\system32\Data\CTP055AW.DAT
c:\windows\system32\Data\CTP0600W.DAT
c:\windows\system32\Data\CTP0610W.DAT
c:\windows\system32\Data\CTP0669W.DAT
c:\windows\system32\Data\CTP0678W.DAT
c:\windows\system32\Data\CTP0679W.DAT
c:\windows\system32\Data\CTP0730W.DAT
c:\windows\system32\Data\CTP073AW.DAT
c:\windows\system32\Data\CTP0760W.DAT
c:\windows\system32\Data\CTP0773W.DAT
c:\windows\system32\Data\CTP0930W.DAT
c:\windows\system32\Data\CTP1140W.DAT
c:\windows\system32\Data\CTP4620W.DAT
c:\windows\system32\Data\CTP4670W.DAT
c:\windows\system32\Data\CTP4760W.DAT
c:\windows\system32\Data\CTP4780W.DAT
c:\windows\system32\Data\CTP4790W.DAT
c:\windows\system32\Data\CTP4820W.DAT
c:\windows\system32\Data\CTP4830W.DAT
c:\windows\system32\Data\CTP4831W.DAT
c:\windows\system32\Data\CTP4832W.DAT
c:\windows\system32\Data\CTP4840W.DAT
c:\windows\system32\Data\CTP4850W.DAT
c:\windows\system32\Data\CTP4870W.DAT
c:\windows\system32\Data\CTP4871W.DAT
c:\windows\system32\Data\CTP4872W.DAT
c:\windows\system32\Data\CTP4875W.DAT
c:\windows\system32\Data\CTP4890W.DAT
c:\windows\system32\Data\CTP4891W.DAT
c:\windows\system32\Data\CTP4893W.DAT
c:\windows\system32\Data\CTPDXW.DAT
c:\windows\system32\Data\CTPM002W.DAT
c:\windows\system32\Data\cts20x.dat
c:\windows\system32\Data\CTXFICBM.RFX
c:\windows\system32\Data\CTXFICM.RFX
c:\windows\system32\Data\CTXFIEM.RFX
c:\windows\system32\Data\CTXFIGM.RFX
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\Ijl11.dll
----- BITS: Possible infected sites -----
hxxp://download.iolo.net.
((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.
2010-01-13 23:38 . 2010-01-13 23:38 -------- d-----w- C:\New Folder
2010-01-13 16:49 . 2010-01-13 17:41 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~1
2010-01-10 00:29 . 2010-01-10 00:29 -------- d-----w- c:\windows\system32\store
2010-01-09 23:41 . 2010-01-13 16:46 -------- d-----w- c:\documents and settings\Power User\Application Data\HPAppData
2010-01-05 16:54 . 2010-01-05 16:54 -------- d-----w- c:\documents and settings\Power User\Local Settings\Application Data\HP
2010-01-05 16:16 . 2010-01-05 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-01-05 15:36 . 2010-01-05 16:51 77377 ----a-w- c:\windows\hpqins05.dat
2010-01-05 15:11 . 2010-01-05 16:56 -------- d-----w- c:\documents and settings\Power User\Application Data\HpUpdate
2010-01-05 15:10 . 2010-01-05 15:10 -------- d-----w- c:\windows\Hewlett-Packard
2010-01-05 15:09 . 2010-01-05 15:09 -------- d-----w- c:\documents and settings\Power User\Application Data\HP
2010-01-04 14:09 . 2010-01-05 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-01-04 14:03 . 2008-10-30 07:23 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-01-04 14:03 . 2008-10-30 07:23 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-01-04 14:02 . 2008-10-30 07:23 271704 ----a-r- c:\windows\system32\hpzids01.dll
2010-01-04 14:02 . 2008-10-28 17:49 321536 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp696.dll
2010-01-04 14:02 . 2008-10-28 17:49 118272 ----a-w- c:\windows\system32\hpz3l696.dll
2010-01-04 14:01 . 2008-10-30 07:23 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-01-04 14:01 . 2008-10-30 07:23 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2010-01-04 14:01 . 2008-10-30 07:23 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-01-04 13:42 . 2010-01-04 14:24 150160 ----a-w- c:\windows\hphins28.dat
2010-01-04 13:42 . 2009-01-04 21:30 939 ------w- c:\windows\hphmdl28.dat
2010-01-02 01:12 . 2006-03-10 05:00 3584 ----a-w- c:\windows\system32\eswiaml.dll
2009-12-31 13:29 . 2010-01-13 04:43 -------- d-----w- c:\windows\system32\oodag
2009-12-31 03:55 . 2009-12-31 03:55 -------- d-----w- c:\program files\OO Software
2009-12-31 03:08 . 2010-01-03 03:41 -------- d-----w- c:\program files\SpywareBlaster
2009-12-28 12:52 . 2009-12-28 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-28 12:52 . 2009-12-28 12:52 152576 ----a-w- c:\documents and settings\Power User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-28 06:04 . 2010-01-05 17:05 -------- d-----w- c:\documents and settings\Power User\Application Data\Printer Info Cache
2009-12-28 06:04 . 2010-01-05 17:14 -------- d-----w- c:\program files\Common Files\HP
2009-12-23 22:56 . 2010-01-05 17:05 -------- d-----w- c:\documents and settings\Power User\Application Data\Image Zone Express
2009-12-23 17:43 . 2001-08-18 03:36 176640 ----a-w- c:\windows\system32\LXSYSUI.DLL
