Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer takes a LONG time to boot/printer driver messed up?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Computer takes a LONG time to boot/printer driver messed up?

Unread postby Milkman71 » January 13th, 2010, 6:46 pm

It looks like it is on the Processes section. I will try to run it without scanning processes and see if it works then.
Milkman71
Regular Member
 
Posts: 24
Joined: December 30th, 2009, 10:21 pm
Advertisement
Register to Remove

Re: Computer takes a LONG time to boot/printer driver messed up?

Unread postby jmw3 » January 13th, 2010, 8:09 pm

Hi

Leave RootRepeal for the moment. We'll continue on:

Multiple Anti-virus Programs
You are operating your computer with multiple Anti-virus programs running in memory at once:
ZoneAlarm Extreme Security Antivirus | iolo System Shield
Also noted some entries related to Authentium.
Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove one of them NOW.
Note: Could also be the cause of both Gmer & RootRepeal failing to complete.

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
ComboFix log
Update on how the computer is running
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Computer takes a LONG time to boot/printer driver messed up?

Unread postby Milkman71 » January 14th, 2010, 1:36 am

That ran okay. It took awhile and I thought that it was stuck a couple of times. But after patiently waiting it finished. Here is the contents of the Log File.

ComboFix 10-01-13.07 - Power User 01/13/2010 21:06:20.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.567 [GMT -5:00]
Running from: c:\documents and settings\Power User\Desktop\ComboFix.exe
AV: ZoneAlarm Extreme Security Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Extreme Security Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Power User\Application Data\EurekaLog
c:\documents and settings\Power User\Application Data\EurekaLog\EurekaLog.ini
c:\program files\pdfforge Toolbar\SeARchsettings.dll
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\system32\Data
c:\windows\system32\Data\CT0060W.DAT
c:\windows\system32\Data\ctd20x.dat
c:\windows\system32\Data\CTEAPSW.DAT
c:\windows\system32\Data\CTEDSP2W.DAT
c:\windows\system32\Data\CTEDSPHW.DAT
c:\windows\system32\Data\CTEDSPKW.DAT
c:\windows\system32\Data\CTEDSPLW.DAT
c:\windows\system32\Data\CTEDSPPW.DAT
c:\windows\system32\Data\CTEDSPTW.DAT
c:\windows\system32\Data\CTEDSPUW.DAT
c:\windows\system32\Data\CTEDSPW.DAT
c:\windows\system32\Data\CTP0060W.DAT
c:\windows\system32\Data\CTP0061W.DAT
c:\windows\system32\Data\CTP0070W.DAT
c:\windows\system32\Data\CTP0073W.DAT
c:\windows\system32\Data\CTP0090W.DAT
c:\windows\system32\Data\CTP0091W.DAT
c:\windows\system32\Data\CTP0092W.DAT
c:\windows\system32\Data\CTP0095W.DAT
c:\windows\system32\Data\CTP0100W.DAT
c:\windows\system32\Data\CTP0101W.DAT
c:\windows\system32\Data\CTP0102W.DAT
c:\windows\system32\Data\CTP0103W.DAT
c:\windows\system32\Data\CTP0105W.DAT
c:\windows\system32\Data\CTP0150W.DAT
c:\windows\system32\Data\CTP0161W.DAT
c:\windows\system32\Data\CTP0162W.DAT
c:\windows\system32\Data\CTP0170W.DAT
c:\windows\system32\Data\CTP017AW.DAT
c:\windows\system32\Data\CTP017BW.DAT
c:\windows\system32\Data\CTP017CW.DAT
c:\windows\system32\Data\CTP017DW.DAT
c:\windows\system32\Data\CTP017EW.DAT
c:\windows\system32\Data\CTP017FW.DAT
c:\windows\system32\Data\CTP017GW.DAT
c:\windows\system32\Data\CTP017HW.DAT
c:\windows\system32\Data\CTP0191W.DAT
c:\windows\system32\Data\CTP0192W.DAT
c:\windows\system32\Data\CTP0221W.DAT
c:\windows\system32\Data\CTP0222W.DAT
c:\windows\system32\Data\CTP0230W.DAT
c:\windows\system32\Data\CTP0231W.DAT
c:\windows\system32\Data\CTP0232W.DAT
c:\windows\system32\Data\CTP0238W.DAT
c:\windows\system32\Data\CTP0240W.DAT
c:\windows\system32\Data\CTP0242W.DAT
c:\windows\system32\Data\CTP0243W.DAT
c:\windows\system32\Data\CTP0244W.DAT
c:\windows\system32\Data\CTP0245W.DAT
c:\windows\system32\Data\CTP0246W.DAT
c:\windows\system32\Data\CTP0249W.DAT
c:\windows\system32\Data\CTP0280W.DAT
c:\windows\system32\Data\CTP0320W.DAT
c:\windows\system32\Data\CTP0350W.DAT
c:\windows\system32\Data\CTP0352W.DAT
c:\windows\system32\Data\CTP0355W.DAT
c:\windows\system32\Data\CTP0358W.DAT
c:\windows\system32\Data\CTP0359W.DAT
c:\windows\system32\Data\CTP0360W.DAT
c:\windows\system32\Data\CTP0380W.DAT
c:\windows\system32\Data\CTP0400W.DAT
c:\windows\system32\Data\CTP0460W.DAT
c:\windows\system32\Data\CTP0462W.DAT
c:\windows\system32\Data\CTP0463W.DAT
c:\windows\system32\Data\CTP0464W.DAT
c:\windows\system32\Data\CTP0465W.DAT
c:\windows\system32\Data\CTP0466W.DAT
c:\windows\system32\Data\CTP0468W.DAT
c:\windows\system32\Data\CTP0469W.DAT
c:\windows\system32\Data\CTP046AW.DAT
c:\windows\system32\Data\CTP046BW.DAT
c:\windows\system32\Data\CTP046CW.DAT
c:\windows\system32\Data\CTP0530L.DAT
c:\windows\system32\Data\CTP0530W.DAT
c:\windows\system32\Data\CTP0531L.DAT
c:\windows\system32\Data\CTP0531W.DAT
c:\windows\system32\Data\CTP0550W.DAT
c:\windows\system32\Data\CTP055AW.DAT
c:\windows\system32\Data\CTP0600W.DAT
c:\windows\system32\Data\CTP0610W.DAT
c:\windows\system32\Data\CTP0669W.DAT
c:\windows\system32\Data\CTP0678W.DAT
c:\windows\system32\Data\CTP0679W.DAT
c:\windows\system32\Data\CTP0730W.DAT
c:\windows\system32\Data\CTP073AW.DAT
c:\windows\system32\Data\CTP0760W.DAT
c:\windows\system32\Data\CTP0773W.DAT
c:\windows\system32\Data\CTP0930W.DAT
c:\windows\system32\Data\CTP1140W.DAT
c:\windows\system32\Data\CTP4620W.DAT
c:\windows\system32\Data\CTP4670W.DAT
c:\windows\system32\Data\CTP4760W.DAT
c:\windows\system32\Data\CTP4780W.DAT
c:\windows\system32\Data\CTP4790W.DAT
c:\windows\system32\Data\CTP4820W.DAT
c:\windows\system32\Data\CTP4830W.DAT
c:\windows\system32\Data\CTP4831W.DAT
c:\windows\system32\Data\CTP4832W.DAT
c:\windows\system32\Data\CTP4840W.DAT
c:\windows\system32\Data\CTP4850W.DAT
c:\windows\system32\Data\CTP4870W.DAT
c:\windows\system32\Data\CTP4871W.DAT
c:\windows\system32\Data\CTP4872W.DAT
c:\windows\system32\Data\CTP4875W.DAT
c:\windows\system32\Data\CTP4890W.DAT
c:\windows\system32\Data\CTP4891W.DAT
c:\windows\system32\Data\CTP4893W.DAT
c:\windows\system32\Data\CTPDXW.DAT
c:\windows\system32\Data\CTPM002W.DAT
c:\windows\system32\Data\cts20x.dat
c:\windows\system32\Data\CTXFICBM.RFX
c:\windows\system32\Data\CTXFICM.RFX
c:\windows\system32\Data\CTXFIEM.RFX
c:\windows\system32\Data\CTXFIGM.RFX
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\Ijl11.dll

----- BITS: Possible infected sites -----

hxxp://download.iolo.net
.
((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-13 23:38 . 2010-01-13 23:38 -------- d-----w- C:\New Folder
2010-01-13 16:49 . 2010-01-13 17:41 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~1
2010-01-10 00:29 . 2010-01-10 00:29 -------- d-----w- c:\windows\system32\store
2010-01-09 23:41 . 2010-01-13 16:46 -------- d-----w- c:\documents and settings\Power User\Application Data\HPAppData
2010-01-05 16:54 . 2010-01-05 16:54 -------- d-----w- c:\documents and settings\Power User\Local Settings\Application Data\HP
2010-01-05 16:16 . 2010-01-05 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-01-05 15:36 . 2010-01-05 16:51 77377 ----a-w- c:\windows\hpqins05.dat
2010-01-05 15:11 . 2010-01-05 16:56 -------- d-----w- c:\documents and settings\Power User\Application Data\HpUpdate
2010-01-05 15:10 . 2010-01-05 15:10 -------- d-----w- c:\windows\Hewlett-Packard
2010-01-05 15:09 . 2010-01-05 15:09 -------- d-----w- c:\documents and settings\Power User\Application Data\HP
2010-01-04 14:09 . 2010-01-05 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-01-04 14:03 . 2008-10-30 07:23 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-01-04 14:03 . 2008-10-30 07:23 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-01-04 14:02 . 2008-10-30 07:23 271704 ----a-r- c:\windows\system32\hpzids01.dll
2010-01-04 14:02 . 2008-10-28 17:49 321536 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp696.dll
2010-01-04 14:02 . 2008-10-28 17:49 118272 ----a-w- c:\windows\system32\hpz3l696.dll
2010-01-04 14:01 . 2008-10-30 07:23 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-01-04 14:01 . 2008-10-30 07:23 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2010-01-04 14:01 . 2008-10-30 07:23 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-01-04 13:42 . 2010-01-04 14:24 150160 ----a-w- c:\windows\hphins28.dat
2010-01-04 13:42 . 2009-01-04 21:30 939 ------w- c:\windows\hphmdl28.dat
2010-01-02 01:12 . 2006-03-10 05:00 3584 ----a-w- c:\windows\system32\eswiaml.dll
2009-12-31 13:29 . 2010-01-13 04:43 -------- d-----w- c:\windows\system32\oodag
2009-12-31 03:55 . 2009-12-31 03:55 -------- d-----w- c:\program files\OO Software
2009-12-31 03:08 . 2010-01-03 03:41 -------- d-----w- c:\program files\SpywareBlaster
2009-12-28 12:52 . 2009-12-28 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-28 12:52 . 2009-12-28 12:52 152576 ----a-w- c:\documents and settings\Power User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-28 06:04 . 2010-01-05 17:05 -------- d-----w- c:\documents and settings\Power User\Application Data\Printer Info Cache
2009-12-28 06:04 . 2010-01-05 17:14 -------- d-----w- c:\program files\Common Files\HP
2009-12-23 22:56 . 2010-01-05 17:05 -------- d-----w- c:\documents and settings\Power User\Application Data\Image Zone Express
2009-12-23 17:43 . 2001-08-18 03:36 176640 ----a-w- c:\windows\system32\LXSYSUI.DLL
2009-12-23 17:26 . 2001-08-17 18:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-12-23 17:26 . 2001-08-17 18:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-12-23 07:57 . 2009-12-28 06:02 -------- d-----w- c:\program files\JDownloader
2009-12-23 06:24 . 2009-12-23 06:24 -------- d-----w- c:\program files\Intel
2009-12-23 06:19 . 2009-12-23 06:19 -------- d-----w- C:\swsetup
2009-12-23 05:05 . 2009-12-23 05:05 70702750 ----a-w- c:\documents and settings\Power User\Application Data\Uniblue\DriverScanner\Download\pci_ven_10de_dev_03226_14_11_7540.exe
2009-12-23 04:57 . 2009-12-23 04:57 2816336 ----a-w- c:\documents and settings\Power User\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_25323_20_1001.exe
2009-12-23 04:57 . 2009-12-23 04:57 4058282 ----a-w- c:\documents and settings\Power User\Application Data\Uniblue\DriverScanner\Download\hid_vid_046d_pid_c00c9_80.exe
2009-12-23 04:50 . 2009-07-06 03:23 2653048 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
2009-12-23 04:50 . 2009-12-23 04:50 -------- d-----w- c:\program files\Uniblue
2009-12-23 04:38 . 2009-12-28 06:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 02:15 . 2009-07-20 14:57 -------- d-----w- c:\program files\pdfforge Toolbar
2010-01-14 01:55 . 2009-08-03 14:23 144 ----a-w- c:\windows\system32\pdfl.dat
2010-01-14 01:52 . 2009-01-01 00:09 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-14 01:50 . 2009-05-31 02:15 -------- d-----w- c:\program files\hp deskjet 930c series
2010-01-14 01:49 . 2010-01-14 01:50 119296 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-01-14 01:40 . 2009-01-11 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2010-01-13 21:57 . 2009-11-04 13:59 -------- d-----w- c:\program files\Mozilla Firefox 3.6 Beta 1
2010-01-13 17:40 . 2010-01-13 17:41 2491392 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-01-13 17:40 . 2010-01-13 17:41 785408 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-01-13 17:37 . 2009-03-31 03:46 -------- d-----w- c:\program files\Lavasoft
2010-01-13 17:12 . 2010-01-13 17:13 2490880 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-01-13 16:48 . 2009-03-31 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-13 16:40 . 2009-09-23 20:17 -------- d-----w- c:\program files\Minilyrics
2010-01-13 16:20 . 2009-05-02 04:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-13 16:08 . 2009-01-20 04:30 -------- d-----w- c:\program files\Everything
2010-01-12 04:41 . 2009-11-04 21:07 -------- d-----w- c:\documents and settings\Power User\Application Data\#ISW.FS#
2010-01-12 03:58 . 2009-01-05 07:15 -------- d-----w- c:\documents and settings\Power User\Application Data\GoodSync
2010-01-09 04:43 . 2009-06-08 15:08 -------- d-----w- c:\program files\MozyHome
2010-01-05 17:14 . 2009-07-21 18:42 -------- d-----w- c:\program files\HP
2010-01-05 17:13 . 2009-01-04 04:46 70984 ----a-w- c:\documents and settings\Power User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-04 03:37 . 2009-01-01 19:41 -------- d-----w- c:\program files\Siber Systems
2010-01-03 13:32 . 2009-01-11 19:42 1537 ----a-w- c:\documents and settings\Power User\Application Data\iolo\restore.bat
2010-01-02 01:38 . 2009-11-04 21:06 -------- d-----w- c:\documents and settings\Power User\Application Data\MailFrontier
2009-12-28 13:16 . 2009-01-02 02:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-28 06:06 . 2009-03-31 03:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2009-12-28 05:55 . 2009-01-07 00:35 -------- d-----w- c:\program files\Google
2009-12-28 05:15 . 2009-04-09 19:54 -------- d-----w- c:\program files\MediaMonkey
2009-12-23 06:56 . 2009-01-19 22:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-23 06:51 . 2009-01-20 01:31 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-12-23 06:20 . 2009-01-09 21:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-23 04:55 . 2009-04-22 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-12-15 05:21 . 2009-12-15 05:21 1831800 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-12 06:06 . 2009-12-06 00:24 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-11 14:03 . 2009-01-11 19:00 -------- d-----w- c:\documents and settings\Power User\Application Data\iolo
2009-12-01 04:18 . 2009-12-01 04:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-12-01 04:18 . 2009-12-01 04:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-12-01 04:13 . 2009-12-01 04:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2009-12-01 04:02 . 2009-12-01 03:27 -------- d-----w- c:\program files\Zune
2009-12-01 04:00 . 2009-12-01 04:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf
2009-12-01 04:00 . 2009-12-01 04:00 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-11-23 22:16 . 2009-01-19 22:38 -------- d-----w- c:\program files\DAP
2009-11-23 22:15 . 2009-01-19 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-11-23 21:38 . 2009-11-23 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2009-11-22 00:49 . 2009-11-22 00:49 -------- d-----w- c:\program files\Xmarks
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 21:40 . 2009-01-28 17:57 -------- d-----w- c:\program files\GenSmarts
2009-11-16 00:17 . 2009-01-29 00:00 -------- d-----w- c:\documents and settings\Power User\Application Data\The Master Genealogist v7
2009-11-15 02:03 . 2009-01-08 13:48 70600 ----a-w- c:\documents and settings\Simona\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 23:46 . 2009-12-12 23:14 118784 ----a-w- c:\windows\system32\iavlsp.dll
2009-11-04 20:50 . 2009-08-03 14:23 272 ----a-w- c:\windows\system32\lkfl.dat
2009-10-29 07:45 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-17 06:39 . 2009-11-04 20:49 72584 ----a-w- c:\windows\zllsputility.exe
2009-10-17 06:39 . 2009-11-04 20:47 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-10-17 06:39 . 2009-11-04 20:48 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-10-17 06:39 . 2009-11-04 20:48 103816 ----a-w- c:\windows\system32\zlcommdb.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-06-25 19:06 688640 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-06-25 688640]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-01-04 16:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-01-04 16:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"X1FileMonitor.exe"="c:\program files\X1\X1FileMonitor.exe" [2008-12-11 370360]
"Xmarks"="c:\program files\Xmarks\IE Extension\xmarkssync.exe" [2009-11-12 1007616]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-01-04 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-10 2595792]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-10 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-10 136472]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-23 2209224]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 196608]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-01-04 160592]