2009-12-23 17:26 . 2001-08-17 18:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-12-23 17:26 . 2001-08-17 18:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-12-23 07:57 . 2009-12-28 06:02 -------- d-----w- c:\program files\JDownloader
2009-12-23 06:24 . 2009-12-23 06:24 -------- d-----w- c:\program files\Intel
2009-12-23 06:19 . 2009-12-23 06:19 -------- d-----w- C:\swsetup
2009-12-23 05:05 . 2009-12-23 05:05 70702750 ----a-w- c:\documents and settings\Power User\Application Data\Uniblue\DriverScanner\Download\pci_ven_10de_dev_03226_14_11_7540.exe
2009-12-23 04:57 . 2009-12-23 04:57 2816336 ----a-w- c:\documents and settings\Power User\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_25323_20_1001.exe
2009-12-23 04:57 . 2009-12-23 04:57 4058282 ----a-w- c:\documents and settings\Power User\Application Data\Uniblue\DriverScanner\Download\hid_vid_046d_pid_c00c9_80.exe
2009-12-23 04:50 . 2009-07-06 03:23 2653048 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
2009-12-23 04:50 . 2009-12-23 04:50 -------- d-----w- c:\program files\Uniblue
2009-12-23 04:38 . 2009-12-28 06:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 02:15 . 2009-07-20 14:57 -------- d-----w- c:\program files\pdfforge Toolbar
2010-01-14 01:55 . 2009-08-03 14:23 144 ----a-w- c:\windows\system32\pdfl.dat
2010-01-14 01:52 . 2009-01-01 00:09 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-14 01:50 . 2009-05-31 02:15 -------- d-----w- c:\program files\hp deskjet 930c series
2010-01-14 01:49 . 2010-01-14 01:50 119296 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-01-14 01:40 . 2009-01-11 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2010-01-13 21:57 . 2009-11-04 13:59 -------- d-----w- c:\program files\Mozilla Firefox 3.6 Beta 1
2010-01-13 17:40 . 2010-01-13 17:41 2491392 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-01-13 17:40 . 2010-01-13 17:41 785408 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-01-13 17:37 . 2009-03-31 03:46 -------- d-----w- c:\program files\Lavasoft
2010-01-13 17:12 . 2010-01-13 17:13 2490880 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-01-13 16:48 . 2009-03-31 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-13 16:40 . 2009-09-23 20:17 -------- d-----w- c:\program files\Minilyrics
2010-01-13 16:20 . 2009-05-02 04:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-13 16:08 . 2009-01-20 04:30 -------- d-----w- c:\program files\Everything
2010-01-12 04:41 . 2009-11-04 21:07 -------- d-----w- c:\documents and settings\Power User\Application Data\#ISW.FS#
2010-01-12 03:58 . 2009-01-05 07:15 -------- d-----w- c:\documents and settings\Power User\Application Data\GoodSync
2010-01-09 04:43 . 2009-06-08 15:08 -------- d-----w- c:\program files\MozyHome
2010-01-05 17:14 . 2009-07-21 18:42 -------- d-----w- c:\program files\HP
2010-01-05 17:13 . 2009-01-04 04:46 70984 ----a-w- c:\documents and settings\Power User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-04 03:37 . 2009-01-01 19:41 -------- d-----w- c:\program files\Siber Systems
2010-01-03 13:32 . 2009-01-11 19:42 1537 ----a-w- c:\documents and settings\Power User\Application Data\iolo\restore.bat
2010-01-02 01:38 . 2009-11-04 21:06 -------- d-----w- c:\documents and settings\Power User\Application Data\MailFrontier
2009-12-28 13:16 . 2009-01-02 02:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-28 06:06 . 2009-03-31 03:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2009-12-28 05:55 . 2009-01-07 00:35 -------- d-----w- c:\program files\Google
2009-12-28 05:15 . 2009-04-09 19:54 -------- d-----w- c:\program files\MediaMonkey
2009-12-23 06:56 . 2009-01-19 22:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-23 06:51 . 2009-01-20 01:31 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-12-23 06:20 . 2009-01-09 21:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-23 04:55 . 2009-04-22 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-12-15 05:21 . 2009-12-15 05:21 1831800 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-12 06:06 . 2009-12-06 00:24 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-11 14:03 . 2009-01-11 19:00 -------- d-----w- c:\documents and settings\Power User\Application Data\iolo
2009-12-01 04:18 . 2009-12-01 04:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-12-01 04:18 . 2009-12-01 04:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-12-01 04:13 . 2009-12-01 04:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2009-12-01 04:02 . 2009-12-01 03:27 -------- d-----w- c:\program files\Zune