c:\documents and settings\Power User\Start Menu\Programs\Startup\
Start First to Find.lnk - c:\program files\Thots Utilities\First To Find\First To Find.exe [2009-5-2 245760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
First To Find.lnk - c:\program files\Thots Utilities\First To Find\First To Find.exe [2009-5-2 245760]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-1-4 2893624]
Net.Medic.lnk - c:\program files\VitalSigns\Net.Medic\Program\netMedic.exe [2009-1-3 1038848]
PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2009-7-20 2859008]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-06 01:20 133104 ----atw- c:\documents and settings\Power User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [12/7/2009 5:19 PM 17792]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [11/1/2009 6:08 PM 58984]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [11/1/2009 6:08 PM 334440]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [1/24/2009 2:21 PM 55136]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 8:30 AM 25208]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 8:30 AM 476528]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [11/1/2009 6:08 PM 972008]
R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [10/14/2009 8:29 AM 35448]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate1c9cadf7dba697a;Google Update Service (gupdate1c9cadf7dba697a);c:\program files\Google\Update\GoogleUpdate.exe [5/1/2009 11:30 PM 133104]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [12/8/2008 5:01 PM 533344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-07 04:26]

2009-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5ad8cd3855dc.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-02 04:30]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-02 04:30]

2009-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1060284298-839522115-1004Core1ca5a59370eb882.job
- c:\documents and settings\Power User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-06 01:20]

2009-08-13 c:\windows\Tasks\User_Feed_Synchronization-{96A4B263-60C1-466A-BDD0-D278C57359BF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

2009-10-07 c:\windows\Tasks\User_Feed_Synchronization-{FDE4D35A-C290-47B2-8D53-2D949A5DBAAF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.thederrick.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Subscribe with ArchosLink - file://c:\program files\Archos\ArchosLink\\script.js
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
LSP: c:\windows\system32\iavlsp.dll
TCP: {72AE48BF-6751-481F-9BC9-143EB29E8983} = 166.102.165.13,207.41.5.20
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6. ... ontrol.CAB
DPF: {8646A6AF-0AE4-4BF8-B716-DB1513803972} - hxxp://riteaid.storefront.com/images/gl ... oad1_8.CAB
FF - ProfilePath - c:\documents and settings\Power User\Application Data\Mozilla\Firefox\Profiles\sleq0s5c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.windstream.net/wind/portal/index.aspx
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaDownload.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaExtensions.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\Power User\Application Data\Mozilla\Firefox\Profiles\sleq0s5c.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\documents and settings\Power User\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Tracker Software\PDF-XChange Viewer\pdf-viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 21:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="34A6B902909A5A509A034ABDE97868F84455D7C042A0D0B5D44790FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA2D97226D213B555A2D97226D213B5551C3D72CE4483D3AF92BEDA023ADD4DEAAEB098D0E41981670127253320C5BCD3C8F73FA749CC4C26050D7B757248FEA3D341AD7F68E6EDFC21CE962511669F76AD4F6EB711176CA5D7C6387BC4733D3A42C8E1B804461F57BD1DBFE04462140012094A407A6549108715B63DD3150E494BEFDB30BEBD236A9D5DE3C3462F55DBD332D0E33740EB69266255C698E4E38ED725F37B76D67C4C1C1DF70AF8C8139AE097B42CCD32D15BD860A18BDE20AA6B5F99B6945B9EA239282E255913AD716FBECEDD86994CEB32D70260DF4507BF66F1C0E3DAF126020E46264A391D6089B2062EE441CAA09E5F7100087D42DE742931D57010940577CF0C61F79375676660E2CF9892E048447686D644019AEF1181D3D384DA6E5457A326FA73B94D4E88981613FC11365EA8328C46F4EDEB074D6223FD7D4580B168D5D1D8B65DAB22E29EF11CC63BF3020DED0D512E27A5F4595FFE596BBD20BCE5D3659C6F1669F55ED9605261EF18D627AB2442B6F68B0D5435D72D1318761E7E32C5B47E60346158585D5FEB74F5861F1085240B8A342A563F3507EB887EFD5427EE4DF91B8E7E9DC779B3386F35B992E2F34758F48DA66A81B1B9A3AA8B89800D70572B894EEBF47D59824CEF5023921349BF8429D5E48B2079D99B7DBFF20E63ED8C10D21DCC96F03342E26494F3A230F266A60321C9AD66513FE56116F0F8CB1EE25A03F646ABBCD52D6BA226E3BE6F73D4093DD73CB6C10E88CC1FD8BBB7104B1B6E88AF05D623204487E2FCB0D02A5EEEAC7B342A01C39A17CCDE2C912F98D53766B7ECB52B86864A0FBF61983CDBDDD645414883D9A1F48E153102B3BAF4B2FC8FC7280D316F91450ABAF2DED4282F74B8F9F53E8337AE580C8725682AD7E4766CD4AEC064095C02BAB8A54BE3D02474A37275D0B481EFA24838B07940180CF0B15CA28AB4A3990F8F823EABA6BF2147555B53B91522715E987D95B334B2550048437AAA06B38BBE3243D9CBCD839E20D14AEEF845DF02BFFBF51A68AF4383794F517EE2B1500B287B0C65837ECA2B78CF39FA9357238341A6A3556FD30EEEF697B0CDF9823505A7F950A4A7D16B688ABA848112CF7A6D9E81EDB59FB27B0357A570583AB944F75CF06A2D14555F0BD8B26EDB802997C7D92A1EFAD85294BE3C3506E673887EFA28D6946B2988425C260C1CBB7051D1B339EFE2B9FA2F08340CB14690761A8D33B3D5719C4B62D3B8FA4C17A2F52B2161C3584F5AED38AA0CEF3D6F449B0ABD5F68CB83D460CAFB13A330CD6BA90C2597C699D91B"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1140)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll

- - - - - - - > 'lsass.exe'(1196)
c:\windows\system32\relog_ap.dll
c:\windows\system32\iavlsp.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll

- - - - - - - > 'csrss.exe'(1100)
c:\program files\CheckPoint\ZAForceField\AK\akconsole.dll
.
Completion time: 2010-01-13 21:27:16
ComboFix-quarantined-files.txt 2010-01-14 02:27

Pre-Run: 54,889,603,072 bytes free
Post-Run: 54,976,917,504 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 452B1576CD04C69244631D433B0DC17C
Milkman71
Regular Member
 
Posts: 24
Joined: December 30th, 2009, 10:21 pm

Re: Computer takes a LONG time to boot/printer driver messed up?

Unread postby jmw3 » January 14th, 2010, 3:00 am

Hi

Remove Programs
Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove

MarketResearch
pdfforge Toolbar v1.1


If some programs listed are not present, please do not panic

CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code: Select all
Folder::
c:\program files\pdfforge Toolbar
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"=-
[-HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000
RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
mRun: [<NO NAME>]
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

Save this as CFScript.txt, in the same location as ComboFix.exe

Image

Refering to the picture above, drag CFScript into ComboFix.exe
If prompted by ComboFix to update, please do so
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply
Pictured tutorial if required.

To post in next reply:
ComboFix log
Kaspersky Scan log
Update on how the computer is running
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Computer takes a LONG time to boot/printer driver messed up?

Unread postby Milkman71 » January 14th, 2010, 12:14 pm

Hi,
MarketResearch was not listed but pdfforge Toolbar v1.1 is listed. I tried to uninstall but it threw an error window that mentioned some .msi file.

When I created the CFScript and moved it to ComboFix, ComboFix started to run then a window came up about an update "There's a newer version of ComboFix available. Would you like to update ComboFix?" with a Yes and No buttons.
Milkman71
Regular Member
 
Posts: 24
Joined: December 30th, 2009, 10:21 pm

Re: Computer takes a LONG time to boot/printer driver messed up?