2009-12-01 04:00 . 2009-12-01 04:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf
2009-12-01 04:00 . 2009-12-01 04:00 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-11-23 22:16 . 2009-01-19 22:38 -------- d-----w- c:\program files\DAP
2009-11-23 22:15 . 2009-01-19 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-11-23 21:38 . 2009-11-23 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2009-11-22 00:49 . 2009-11-22 00:49 -------- d-----w- c:\program files\Xmarks
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 21:40 . 2009-01-28 17:57 -------- d-----w- c:\program files\GenSmarts
2009-11-16 00:17 . 2009-01-29 00:00 -------- d-----w- c:\documents and settings\Power User\Application Data\The Master Genealogist v7
2009-11-15 02:03 . 2009-01-08 13:48 70600 ----a-w- c:\documents and settings\Simona\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 23:46 . 2009-12-12 23:14 118784 ----a-w- c:\windows\system32\iavlsp.dll
2009-11-04 20:50 . 2009-08-03 14:23 272 ----a-w- c:\windows\system32\lkfl.dat
2009-10-29 07:45 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-17 06:39 . 2009-11-04 20:49 72584 ----a-w- c:\windows\zllsputility.exe
2009-10-17 06:39 . 2009-11-04 20:47 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-10-17 06:39 . 2009-11-04 20:48 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-10-17 06:39 . 2009-11-04 20:48 103816 ----a-w- c:\windows\system32\zlcommdb.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-06-25 19:06 688640 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-06-25 688640]
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-01-04 16:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-01-04 16:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"X1FileMonitor.exe"="c:\program files\X1\X1FileMonitor.exe" [2008-12-11 370360]
"Xmarks"="c:\program files\Xmarks\IE Extension\xmarkssync.exe" [2009-11-12 1007616]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-01-04 160592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-10 2595792]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-10 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-10 136472]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-23 2209224]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 196608]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-01-04 160592]
c:\documents and settings\Power User\Start Menu\Programs\Startup\
Start First to Find.lnk - c:\program files\Thots Utilities\First To Find\First To Find.exe [2009-5-2 245760]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
First To Find.lnk - c:\program files\Thots Utilities\First To Find\First To Find.exe [2009-5-2 245760]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-1-4 2893624]
Net.Medic.lnk - c:\program files\VitalSigns\Net.Medic\Program\netMedic.exe [2009-1-3 1038848]
PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2009-7-20 2859008]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-06 01:20 133104 ----atw- c:\documents and settings\Power User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [12/7/2009 5:19 PM 17792]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [11/1/2009 6:08 PM 58984]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [11/1/2009 6:08 PM 334440]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [1/24/2009 2:21 PM 55136]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 8:30 AM 25208]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 8:30 AM 476528]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [11/1/2009 6:08 PM 972008]
R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [10/14/2009 8:29 AM 35448]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate1c9cadf7dba697a;Google Update Service (gupdate1c9cadf7dba697a);c:\program files\Google\Update\GoogleUpdate.exe [5/1/2009 11:30 PM 133104]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [12/8/2008 5:01 PM 533344]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-01-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-07 04:26]
2009-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5ad8cd3855dc.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-02 04:30]
2009-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-02 04:30]
2009-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1060284298-839522115-1004Core1ca5a59370eb882.job
- c:\documents and settings\Power User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-06 01:20]