Unread postby Milkman71 » January 14th, 2010, 12:44 pm

sorry i just reread the post and clicked yes.
here is the log. thanks
ComboFix 10-01-13.0C - Power User 01/14/2010 11:19:48.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.462 [GMT -5:00]
Running from: c:\documents and settings\Power User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Power User\Desktop\CFScript.txt
AV: ZoneAlarm Extreme Security Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Extreme Security Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\pdfforge Toolbar
c:\program files\pdfforge Toolbar\config.ini
c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll
c:\program files\pdfforge Toolbar\Res\icon_settings.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\Res\pdfc_icon.gif
c:\program files\pdfforge Toolbar\Res\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\Res\search-button-hover.gif
c:\program files\pdfforge Toolbar\Res\search-button.gif
c:\program files\pdfforge Toolbar\Res\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\Res\search-chevron.gif
c:\program files\pdfforge Toolbar\Res\search_amazon.gif
c:\program files\pdfforge Toolbar\Res\search_ebay.gif
c:\program files\pdfforge Toolbar\Res\search_yahoo.gif
c:\program files\pdfforge Toolbar\Res\widgets.xml
c:\program files\pdfforge Toolbar\SearchSettings.exe
c:\program files\pdfforge Toolbar\SearchSettingsRes409.dll
c:\program files\pdfforge Toolbar\sscfg.ini
c:\program files\pdfforge Toolbar\WidgiHelper.exe
c:\windows\system32\Ijl11.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-14 07:35 . 2009-12-17 21:37 31936 ----a-w- c:\documents and settings\Power User\Application Data\Mozilla\Firefox\Profiles\sleq0s5c.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-01-14 07:35 . 2009-12-17 21:37 29344 ----a-w- c:\documents and settings\Power User\Application Data\Mozilla\Firefox\Profiles\sleq0s5c.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-01-14 07:29 . 2010-01-14 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-14 07:29 . 2010-01-14 07:29 -------- d-----w- c:\program files\NOS
2010-01-14 07:00 . 2010-01-14 07:00 100096 ----a-w- c:\documents and settings\Power User\Application Data\CBS Interactive\CNET TechTracker\uninst.exe
2010-01-14 06:59 . 2010-01-14 06:59 -------- d-----w- c:\documents and settings\Power User\Application Data\CBS Interactive
2010-01-13 23:38 . 2010-01-13 23:38 -------- d-----w- C:\New Folder
2010-01-13 16:49 . 2010-01-13 17:41 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~1
2010-01-10 00:29 . 2010-01-10 00:29 -------- d-----w- c:\windows\system32\store
2010-01-09 23:41 . 2010-01-14 07:11 -------- d-----w- c:\documents and settings\Power User\Application Data\HPAppData
2010-01-05 16:54 . 2010-01-05 16:54 -------- d-----w- c:\documents and settings\Power User\Local Settings\Application Data\HP
2010-01-05 16:16 . 2010-01-05 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-01-05 15:36 . 2010-01-05 16:51 77377 ----a-w- c:\windows\hpqins05.dat
2010-01-05 15:11 . 2010-01-05 16:56 -------- d-----w- c:\documents and settings\Power User\Application Data\HpUpdate
2010-01-05 15:10 . 2010-01-05 15:10 -------- d-----w- c:\windows\Hewlett-Packard
2010-01-05 15:09 . 2010-01-05 15:09 -------- d-----w- c:\documents and settings\Power User\Application Data\HP
2010-01-04 14:09 . 2010-01-05 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-01-04 14:03 . 2008-10-30 07:23 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-01-04 14:03 . 2008-10-30 07:23 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-01-04 14:02 . 2008-10-30 07:23 271704 ----a-r- c:\windows\system32\hpzids01.dll
2010-01-04 14:02 . 2008-10-28 17:49 321536 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp696.dll
2010-01-04 14:02 . 2008-10-28 17:49 118272 ----a-w- c:\windows\system32\hpz3l696.dll
2010-01-04 14:01 . 2008-10-30 07:23 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-01-04 14:01 . 2008-10-30 07:23 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2010-01-04 14:01 . 2008-10-30 07:23 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-01-04 13:42 . 2010-01-04 14:24 150160 ----a-w- c:\windows\hphins28.dat
2010-01-04 13:42 . 2009-01-04 21:30 939 ------w- c:\windows\hphmdl28.dat
2010-01-02 01:12 . 2006-03-10 05:00 3584 ----a-w- c:\windows\system32\eswiaml.dll
2009-12-31 13:29 . 2010-01-13 04:43 -------- d-----w- c:\windows\system32\oodag
2009-12-31 03:55 . 2009-12-31 03:55 -------- d-----w- c:\program files\OO Software
2009-12-31 03:08 . 2010-01-03 03:41 -------- d-----w- c:\program files\SpywareBlaster
2009-12-28 12:52 . 2009-12-28 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-28 12:52 . 2009-12-28 12:52 152576 ----a-w- c:\documents and settings\Power User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-28 06:04 . 2010-01-05 17:05 -------- d-----w- c:\documents and settings\Power User\Application Data\Printer Info Cache
2009-12-28 06:04 . 2010-01-05 17:14 -------- d-----w- c:\program files\Common Files\HP
2009-12-23 22:56 . 2010-01-05 17:05 -------- d-----w- c:\documents and settings\Power User\Application Data\Image Zone Express
2009-12-23 17:43 . 2001-08-18 03:36 176640 ----a-w- c:\windows\system32\LXSYSUI.DLL
2009-12-23 17:26 . 2001-08-17 18:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-12-23 17:26 . 2001-08-17 18:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-12-23 07:57 . 2009-12-28 06:02 -------- d-----w- c:\program files\JDownloader
2009-12-23 06:24 . 2009-12-23 06:24 -------- d-----w- c:\program files\Intel
2009-12-23 06:19 . 2009-12-23 06:19 -------- d-----w- C:\swsetup
2009-12-23 05:05 . 2009-12-23 05:05 70702750 ----a-w- c:\documents and settings\Power User\Application Data\Uniblue\DriverScanner\Download\pci_ven_10de_dev_03226_14_11_7540.exe
2009-12-23 04:57 . 2009-12-23 04:57 2816336 ----a-w- c:\documents and settings\Power User\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_25323_20_1001.exe
2009-12-23 04:57 . 2009-12-23 04:57 4058282 ----a-w- c:\documents and settings\Power User\Application Data\Uniblue\DriverScanner\Download\hid_vid_046d_pid_c00c9_80.exe
2009-12-23 04:50 . 2009-07-06 03:23 2653048 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
2009-12-23 04:50 . 2009-12-23 04:50 -------- d-----w- c:\program files\Uniblue
2009-12-23 04:38 . 2009-12-28 06:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 07:14 . 2009-01-01 00:09 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-14 07:00 . 2009-08-03 14:23 144 ----a-w- c:\windows\system32\pdfl.dat
2010-01-14 06:07 . 2009-01-05 07:15 -------- d-----w- c:\documents and settings\Power User\Application Data\GoodSync
2010-01-14 02:48 . 2009-01-20 04:30 -------- d-----w- c:\program files\Everything
2010-01-14 01:50 . 2009-05-31 02:15 -------- d-----w- c:\program files\hp deskjet 930c series
2010-01-14 01:49 . 2010-01-14 01:50 119296 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-01-14 01:40 . 2009-01-11 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2010-01-13 21:57 . 2009-11-04 13:59 -------- d-----w- c:\program files\Mozilla Firefox 3.6 Beta 1
2010-01-13 17:40 . 2010-01-13 17:41 2491392 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-01-13 17:40 . 2010-01-13 17:41 785408 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-01-13 17:37 . 2009-03-31 03:46 -------- d-----w- c:\program files\Lavasoft
2010-01-13 17:12 . 2010-01-13 17:13 2490880 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-01-13 16:48 . 2009-03-31 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-13 16:40 . 2009-09-23 20:17 -------- d-----w- c:\program files\Minilyrics
2010-01-13 16:20 . 2009-05-02 04:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-12 04:41 . 2009-11-04 21:07 -------- d-----w- c:\documents and settings\Power User\Application Data\#ISW.FS#
2010-01-09 04:43 . 2009-06-08 15:08 -------- d-----w- c:\program files\MozyHome
2010-01-05 17:14 . 2009-07-21 18:42 -------- d-----w- c:\program files\HP
2010-01-05 17:13 . 2009-01-04 04:46 70984 ----a-w- c:\documents and settings\Power User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-04 03:37 . 2009-01-01 19:41 -------- d-----w- c:\program files\Siber Systems
2010-01-03 13:32 . 2009-01-11 19:42 1537 ----a-w- c:\documents and settings\Power User\Application Data\iolo\restore.bat
2010-01-02 01:38 . 2009-11-04 21:06 -------- d-----w- c:\documents and settings\Power User\Application Data\MailFrontier
2009-12-28 13:16 . 2009-01-02 02:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-28 06:06 . 2009-03-31 03:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2009-12-28 05:55 . 2009-01-07 00:35 -------- d-----w- c:\program files\Google
2009-12-28 05:15 . 2009-04-09 19:54 -------- d-----w- c:\program files\MediaMonkey
2009-12-23 06:56 . 2009-01-19 22:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-23 06:51 . 2009-01-20 01:31 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-12-23 06:20 . 2009-01-09 21:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-23 04:55 . 2009-04-22 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-12-15 05:21 . 2009-12-15 05:21 1831800 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-12 06:06 . 2009-12-06 00:24 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-11 14:03 . 2009-01-11 19:00 -------- d-----w- c:\documents and settings\Power User\Application Data\iolo
2009-12-01 04:18 . 2009-12-01 04:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-12-01 04:18 . 2009-12-01 04:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-12-01 04:13 . 2009-12-01 04:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2009-12-01 04:02 . 2009-12-01 03:27 -------- d-----w- c:\program files\Zune
2009-12-01 04:00 . 2009-12-01 04:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf
2009-12-01 04:00 . 2009-12-01 04:00 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-11-23 22:16 . 2009-01-19 22:38 -------- d-----w- c:\program files\DAP
2009-11-23 22:15 . 2009-01-19 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-11-23 21:38 . 2009-11-23 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2009-11-22 00:49 . 2009-11-22 00:49 -------- d-----w- c:\program files\Xmarks
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 21:40 . 2009-01-28 17:57 -------- d-----w- c:\program files\GenSmarts
2009-11-16 00:17 . 2009-01-29 00:00 -------- d-----w- c:\documents and settings\Power User\Application Data\The Master Genealogist v7
2009-11-15 02:03 . 2009-01-08 13:48 70600 ----a-w- c:\documents and settings\Simona\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 23:46 . 2009-12-12 23:14 118784 ----a-w- c:\windows\system32\iavlsp.dll
2009-11-05 20:06 . 2009-11-05 20:06 1108992 ----a-w- c:\documents and settings\Power User\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
2009-11-04 20:50 . 2009-08-03 14:23 272 ----a-w- c:\windows\system32\lkfl.dat
2009-10-29 07:45 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-17 06:39 . 2009-11-04 20:49 72584 ----a-w- c:\windows\zllsputility.exe
2009-10-17 06:39 . 2009-11-04 20:47 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-10-17 06:39 . 2009-11-04 20:48 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-10-17 06:39 . 2009-11-04 20:48 103816 ----a-w- c:\windows\system32\zlcommdb.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-14_02.23.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-14 06:56 . 2010-01-14 06:56 16384 c:\windows\Temp\usgthrsvc\Perflib_Perfdata_b5c.dat
+ 2010-01-14 06:55 . 2010-01-14 06:55 16384 c:\windows\Temp\Perflib_Perfdata_718.dat
+ 2010-01-14 06:55 . 2010-01-14 06:55 16384 c:\windows\Temp\Perflib_Perfdata_344.dat
+ 2010-01-14 16:31 . 2010-01-14 16:31 16384 c:\windows\Temp\Perflib_Perfdata_137c.dat
+ 2010-01-14 07:19 . 2010-01-14 07:19 63100 c:\windows\system32\ZoneLabs\avsys\temp\update\rollback\bases\apu\apu0002.dat
+ 2009-12-04 04:18 . 2010-01-14 02:56 40558 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0009.dat
+ 2009-11-04 21:13 . 2010-01-14 02:56 77780 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0008.dat
- 2009-11-04 21:13 . 2010-01-13 17:53 77780 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0008.dat
+ 2009-11-04 21:11 . 2010-01-14 07:19 63604 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0002.dat
- 2009-11-04 21:11 . 2010-01-13 17:53 54531 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0001.dat
+ 2009-11-04 21:11 . 2010-01-14 02:56 54531 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0001.dat
+ 2009-12-04 04:18 . 2010-01-14 02:56 40558 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0009.dat
- 2009-11-04 21:14 . 2010-01-13 17:54 77780 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0008.dat
+ 2009-11-04 21:14 . 2010-01-14 02:56 77780 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0008.dat
+ 2009-11-04 20:48 . 2010-01-14 07:19 63604 c:\windows\system32\ZoneLabs\avsys\bases\apu0002.dat
+ 2009-11-04 20:48 . 2010-01-14 02:56 54531 c:\windows\system32\ZoneLabs\avsys\bases\apu0001.dat
- 2009-11-04 20:48 . 2010-01-13 17:53 54531 c:\windows\system32\ZoneLabs\avsys\bases\apu0001.dat
+ 2009-01-01 23:50 . 2010-01-14 07:38 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2009-01-01 23:50 . 2009-12-31 00:24 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-06-18 14:27 . 2010-01-14 07:31 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-01-04 16:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-01-04 16:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"X1FileMonitor.exe"="c:\program files\X1\X1FileMonitor.exe" [2008-12-11 370360]
"Xmarks"="c:\program files\Xmarks\IE Extension\xmarkssync.exe" [2009-11-12 1007616]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-01-04 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-10 2595792]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-10 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-10 136472]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-23 2209224]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 196608]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-01-04 160592]