2009-08-13 c:\windows\Tasks\User_Feed_Synchronization-{96A4B263-60C1-466A-BDD0-D278C57359BF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
2009-10-07 c:\windows\Tasks\User_Feed_Synchronization-{FDE4D35A-C290-47B2-8D53-2D949A5DBAAF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.thederrick.com/uInternet Connection Wizard,ShellNext = iexplore
IE: &Subscribe with ArchosLink -
file://c:\program files\Archos\ArchosLink\\script.js
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu -
file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Fill Forms -
file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar -
file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms -
file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
LSP: c:\windows\system32\iavlsp.dll
TCP: {72AE48BF-6751-481F-9BC9-143EB29E8983} = 166.102.165.13,207.41.5.20
DPF: Garmin Communicator Plug-In -
hxxps://my.garmin.com/static/m/cab/2.6. ... ontrol.CABDPF: {8646A6AF-0AE4-4BF8-B716-DB1513803972} -
hxxp://riteaid.storefront.com/images/gl ... oad1_8.CABFF - ProfilePath - c:\documents and settings\Power User\Application Data\Mozilla\Firefox\Profiles\sleq0s5c.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.windstream.net/wind/portal/index.aspxFF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaDownload.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaExtensions.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\Power User\Application Data\Mozilla\Firefox\Profiles\sleq0s5c.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\documents and settings\Power User\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Tracker Software\PDF-XChange Viewer\pdf-viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-WudfPf
SafeBoot-WudfRd
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-13 21:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="34A6B902909A5A509A034ABDE97868F84455D7C042A0D0B5D44790FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA2D97226D213B555A2D97226D213B5551C3D72CE4483D3AF92BEDA023ADD4DEAAEB098D0E41981670127253320C5BCD3C8F73FA749CC4C26050D7B757248FEA3D341AD7F68E6EDFC21CE962511669F76AD4F6EB711176CA5D7C6387BC4733D3A42C8E1B804461F57BD1DBFE04462140012094A407A6549108715B63DD3150E494BEFDB30BEBD236A9D5DE3C3462F55DBD332D0E33740EB69266255C698E4E38ED725F37B76D67C4C1C1DF70AF8C8139AE097B42CCD32D15BD860A18BDE20AA6B5F99B6945B9EA239282E255913AD716FBECEDD86994CEB32D70260DF4507BF66F1C0E3DAF126020E46264A391D6089B2062EE441CAA09E5F7100087D42DE742931D57010940577CF0C61F79375676660E2CF9892E048447686D644019AEF1181D3D384DA6E5457A326FA73B94D4E88981613FC11365EA8328C46F4EDEB074D6223FD7D4580B168D5D1D8B65DAB22E29EF11CC63BF3020DED0D512E27A5F4595FFE596BBD20BCE5D3659C6F1669F55ED9605261EF18D627AB2442B6F68B0D5435D72D1318761E7E32C5B47E60346158585D5FEB74F5861F1085240B8A342A563F3507EB887EFD5427EE4DF91B8E7E9DC779B3386F35B992E2F34758F48DA66A81B1B9A3AA8B89800D70572B894EEBF47D59824CEF5023921349BF8429D5E48B2079D99B7DBFF20E63ED8C10D21DCC96F03342E26494F3A230F266A60321C9AD66513FE56116F0F8CB1EE25A03F646ABBCD52D6BA226E3BE6F73D4093DD73CB6C10E88CC1FD8BBB7104B1B6E88AF05D623204487E2FCB0D02A5EEEAC7B342A01C39A17CCDE2C912F98D53766B7ECB52B86864A0FBF61983CDBDDD645414883D9A1F48E153102B3BAF4B2FC8FC7280D316F91450ABAF2DED4282F74B8F9F53E8337AE580C8725682AD7E4766CD4AEC064095C02BAB8A54BE3D02474A37275D0B481EFA24838B07940180CF0B15CA28AB4A3990F8F823EABA6BF2147555B53B91522715E987D95B334B2550048437AAA06B38BBE3243D9CBCD839E20D14AEEF845DF02BFFBF51A68AF4383794F517EE2B1500B287B0C65837ECA2B78CF39FA9357238341A6A3556FD30EEEF697B0CDF9823505A7F950A4A7D16B688ABA848112CF7A6D9E81EDB59FB27B0357A570583AB944F75CF06A2D14555F0BD8B26EDB802997C7D92A1EFAD85294BE3C3506E673887EFA28D6946B2988425C260C1CBB7051D1B339EFE2B9FA2F08340CB14690761A8D33B3D5719C4B62D3B8FA4C17A2F52B2161C3584F5AED38AA0CEF3D6F449B0ABD5F68CB83D460CAFB13A330CD6BA90C2597C699D91B"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1140)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
- - - - - - - > 'lsass.exe'(1196)
c:\windows\system32\relog_ap.dll
c:\windows\system32\iavlsp.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
- - - - - - - > 'csrss.exe'(1100)
c:\program files\CheckPoint\ZAForceField\AK\akconsole.dll
.
Completion time: 2010-01-13 21:27:16
ComboFix-quarantined-files.txt 2010-01-14 02:27
Pre-Run: 54,889,603,072 bytes free
Post-Run: 54,976,917,504 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 452B1576CD04C69244631D433B0DC17C