c:\documents and settings\Power User\Start Menu\Programs\Startup\
CNET TechTracker.lnk - c:\documents and settings\Power User\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe [2009-11-5 1108992]
Start First to Find.lnk - c:\program files\Thots Utilities\First To Find\First To Find.exe [2009-5-2 245760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
First To Find.lnk - c:\program files\Thots Utilities\First To Find\First To Find.exe [2009-5-2 245760]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-1-4 2893624]
Net.Medic.lnk - c:\program files\VitalSigns\Net.Medic\Program\netMedic.exe [2009-1-3 1038848]
PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2009-7-20 2859008]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-06 01:20 133104 ----atw- c:\documents and settings\Power User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [12/7/2009 5:19 PM 17792]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [11/1/2009 6:08 PM 58984]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [11/1/2009 6:08 PM 334440]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [1/24/2009 2:21 PM 55136]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 8:30 AM 25208]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 8:30 AM 476528]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [11/1/2009 6:08 PM 972008]
R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [10/14/2009 8:29 AM 35448]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate1c9cadf7dba697a;Google Update Service (gupdate1c9cadf7dba697a);c:\program files\Google\Update\GoogleUpdate.exe [5/1/2009 11:30 PM 133104]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [12/8/2008 5:01 PM 533344]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GETPLUSHELPER

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-01-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-07 04:26]

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5ad8cd3855dc.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-02 04:30]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-02 04:30]

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1060284298-839522115-1004Core1ca5a59370eb882.job
- c:\documents and settings\Power User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-06 01:20]

2010-01-14 c:\windows\Tasks\User_Feed_Synchronization-{96A4B263-60C1-466A-BDD0-D278C57359BF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

2010-01-14 c:\windows\Tasks\User_Feed_Synchronization-{FDE4D35A-C290-47B2-8D53-2D949A5DBAAF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.windstream.net/wind/portal/index.aspx
uInternet Connection Wizard,ShellNext = iexplore
IE: &Subscribe with ArchosLink - file://c:\program files\Archos\ArchosLink\\script.js
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
LSP: c:\windows\system32\iavlsp.dll
TCP: {72AE48BF-6751-481F-9BC9-143EB29E8983} = 166.102.165.13,207.41.5.20
DPF: {8646A6AF-0AE4-4BF8-B716-DB1513803972} - hxxp://riteaid.storefront.com/images/gl ... oad1_8.CAB
FF - ProfilePath - c:\documents and settings\Power User\Application Data\Mozilla\Firefox\Profiles\sleq0s5c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.windstream.net/wind/portal/index.aspx
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaDownload.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaExtensions.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\Power User\Application Data\Mozilla\Firefox\Profiles\sleq0s5c.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Power User\Application Data\Mozilla\Firefox\Profiles\sleq0s5c.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\documents and settings\Power User\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Tracker Software\PDF-XChange Viewer\pdf-viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 11:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1128)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll

- - - - - - - > 'lsass.exe'(1196)
c:\windows\system32\relog_ap.dll
c:\windows\system32\iavlsp.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll

- - - - - - - > 'csrss.exe'(1104)
c:\program files\CheckPoint\ZAForceField\AK\akconsole.dll
.
Completion time: 2010-01-14 11:37:45
ComboFix-quarantined-files.txt 2010-01-14 16:37
ComboFix2.txt 2010-01-14 02:27

Pre-Run: 54,703,349,760 bytes free
Post-Run: 54,759,407,616 bytes free

- - End Of File - - A12D60B37B5A890CAC7B433B65F98270
Milkman71
Regular Member
 
Posts: 24
Joined: December 30th, 2009, 10:21 pm

Re: Computer takes a LONG time to boot/printer driver messed up?

Unread postby Milkman71 » January 14th, 2010, 5:56 pm

the kapersky scan is taking a long time to complete.
Milkman71
Regular Member
 
Posts: 24
Joined: December 30th, 2009, 10:21 pm

Re: Computer takes a LONG time to boot/printer driver messed up?

Unread postby jmw3 » January 14th, 2010, 9:08 pm

Hi

Yes it can at times... it's very thorough. If it looks like it is going to cause some problems, we'll try another one.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Computer takes a LONG time to boot/printer driver messed up?

Unread postby Milkman71 » January 14th, 2010, 10:20 pm

Hello again,
First of all thank you for the time you are spending to help me. I appreciate it.
The Kapersky scan so far has found 1 infected object. It says that it is 6% done and has run for 2 hours and 8 minutes. At that rate it looks like it will be done in 33 hours. I don't know whether to let it finish or skip to something else.
Milkman71
Regular Member
 
Posts: 24
Joined: December 30th, 2009, 10:21 pm

Re: Computer takes a LONG time to boot/printer driver messed up?

Unread postby jmw3 » January 15th, 2010, 1:30 am

Hi

First of all thank you for the time you are spending to help me. I appreciate it.
No problem at all :)

I have seen Kaspersky Online Scan logs that have taken up around 12 or so hours to complete. From your Attach.txt log:
C: is FIXED (NTFS) - 279 GiB total, 51.062 GiB free.
228 gig used. That is a ton of data to get through. Let it run a bit longer.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Computer takes a LONG time to boot/printer driver messed up?

Unread postby Milkman71 » January 15th, 2010, 11:01 pm

Today I found a not responding window for JAVA. It asked if I wanted to end task or cancel and see if the window responded. I clicked cancel and the scan is running again. It lists 94% scanned with a duration of 19:15.
Milkman71
Regular Member
 
Posts: 24
Joined: December 30th, 2009, 10:21 pm

Re: Computer takes a LONG time to boot/printer driver messed up?

Unread postby jmw3 » January 15th, 2010, 11:12 pm

Hi

That is getting on a bit. But is still scanning? Is that correct?

Looking over your logs again, you have seven drives with data. It has to scan all of those. That is the reason it is taking so long.

Your choice, (as there is only 6% to go) but you could try this one. It is quicker but in my opinion not as thorough:
ESET Online Scanner
Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Computer takes a LONG time to boot/printer driver messed up?

Unread postby Milkman71 » January 16th, 2010, 12:36 am

Here is the Kaspersky Scan

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, January 15, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, January 14, 2010 21:28:54
Records in database: 3313891
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
T:\

Scan statistics:
Objects scanned: 348480
Threats found: 8
Infected objects found: 23
Suspicious objects found: 5
Scan duration: 29:39:26


File name / Threat / Threats count
C:\Documents and Settings\Brian\My Documents\Downloads\S\System Updates\Modem\GTW V.92\9519160_xp_2k.exe Infected: Packed.Win32.Krap.ak 1
C:\UBCD4Win\BartPE\programs\Crossloop\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1
C:\UBCD4Win\BartPE\programs\Crossloop\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1
C:\UBCD4Win\BartPE\programs\mbrfix\MbrFix.exe Infected: not-a-virus:RiskTool.Win32.MBRFix.a 1
C:\UBCD4Win\BartPE\programs\ultravnc\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ac 1
C:\UBCD4Win\BartPE\programs\vncserver\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1
C:\UBCD4Win\BartPE\programs\vncserver\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1
C:\UBCD4Win\plugin\Disk\Partition\MbrFix\MbrFix.exe Infected: not-a-virus:RiskTool.Win32.MBRFix.a 1
C:\UBCD4Win\plugin\Network\CrossLoop\files\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1
C:\UBCD4Win\plugin\Network\CrossLoop\files\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1
C:\UBCD4Win\plugin\Network\ultravnc\files\sfx\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ac 1
C:\UBCD4Win\plugin\Network\ultravnc\files\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ac 1
C:\UBCD4Win\plugin\Network\VNCServer\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1
C:\UBCD4Win\plugin\Network\VNCServer\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1
C:\UBCD4Win2\plugin\Disk\Partition\MbrFix\MbrFix.exe Infected: not-a-virus:RiskTool.Win32.MBRFix.a 1
C:\UBCD4Win2\plugin\Network\CrossLoop\files\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1
C:\UBCD4Win2\plugin\Network\CrossLoop\files\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1
C:\UBCD4Win2\plugin\Network\ultravnc\files\sfx\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ac 1
C:\UBCD4Win2\plugin\Network\ultravnc\files\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ac 1
C:\UBCD4Win2\plugin\Network\VNCServer\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1
C:\UBCD4Win2\plugin\Network\VNCServer\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1
I:\2003\01\Outlook E-mail Archive\archive.pst Suspicious: Exploit.HTML.Iframe.FileDownload 1
I:\2003\09\DATA\Outlook Messages\20030925 backup.pst Suspicious: Exploit.HTML.Iframe.FileDownload 2
I:\2003\09\DATA\Outlook Messages\20030925 backup.pst Infected: Email-Worm.Win32.Klez.h 1
I:\2005\02\archive.pst Suspicious: Exploit.HTML.Iframe.FileDownload 2
I:\2005\02\archive.pst Infected: Email-Worm.Win32.Klez.h 1

Selected area has been scanned.
Some of the files listed are UBCD4WIN files to create a Universal Boot CD.
Milkman71
Regular Member
 
Posts: 24
Joined: December 30th, 2009, 10:21 pm

Re: Computer takes a LONG time to boot/printer driver messed up?

Unread postby jmw3 » January 16th, 2010, 5:35 am

Hi

View Hidden Files & Folders Windows XP
To view Hidden Files & Folders do the following:
Click Start
Open My Computer
Select the Tools menu and click Folder Options
Select the View Tab
Under the Hidden files and folders heading select Show hidden files and folders
Uncheck the Hide protected operating system files (recommended) option
Click Yes to confirm
Click OK

Upload Files for Scanning
Go to VirusTotal & upload the following File/s for scanning.
  • Copy & paste the following File & Path in the text box next to the Browse button
    Code: Select all
    C:\Documents and Settings\Brian\My Documents\Downloads\S\System Updates\Modem\GTW V.92\9519160_xp_2k.exe 
  • Click Send File
  • If confronted with two options, choose Reanalyse file now
  • Wait for scans to finish then copy & paste the results into your next reply.

You also have what appears to be infected emails. Unfortunately the Kaspersky scan does not tell us which emails are infected:
I:\2003\01\Outlook E-mail Archive\archive.pst Suspicious: Exploit.HTML.Iframe.FileDownload 1
I:\2003\09\DATA\Outlook Messages\20030925 backup.pst Suspicious: Exploit.HTML.Iframe.FileDownload 2
I:\2003\09\DATA\Outlook Messages\20030925 backup.pst Infected: Email-Worm.Win32.Klez.h 1
I:\2005\02\archive.pst Suspicious: Exploit.HTML.Iframe.FileDownload 2
I:\2005\02\archive.pst Infected: Email-Worm.Win32.Klez.h 1

Those .pst files appear to be quite old, judging by the dates. Maybe worth considering letting them go.

To post in next reply:
Results of VirusTotal scan
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Computer takes a LONG time to boot/printer driver messed up?

Unread postby Milkman71 » January 16th, 2010, 8:55 am

I deleted the old e-mail backup files. Could they have reinfected me if they were archive form?
Here are the results of the Virus Total Scan

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.01.16 -
AhnLab-V3 5.0.0.2 2010.01.16 -
AntiVir 7.9.1.142 2010.01.15 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.16 -
Avast 4.8.1351.0 2010.01.16 -
AVG 9.0.0.730 2010.01.16 -
BitDefender 7.2 2010.01.16 -
CAT-QuickHeal 10.00 2010.01.16 -
ClamAV 0.94.1 2010.01.16 -
Comodo 3603 2010.01.16 -
DrWeb 5.0.1.12222 2010.01.16 -
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7240 2010.01.15 -
F-Prot 4.5.1.85 2010.01.15 -
F-Secure 9.0.15370.0 2010.01.16 -
Fortinet 4.0.14.0 2010.01.16 -
GData 19 2010.01.16 -
Ikarus T3.1.1.80.0 2010.01.16 -
Jiangmin 13.0.900 2010.01.16 -
K7AntiVirus 7.10.948 2010.01.15 -
Kaspersky 7.0.0.125 2010.01.16 Packed.Win32.Krap.ak
McAfee 5862 2010.01.15 -
McAfee+Artemis 5862 2010.01.15 -
McAfee-GW-Edition 6.8.5 2010.01.16 -
Microsoft 1.5302 2010.01.16 -
NOD32 4777 2010.01.16 -
Norman 6.04.03 2010.01.16 -
nProtect 2009.1.8.0 2010.01.16 -
Panda 10.0.2.2 2010.01.15 -
PCTools 7.0.3.5 2010.01.16 -
Prevx 3.0 2010.01.16 -
Rising 22.30.05.03 2010.01.16 -
Sophos 4.49.0 2010.01.16 -
Sunbelt 3.2.1858.2 2010.01.16 -
Symantec 20091.2.0.41 2010.01.16 -
TheHacker 6.5.0.4.153 2010.01.16 -
TrendMicro 9.120.0.1004 2010.01.16 -
VBA32 3.12.12.1 2010.01.15 -
ViRobot 2010.1.16.2140 2010.01.16 -
VirusBuster 5.0.21.0 2010.01.15 -
Additional information
File size: 1261984 bytes
MD5...: d95a9971077b32d0b0a630e6ebc2cf7c
SHA1..: fa2ee8911e992e152cfa7981fb5d23c095bb8caa
SHA256: 22d7b618353e5fdeec311254088a9db5b60305e6b312ea52a0ed1dcb19aa408e
ssdeep: 24576:v/J0WXdAKIjkJYTqobKxVPsLX8aSKyL0N5CNLYfHw+yGtLimhShago4:HJ
0WtxIjkWtb3gaSKyL0N4J8HdyGpixR
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Milkman71
Regular Member
 
Posts: 24
Joined: December 30th, 2009, 10:21 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 300 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware