YM IE not working. DDS log pelase help.

**deadpool** · 2010-06-30, 06:46

Yahoo messenger and Internet Explorer not working.
Everythng else works fine, Firefox,MSN,AIM,mIRC. Just ran Malwarebytes and whe i started up i got a system32.exe error. This is what YM tells me. Please help.

Checking virtual IP servers...
[VIP Raw] Connecting to Virtual IP server 127.0.0.1...
[VIP Raw] Resolving host name 127.0.0.1... [PASSED]
[VIP Raw] Connecting to Virtual IP server 127.0.0.1...
[VIP Raw] Resolving host name 127.0.0.1... [PASSED]
[VIP Raw] Connecting to Virtual IP server 127.0.0.1...
[VIP Raw] Resolving host name 127.0.0.1... [PASSED]
[VIP Raw] Connecting to Virtual IP server 127.0.0.1...
[VIP Raw] Resolving host name 127.0.0.1... [PASSED]
[VIP Raw] FAILED
*** 'COMPONENT_TYPE_YCP' YCPError: 'YMSG.ColoSelectionFailed' ***

Checking HTTP virtual IP servers...
[VIP Http] Connecting to HTTP Virtual IP server 127.0.0.1...
[VIP Http] Resolving host name 127.0.0.1... [PASSED]
[VIP Http] Connecting to HTTP Virtual IP server 127.0.0.1...
[VIP Http] Resolving host name 127.0.0.1... [PASSED]
[VIP Http] Connecting to HTTP Virtual IP server 127.0.0.1...
[VIP Http] Resolving host name 127.0.0.1... [PASSED]
[VIP Http] Connecting to HTTP Virtual IP server 127.0.0.1...
[VIP Http] Resolving host name 127.0.0.1... [PASSED]
[VIP Http] FAILED
*** 'COMPONENT_TYPE_YCP' YCPError: 'YMSG.ColoSelectionFailed' ***

Also here is the DDS log. Thank you guys in advance

DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 0:41:10.44 on Wed 06/30/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.447 [GMT -4:00]

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
mWinlogon: Shell=Explorer.exe
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.0.2\dealioToolbarIE.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.0.2\dealioToolbarIE.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [AIM] c:\progra~1\aim\aim.exe -cnetwait.odl
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [BigDogPath] c:\windows\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
mASetup: {44BBA844-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection c:\windows\inf\CChat25.inf,PerUserAdd.NT
Hosts: 0.0.0.0 virusin
Hosts: 0.0.0.0 www.vir
Hosts: 0.0.0.0 project
Hosts: 0.0.0.0 www.pro
Hosts: 0.0.0.0 novirus

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\yhhem938.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2010-6-12 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2010-6-12 5248]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-6-30 486280]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528]
R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2003-10-23 76160]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2009-12-16 375296]

=============== Created Last 30 ================

2010-06-25 07:42:12 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-25 07:16:59 0 d-----w- c:\program files\THQ
2010-06-25 00:07:57 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-06-25 00:07:53 0 d-----w- c:\program files\McAfee Security Scan
2010-06-22 20:16:46 0 d-----w- c:\program files\Microsoft Chat
2010-06-21 08:42:40 0 d-----w- c:\documents and settings\user\screenshots
2010-06-21 08:42:40 0 d-----w- c:\documents and settings\user\saves
2010-06-21 08:42:40 0 d-----w- c:\documents and settings\user\cdimages
2010-06-21 08:42:40 0 d-----w- c:\documents and settings\user\cards
2010-06-21 05:33:12 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-06-21 05:33:11 0 d-----w- c:\program files\MagicDisc
2010-06-21 04:55:35 0 d-----w- c:\program files\Delta
2010-06-21 04:52:17 0 d-----w- c:\documents and settings\user\parapparappa
2010-06-21 04:08:29 0 d-----w- c:\program files\Pcsx2
2010-06-21 03:45:59 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2010-06-21 03:44:06 0 d--h--w- c:\windows\msdownld.tmp
2010-06-21 03:43:30 0 d-----w- c:\program files\PCSX2 0.9.7
2010-06-20 23:56:16 0 d-sh--w- c:\windows\indi64
2010-06-19 20:28:50 0 d-----w- c:\program files\uMusic
2010-06-16 09:47:24 195 ----a-w- c:\windows\yukon.ini
2010-06-16 09:38:43 24236 ----a-w- c:\windows\system\YUF_____.TTF
2010-06-16 09:38:43 1316 ----a-w- c:\windows\system\YUF_____.FOT
2010-06-16 09:38:43 0 d-----w- C:\MECC
2010-06-16 09:38:15 721 ----a-w- c:\windows\WIN.YKN
2010-06-16 09:38:15 721 ----a-w- c:\windows\WIN.EXM
2010-06-15 06:09:19 614 ----a-w- c:\windows\eReg.dat
2010-06-12 05:17:37 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-06-12 05:17:10 0 d-----w- c:\windows\RegisteredPackages
2010-06-12 04:58:02 5248 ----a-w- c:\windows\system32\drivers\d347prt.sys
2010-06-12 04:58:02 155136 ----a-w- c:\windows\system32\drivers\d347bus.sys
2010-06-12 04:58:00 0 d-----w- c:\program files\D-Tools
2010-06-12 04:57:13 0 d-----w- c:\windows\Downloaded Installations
2010-06-12 04:47:32 96384 ----a-w- c:\windows\system32\drivers\sptd8589.sys
2010-06-12 04:16:59 77312 ----a-w- c:\windows\MBR.exe
2010-06-12 04:16:58 98816 ----a-w- c:\windows\sed.exe
2010-06-12 04:16:58 256512 ----a-w- c:\windows\PEV.exe
2010-06-12 04:16:58 161792 ----a-w- c:\windows\SWREG.exe
2010-06-12 04:14:35 0 d-s---w- C:\ComboFix
2010-06-12 04:09:03 0 d-----w- c:\program files\Trend Micro
2010-06-08 02:40:43 0 d-----w- c:\windows\system32\Adobe
2010-06-07 19:29:02 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes
2010-06-07 19:27:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-07 19:27:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-07 19:27:42 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-07 19:27:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-04 09:00:51 0 d-----w- C:\dosprogs
2010-06-04 08:55:05 0 d-----w- c:\program files\DOSBox-0.74

==================== Find3M ====================

2010-06-25 07:51:52 11242 ----a-w- c:\windows\system32\nvModes.dat
2010-06-12 04:52:15 664064 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-02 08:55:30 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 08:55:30 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 08:55:30 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-26 15:41:02 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 15:41:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 15:41:02 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 15:41:02 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 15:41:02 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-25 23:19:30 13616 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-13 23:46:05 223128 ----a-w- c:\windows\system32\drivers\dtscsi.sys
2010-04-29 09:47:50 499712 ----a-w- c:\windows\system32\msvcp71.dll

============= FINISH: 0:43:37.59 ===============

**Blade81** · 2010-07-05, 08:38

Hi,

If you still need help with this post fresh dds logs (both dds.txt & attach.txt contents).

**deadpool** · 2010-07-07, 00:30

Originally Posted by Blade81

Hi,

If you still need help with this post fresh dds logs (both dds.txt & attach.txt contents).

Yes i still am having the same problem. Here are fresh logs. Thank you.

DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 18:25:37.35 on Tue 07/06/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.501 [GMT -4:00]

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
mWinlogon: Shell=Explorer.exe
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.0.2\dealioToolbarIE.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.0.2\dealioToolbarIE.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [AIM] c:\progra~1\aim\aim.exe -cnetwait.odl
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [BigDogPath] c:\windows\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
mASetup: {44BBA844-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection c:\windows\inf\CChat25.inf,PerUserAdd.NT
Hosts: 0.0.0.0 virusin
Hosts: 0.0.0.0 www.vir
Hosts: 0.0.0.0 project
Hosts: 0.0.0.0 www.pro
Hosts: 0.0.0.0 novirus

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\yhhem938.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2010-6-12 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2010-6-12 5248]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-6-30 486280]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528]
R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2003-10-23 76160]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2009-12-16 375296]

=============== Created Last 30 ================

2010-07-02 19:57:47 0 d--h--w- c:\windows\PIF
2010-06-25 07:42:12 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-25 00:07:57 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-06-25 00:07:53 0 d-----w- c:\program files\McAfee Security Scan
2010-06-22 20:16:46 0 d-----w- c:\program files\Microsoft Chat
2010-06-21 08:42:40 0 d-----w- c:\documents and settings\user\screenshots
2010-06-21 08:42:40 0 d-----w- c:\documents and settings\user\saves
2010-06-21 08:42:40 0 d-----w- c:\documents and settings\user\cdimages
2010-06-21 08:42:40 0 d-----w- c:\documents and settings\user\cards
2010-06-21 05:33:12 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-06-21 05:33:11 0 d-----w- c:\program files\MagicDisc
2010-06-21 04:55:35 0 d-----w- c:\program files\Delta
2010-06-21 04:52:17 0 d-----w- c:\documents and settings\user\parapparappa
2010-06-21 04:08:29 0 d-----w- c:\program files\Pcsx2
2010-06-21 03:45:59 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2010-06-21 03:44:06 0 d--h--w- c:\windows\msdownld.tmp
2010-06-21 03:43:30 0 d-----w- c:\program files\PCSX2 0.9.7
2010-06-20 23:56:16 0 d-sh--w- c:\windows\indi64
2010-06-19 20:28:50 0 d-----w- c:\program files\uMusic
2010-06-16 09:47:24 195 ----a-w- c:\windows\yukon.ini
2010-06-16 09:38:43 24236 ----a-w- c:\windows\system\YUF_____.TTF
2010-06-16 09:38:43 1316 ----a-w- c:\windows\system\YUF_____.FOT
2010-06-16 09:38:43 0 d-----w- C:\MECC
2010-06-16 09:38:15 721 ----a-w- c:\windows\WIN.YKN
2010-06-16 09:38:15 721 ----a-w- c:\windows\WIN.EXM
2010-06-15 06:09:19 614 ----a-w- c:\windows\eReg.dat
2010-06-12 05:17:37 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-06-12 05:17:10 0 d-----w- c:\windows\RegisteredPackages
2010-06-12 04:58:02 5248 ----a-w- c:\windows\system32\drivers\d347prt.sys
2010-06-12 04:58:02 155136 ----a-w- c:\windows\system32\drivers\d347bus.sys
2010-06-12 04:58:00 0 d-----w- c:\program files\D-Tools
2010-06-12 04:57:13 0 d-----w- c:\windows\Downloaded Installations
2010-06-12 04:47:32 96384 ----a-w- c:\windows\system32\drivers\sptd8589.sys
2010-06-12 04:16:59 77312 ----a-w- c:\windows\MBR.exe
2010-06-12 04:16:58 98816 ----a-w- c:\windows\sed.exe
2010-06-12 04:16:58 256512 ----a-w- c:\windows\PEV.exe
2010-06-12 04:16:58 161792 ----a-w- c:\windows\SWREG.exe
2010-06-12 04:14:35 0 d-s---w- C:\ComboFix
2010-06-12 04:09:03 0 d-----w- c:\program files\Trend Micro
2010-06-08 02:40:43 0 d-----w- c:\windows\system32\Adobe
2010-06-07 19:29:02 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes
2010-06-07 19:27:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-07 19:27:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-07 19:27:42 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-07 19:27:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2010-06-25 07:51:52 11242 ----a-w- c:\windows\system32\nvModes.dat
2010-06-12 04:52:15 664064 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-02 08:55:30 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 08:55:30 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 08:55:30 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-26 15:41:02 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 15:41:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 15:41:02 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 15:41:02 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 15:41:02 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-25 23:19:30 13616 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-13 23:46:05 223128 ----a-w- c:\windows\system32\drivers\dtscsi.sys
2010-04-29 09:47:50 499712 ----a-w- c:\windows\system32\msvcp71.dll

============= FINISH: 18:28:42.03 ===============

Attach file.

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/30/2005 5:35:15 AM
System Uptime: 7/6/2010 6:06:25 PM (0 hours ago)

Motherboard: Dell Computer Corporation | |
Processor: Intel(R) Pentium(R) M processor 1700MHz | Microprocessor | 1698/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 2.6 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Network Controller
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00011028&REV_02\4&39A85202&0&18F0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00011028&REV_02\4&39A85202&0&18F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_542214F1&REV_01\3&61AAA01&0&FE
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_542214F1&REV_01\3&61AAA01&0&FE
Service:

==== System Restore Points ===================

RP44: 7/2/2010 4:01:50 PM - Removed GTA San Andreas

==== Hosts File Hijack ======================

Hosts: 0.0.0.0 virusin
Hosts: 0.0.0.0 www.vir
Hosts: 0.0.0.0 project
Hosts: 0.0.0.0 www.pro
Hosts: 0.0.0.0 novirus
Hosts: 0.0.0.0 www.nov
Hosts: 0.0.0.0 www.ant
Hosts: 0.0.0.0 zeustra
Hosts: 0.0.0.0 www.zeu
Hosts: 0.0.0.0 www.mal
Hosts: 0.0.0.0 www3.ma
Hosts: 0.0.0.0 forum.m
Hosts: 0.0.0.0 www.thr
Hosts: 0.0.0.0 threate
Hosts: 0.0.0.0 www.av-
Hosts: 0.0.0.0 av-comp
Hosts: 0.0.0.0 av-test
Hosts: 0.0.0.0 www.av-
Hosts: 0.0.0.0 www.sca
Hosts: 0.0.0.0 www.vir
Hosts: 0.0.0.0 adwarer
Hosts: 0.0.0.0 www.adw
Hosts: 0.0.0.0 malware
Hosts: 0.0.0.0 www.mal
Hosts: 0.0.0.0 spyware
Hosts: 0.0.0.0 www.spy
Hosts: 0.0.0.0 avsoft.
Hosts: 0.0.0.0 www.avs
Hosts: 0.0.0.0 onecare
Hosts: 0.0.0.0 anubis.
Hosts: 0.0.0.0 wepawet
Hosts: 0.0.0.0 iseclab
Hosts: 0.0.0.0 www.ise
Hosts: 0.0.0.0 www.fre
Hosts: 0.0.0.0 freespa
Hosts: 0.0.0.0 sunbelt
Hosts: 0.0.0.0 www.sun
Hosts: 0.0.0.0 www.pre
Hosts: 0.0.0.0 prevx.c
Hosts: 0.0.0.0 analysi
Hosts: 0.0.0.0 www.joe
Hosts: 0.0.0.0 joebox.
Hosts: 0.0.0.0 gmer.ne
Hosts: 0.0.0.0 www.gme
Hosts: 0.0.0.0 antiroo
Hosts: 0.0.0.0 www.ant
Hosts: 0.0.0.0 sectool
Hosts: 0.0.0.0 www.san
Hosts: 0.0.0.0 sandbox
Hosts: 0.0.0.0 mwcolle
Hosts: 0.0.0.0 www.amt
Hosts: 0.0.0.0 amtso.o
Hosts: 0.0.0.0 www.che
Hosts: 0.0.0.0 checkvi
Hosts: 0.0.0.0 www.che
Hosts: 0.0.0.0 check-m
Hosts: 0.0.0.0 www.ant
Hosts: 0.0.0.0 anti-ma
Hosts: 0.0.0.0 www.av-
Hosts: 0.0.0.0 www.wil
Hosts: 0.0.0.0 wildlis
Hosts: 0.0.0.0 www.aav
Hosts: 0.0.0.0 central
Hosts: 0.0.0.0 www.sta
Hosts: 0.0.0.0 staysaf
Hosts: 0.0.0.0 www.sup
Hosts: 0.0.0.0 superan
Hosts: 0.0.0.0 www.kas
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 www.kas
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 www.avp
Hosts: 0.0.0.0 avp.ru

==== Installed Programs ======================

µTorrent
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Adobe Shockwave Player 11.5
AMCap
AMIP (remove only)
AOL Instant Messenger
Broadcom Gigabit Integrated Controller
C-Major Audio
CardBus
D-i-v-X AVI Codec Pack Pro 2.4.0
DAEMON Tools
Dealio Toolbar v4.0.2
HiJackThis
Hotfix for Windows XP (KB954708)
Java Auto Updater
Java(TM) 6 Update 18
Junk Mail filter update
Lernout & Hauspie TruVoice American English TTS Engine
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Chat 2.5
Microsoft Choice Guard
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Journal Viewer
mIRC
Mozilla Firefox (3.5.10)
MSVCRT
NVIDIA Drivers
PCI 7510 CardBus Controller with SmartCard and Software
PCSX2 - Playstation 2 Emulator
Pcsx2 0.9.6
Project64 1.6
Search Settings v1.2.3
Segoe UI
Skype Toolbars
Skype™ 4.2
Speakonia
Steam
System Requirements Lab
TreeSize Free V2.4
uMusic
VC 9.0 Runtime
VideoLAN VLC media player 0.8.6f
Viewpoint Media Player
Vimicro USB PC Camera (ZC0301PL)
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
VoipBuster
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
Yahoo! Messenger
ZoneAlarm
ZoneAlarm Toolbar

==== Event Viewer Messages From Past Week ========

7/5/2010 12:17:36 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
7/3/2010 1:09:15 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file imapi.sys. This file was restored to the original version to maintain system stability. The file version of the bad file is 0.0.0.1, the version of the system file is 5.1.2600.5512.
7/2/2010 3:55:39 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
7/1/2010 8:23:57 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:.
7/1/2010 8:23:22 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
7/1/2010 4:36:20 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
7/1/2010 4:36:20 PM, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/1/2010 4:35:47 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/1/2010 4:35:47 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
7/1/2010 12:39:09 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
7/1/2010 12:39:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
7/1/2010 12:39:08 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/29/2010 11:23:39 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service YahooAUService with arguments "" in order to run the server: {90AFF435-B544-4F94-A0C2-CC020EACA4E3}
6/29/2010 11:16:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
6/29/2010 11:15:15 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
6/29/2010 11:14:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/29/2010 11:01:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/29/2010 11:00:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vsdatant
6/29/2010 11:00:39 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2010 11:00:39 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2010 11:00:39 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2010 11:00:39 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2010 11:00:39 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2010 10:59:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/29/2010 10:57:24 PM, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: Access is denied.

==== End Of File ===========================

**Blade81** · 2010-07-07, 08:46

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent

I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Uninstall ZoneAlarm Toolbar if not installed on purpose.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

**deadpool** · 2010-07-12, 07:11

ComboFix 10-07-11.03 - User 07/12/2010 0:44:10.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.776 [GMT -4:00]
Running from: C:\Documents and Settings\User\My Documents\Downloads\ComboFix.exe
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\User\Application Data\Dealio
C:\Documents and Settings\User\Application Data\Dealio\res\widgets.xml
C:\Documents and Settings\User\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
C:\Documents and Settings\User\Local Settings\Application Data\ctsknabsf
C:\Documents and Settings\User\Local Settings\Application Data\ctsknabsf\mxufkmqtssd.exe
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\750.tmp
C:\install.exe
C:\Program Files\Dealio Toolbar
C:\Program Files\Dealio Toolbar\FF\chrome.manifest
C:\Program Files\Dealio Toolbar\FF\chrome\content\chevron.js
C:\Program Files\Dealio Toolbar\FF\chrome\content\chevron.xul
C:\Program Files\Dealio Toolbar\FF\chrome\content\login.js
C:\Program Files\Dealio Toolbar\FF\chrome\content\login.xul
C:\Program Files\Dealio Toolbar\FF\chrome\content\parser.js
C:\Program Files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
C:\Program Files\Dealio Toolbar\FF\chrome\content\searchbox.js
C:\Program Files\Dealio Toolbar\FF\chrome\content\searchbox.xul
C:\Program Files\Dealio Toolbar\FF\chrome\content\widgichevron.js
C:\Program Files\Dealio Toolbar\FF\chrome\content\widgicomm.js
C:\Program Files\Dealio Toolbar\FF\chrome\content\widgihandling.js
C:\Program Files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
C:\Program Files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
C:\Program Files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
C:\Program Files\Dealio Toolbar\FF\chrome\content\widgiui.js
C:\Program Files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
C:\Program Files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
C:\Program Files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
C:\Program Files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\amazon.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\apple.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\barnes.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\chevron.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\ebay.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\macys.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\newegg.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\overstock.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\search-button.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\searchbox.css
C:\Program Files\Dealio Toolbar\FF\chrome\skin\separator.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\target.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\walmart.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
C:\Program Files\Dealio Toolbar\FF\components\config.ini
C:\Program Files\Dealio Toolbar\FF\components\dealioToolbarFF.dll
C:\Program Files\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt
C:\Program Files\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt
C:\Program Files\Dealio Toolbar\FF\install.rdf
C:\Program Files\Dealio Toolbar\IE\4.0.2\config.ini
C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
C:\Program Files\Dealio Toolbar\Res\amazon.gif
C:\Program Files\Dealio Toolbar\Res\apple.gif
C:\Program Files\Dealio Toolbar\Res\barnes.gif
C:\Program Files\Dealio Toolbar\Res\bestbuy.gif
C:\Program Files\Dealio Toolbar\Res\dealio_logo.gif
C:\Program Files\Dealio Toolbar\Res\dealio_logo_hover.gif
C:\Program Files\Dealio Toolbar\Res\ebay.gif
C:\Program Files\Dealio Toolbar\Res\icon_settings.gif
C:\Program Files\Dealio Toolbar\Res\macys.gif
C:\Program Files\Dealio Toolbar\Res\newegg.gif
C:\Program Files\Dealio Toolbar\Res\overstock.gif
C:\Program Files\Dealio Toolbar\Res\search-button-hover.gif
C:\Program Files\Dealio Toolbar\Res\search-button.gif
C:\Program Files\Dealio Toolbar\Res\search-chevron-hover.gif
C:\Program Files\Dealio Toolbar\Res\search-chevron.gif
C:\Program Files\Dealio Toolbar\Res\search_amazon.gif
C:\Program Files\Dealio Toolbar\Res\search_dealio.gif
C:\Program Files\Dealio Toolbar\Res\search_ebay.gif
C:\Program Files\Dealio Toolbar\Res\search_yahoo.gif
C:\Program Files\Dealio Toolbar\Res\target.gif
C:\Program Files\Dealio Toolbar\Res\walmart.gif
C:\Program Files\Dealio Toolbar\Res\widgets.xml
C:\Program Files\Dealio Toolbar\WidgiHelper.exe
C:\Program Files\Search Settings
C:\Program Files\Search Settings\FF\chrome.manifest
C:\Program Files\Search Settings\FF\chrome\content\plugin.js
C:\Program Files\Search Settings\FF\chrome\content\plugin.xul
C:\Program Files\Search Settings\FF\chrome\content\protection.js
C:\Program Files\Search Settings\FF\chrome\content\utils.js
C:\Program Files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
C:\Program Files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
C:\Program Files\Search Settings\FF\components\IFBHOSearch.xpt
C:\Program Files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
C:\Program Files\Search Settings\FF\components\IFHelperPreferences.xpt
C:\Program Files\Search Settings\FF\components\SearchSettingsFF.dll
C:\Program Files\Search Settings\FF\install.rdf
C:\Program Files\Search Settings\SearchSettings.dll
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\SearchSettingsRes409.dll
C:\WINDOWS\daemon.dll
C:\WINDOWS\system32\SHELLLNK.TLB

Infected copy of C:\WINDOWS\system32\DRIVERS\imapi.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-06-12 to 2010-07-12 )))))))))))))))))))))))))))))))
.

2010-07-12 04:34:58 . 2008-04-14 04:11:00 42112 -c--a-w- C:\WINDOWS\system32\dllcache\imapi.sys
2010-07-12 04:34:58 . 2008-04-14 04:11:00 42112 ----a-w- C:\WINDOWS\system32\drivers\imapi.sys
2010-07-08 23:14:28 . 2010-07-08 23:14:28 552 ----a-w- C:\WINDOWS\system32\d3d8caps.dat
2010-07-08 23:14:16 . 2010-07-08 23:14:17 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-07 07:16:39 . 2010-07-07 07:16:39 -------- d-----w- C:\Documents and Settings\User\Application Data\MiK
2010-07-07 07:16:13 . 2010-07-07 07:16:13 -------- d-----w- C:\Documents and Settings\All Users\Application Data\MiK
2010-07-07 07:16:08 . 2010-07-07 07:19:15 -------- d-----w- C:\Program Files\ExifPro
2010-07-07 07:11:06 . 2010-07-07 07:11:07 -------- d-----w- C:\Program Files\PixFiler
2010-07-07 07:03:33 . 2010-07-07 07:03:33 -------- d-----w- C:\Program Files\Element-IT Software
2010-07-02 19:57:47 . 2010-07-02 19:57:47 -------- d--h--w- C:\WINDOWS\PIF
2010-06-28 05:41:33 . 2010-06-28 05:41:33 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\McAfee
2010-06-25 07:42:12 . 2010-06-25 07:42:12 108144 ----a-w- C:\WINDOWS\system32\CmdLineExt.dll
2010-06-25 00:07:57 . 2010-06-25 00:07:57 -------- d-----w- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2010-06-25 00:07:56 . 2010-06-25 00:07:56 -------- d-----w- C:\Documents and Settings\All Users\Application Data\McAfee
2010-06-25 00:07:53 . 2010-06-28 05:41:09 -------- d-----w- C:\Program Files\McAfee Security Scan
2010-06-24 20:06:03 . 2010-06-24 23:57:08 -------- d-----w- C:\Documents and Settings\User\Local Settings\Application Data\Temp
2010-06-24 20:05:51 . 2010-06-25 00:11:03 -------- d-----w- C:\Documents and Settings\User\Local Settings\Application Data\Google
2010-06-24 06:37:59 . 2010-06-24 06:37:59 -------- d-----w- C:\Documents and Settings\User\Application Data\dvdcss
2010-06-23 13:56:59 . 2010-06-23 13:57:09 -------- d-----w- C:\Documents and Settings\User\Local Settings\Application Data\Deployment
2010-06-22 20:16:46 . 2010-06-24 20:28:41 -------- d-----w- C:\Program Files\Microsoft Chat
2010-06-21 08:42:40 . 2010-06-21 08:42:40 -------- d-----w- C:\Documents and Settings\User\screenshots
2010-06-21 08:42:40 . 2010-06-21 08:42:40 -------- d-----w- C:\Documents and Settings\User\saves
2010-06-21 08:42:40 . 2010-06-21 08:42:40 -------- d-----w- C:\Documents and Settings\User\cdimages
2010-06-21 08:42:40 . 2010-06-21 08:42:40 -------- d-----w- C:\Documents and Settings\User\cards
2010-06-21 05:33:12 . 2009-02-24 22:42:14 116736 ----a-w- C:\WINDOWS\system32\drivers\mcdbus.sys
2010-06-21 05:33:11 . 2010-06-21 05:33:22 -------- d-----w- C:\Program Files\MagicDisc
2010-06-21 04:55:35 . 2010-06-21 05:29:50 -------- d-----w- C:\Program Files\Delta
2010-06-21 04:52:17 . 2010-06-21 08:23:31 -------- d-----w- C:\Documents and Settings\User\parapparappa
2010-06-21 04:08:29 . 2010-06-21 04:08:29 -------- d-----w- C:\Program Files\Pcsx2
2010-06-21 03:51:27 . 2010-06-21 04:05:27 -------- d-----w- C:\Documents and Settings\User\Local Settings\Application Data\pcsx2
2010-06-21 03:45:59 . 2008-05-30 18:18:52 238088 ----a-w- C:\WINDOWS\system32\xactengine3_1.dll
2010-06-21 03:44:06 . 2010-06-21 04:22:36 -------- d--h--w- C:\WINDOWS\msdownld.tmp
2010-06-21 03:43:30 . 2010-06-21 04:22:47 -------- d-----w- C:\Program Files\PCSX2 0.9.7
2010-06-20 23:56:16 . 2010-06-30 02:51:11 -------- d-sh--w- C:\WINDOWS\indi64
2010-06-19 20:28:50 . 2010-06-19 20:28:51 -------- d-----w- C:\Program Files\uMusic
2010-06-16 09:38:43 . 2010-06-16 09:38:43 -------- d-----w- C:\MECC
2010-06-15 06:09:19 . 2010-06-15 06:09:19 614 ----a-w- C:\WINDOWS\eReg.dat
2010-06-12 05:17:37 . 2005-05-26 19:34:52 2297552 ----a-w- C:\WINDOWS\system32\d3dx9_26.dll
2010-06-12 05:16:34 . 2004-07-09 08:26:40 354816 -c--a-w- C:\WINDOWS\system32\dllcache\psisdecd.dll
2010-06-12 05:16:34 . 2004-07-09 08:26:40 354816 ----a-w- C:\WINDOWS\system32\psisdecd.dll
2010-06-12 05:16:34 . 2004-07-09 08:26:38 52096 -c--a-w- C:\WINDOWS\system32\dllcache\msdv.sys
2010-06-12 05:16:34 . 2004-07-09 08:26:38 52096 ----a-w- C:\WINDOWS\system32\drivers\msdv.sys
2010-06-12 05:16:34 . 2004-07-09 08:26:38 15104 -c--a-w- C:\WINDOWS\system32\dllcache\mpe.sys
2010-06-12 05:16:34 . 2004-07-09 08:26:38 15104 ----a-w- C:\WINDOWS\system32\drivers\mpe.sys
2010-06-12 05:16:34 . 2004-07-09 08:26:38 11392 -c--a-w- C:\WINDOWS\system32\dllcache\bdasup.sys
2010-06-12 05:16:34 . 2004-07-09 08:26:38 11392 ----a-w- C:\WINDOWS\system32\drivers\bdasup.sys
2010-06-12 05:16:30 . 2002-12-12 04:14:32 46592 ----a-w- C:\WINDOWS\system32\dxdllreg.exe
2010-06-12 05:16:29 . 2002-08-29 07:41:00 31744 -c--a-w- C:\WINDOWS\system32\dllcache\pid.dll
2010-06-12 04:58:02 . 2004-08-22 20:31:48 5248 ----a-w- C:\WINDOWS\system32\drivers\d347prt.sys
2010-06-12 04:58:02 . 2004-08-22 20:31:10 155136 ----a-w- C:\WINDOWS\system32\drivers\d347bus.sys
2010-06-12 04:58:00 . 2010-06-12 04:58:01 -------- d-----w- C:\Program Files\D-Tools
2010-06-12 04:57:13 . 2010-06-12 04:57:13 -------- d-----w- C:\WINDOWS\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-12 04:35:27 . 2010-03-06 02:07:16 -------- d-----w- C:\Documents and Settings\User\Application Data\mIRC
2010-07-12 04:32:06 . 2010-03-06 02:07:16 -------- d-----w- C:\Program Files\mIRC
2010-07-12 04:23:41 . 2010-03-06 19:01:20 2805969 ----a-w- C:\WINDOWS\Internet Logs\tvDebug.Zip
2010-07-12 04:21:49 . 2010-05-01 02:09:20 -------- d-----w- C:\Documents and Settings\User\Application Data\uTorrent
2010-07-11 01:49:03 . 2010-04-12 03:47:23 664 ----a-w- C:\WINDOWS\system32\d3d9caps.dat
2010-07-07 07:05:08 . 2010-07-07 07:05:08 318 ----a-r- C:\Documents and Settings\User\Application Data\Microsoft\Installer\{CDE1D6E5-758F-48AC-9ED6-4A094172D5DD}\_69525f90.exe
2010-07-07 07:05:08 . 2010-07-07 07:05:08 1406 ----a-r- C:\Documents and Settings\User\Application Data\Microsoft\Installer\{CDE1D6E5-758F-48AC-9ED6-4A094172D5DD}\_294823.exe
2010-07-07 07:05:08 . 2010-07-07 07:05:08 1406 ----a-r- C:\Documents and Settings\User\Application Data\Microsoft\Installer\{CDE1D6E5-758F-48AC-9ED6-4A094172D5DD}\_18be6784.exe
2010-07-07 07:05:08 . 2010-07-07 07:05:08 1150 ----a-r- C:\Documents and Settings\User\Application Data\Microsoft\Installer\{CDE1D6E5-758F-48AC-9ED6-4A094172D5DD}\_4ae13d6c.exe
2010-07-07 07:05:08 . 2010-07-07 07:05:08 1078 ----a-r- C:\Documents and Settings\User\Application Data\Microsoft\Installer\{CDE1D6E5-758F-48AC-9ED6-4A094172D5DD}\_2cd672ae.exe
2010-07-02 20:01:57 . 2005-06-30 10:19:48 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-07-01 04:37:40 . 2010-04-02 08:32:15 -------- d-----w- C:\Program Files\Yahoo!
2010-06-30 03:31:29 . 2010-04-02 08:33:53 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Yahoo!
2010-06-30 02:51:35 . 2010-05-21 03:56:07 -------- d-----w- C:\Program Files\Steam
2010-06-28 16:40:58 . 2010-06-28 16:42:09 1757696 ----a-w- C:\WINDOWS\Internet Logs\xDB3.tmp
2010-06-25 07:51:52 . 2005-06-30 10:18:06 11242 ----a-w- C:\WINDOWS\system32\nvModes.dat
2010-06-25 00:07:50 . 2005-06-30 11:36:11 -------- d-----w- C:\Documents and Settings\All Users\Application Data\NOS
2010-06-24 20:26:26 . 2010-04-04 03:59:48 -------- d-----w- C:\Documents and Settings\User\Application Data\Skype
2010-06-24 20:09:03 . 2010-04-04 04:02:15 -------- d-----w- C:\Documents and Settings\User\Application Data\skypePM
2010-06-24 20:00:37 . 2010-05-22 08:32:49 -------- d-----w- C:\Program Files\iCall
2010-06-16 09:50:35 . 2010-06-04 08:55:05 -------- d-----w- C:\Program Files\DOSBox-0.74
2010-06-14 06:44:55 . 2005-06-30 11:31:43 13304 ----a-w- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-12 04:52:15 . 2010-06-12 04:47:32 96384 ----a-w- C:\WINDOWS\system32\drivers\sptd8589.sys
2010-06-12 04:52:15 . 2010-05-13 23:11:32 664064 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys
2010-06-12 04:09:05 . 2010-06-12 04:09:05 388096 ----a-r- C:\Documents and Settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-12 04:09:03 . 2010-06-12 04:09:03 -------- d-----w- C:\Program Files\Trend Micro
2010-06-07 19:29:02 . 2010-06-07 19:29:02 -------- d-----w- C:\Documents and Settings\User\Application Data\Malwarebytes
2010-06-07 19:27:50 . 2010-06-07 19:27:42 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-07 19:27:42 . 2010-06-07 19:27:42 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-06-02 08:55:30 . 2010-06-21 03:46:19 74072 ----a-w- C:\WINDOWS\system32\XAPOFX1_5.dll
2010-06-02 08:55:30 . 2010-06-21 03:46:19 527192 ----a-w- C:\WINDOWS\system32\XAudio2_7.dll
2010-06-02 08:55:30 . 2010-06-21 03:46:18 239960 ----a-w- C:\WINDOWS\system32\xactengine3_7.dll
2010-05-26 15:41:02 . 2010-06-21 03:46:17 2106216 ----a-w- C:\WINDOWS\system32\D3DCompiler_43.dll
2010-05-26 15:41:02 . 2010-06-21 03:46:17 1868128 ----a-w- C:\WINDOWS\system32\d3dcsx_43.dll
2010-05-26 15:41:02 . 2010-06-21 03:46:16 470880 ----a-w- C:\WINDOWS\system32\d3dx10_43.dll
2010-05-26 15:41:02 . 2010-06-21 03:46:16 248672 ----a-w- C:\WINDOWS\system32\d3dx11_43.dll
2010-05-26 15:41:02 . 2010-06-21 03:46:16 1998168 ----a-w- C:\WINDOWS\system32\D3DX9_43.dll
2010-05-25 23:19:30 . 2010-03-24 10:00:01 13616 ---ha-w- C:\WINDOWS\system32\mlfcache.dat
2010-05-25 03:03:07 . 2010-05-25 03:03:07 -------- d-----w- C:\Program Files\Rockstar Games
2010-05-23 00:44:09 . 2010-05-23 00:44:04 -------- d-----w- C:\Documents and Settings\User\Application Data\SystemRequirementsLab
2010-05-23 00:44:08 . 2010-05-23 00:44:07 -------- d-----w- C:\Program Files\SystemRequirementsLab
2010-05-23 00:44:04 . 2010-05-23 00:44:04 290816 ----a-w- C:\Documents and Settings\User\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-05-23 00:44:04 . 2010-05-23 00:44:04 290816 ----a-w- C:\Documents and Settings\User\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-05-23 00:44:04 . 2010-05-23 00:44:04 290816 ----a-w- C:\Documents and Settings\User\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-05-23 00:44:04 . 2010-05-23 00:44:04 290816 ----a-w- C:\Documents and Settings\User\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-05-22 08:28:11 . 2010-05-22 08:25:58 -------- d-----w- C:\Documents and Settings\User\Application Data\VoipBuster
2010-05-22 08:24:57 . 2010-05-22 08:24:57 -------- d-----w- C:\Program Files\VoipBuster.com
2010-05-21 08:16:18 . 2010-05-21 08:15:52 -------- d-----w- C:\Documents and Settings\User\Application Data\Media Player Classic
2010-05-21 07:48:44 . 2010-05-21 07:48:44 -------- d-----w- C:\Documents and Settings\User\Application Data\vlc
2010-05-21 07:41:41 . 2010-05-21 07:41:41 -------- d-----w- C:\Program Files\VideoLAN
2010-05-21 07:40:40 . 2010-05-21 07:40:40 -------- d-----w- C:\Program Files\Atrinsic
2010-05-20 06:40:42 . 2010-05-20 06:39:59 -------- d-----w- C:\Program Files\Project64 1.6
2010-05-20 06:40:01 . 2010-05-20 06:40:01 8854 ----a-r- C:\Documents and Settings\User\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2010-05-20 06:40:01 . 2010-05-20 06:40:01 40960 ----a-r- C:\Documents and Settings\User\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2010-05-20 06:40:01 . 2010-05-20 06:40:01 40960 ----a-r- C:\Documents and Settings\User\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2010-05-16 05:19:29 . 2010-05-16 05:19:29 -------- d-----w- C:\Program Files\Noel Danjou
2010-05-16 00:55:26 . 2010-05-16 00:55:26 -------- d-----w- C:\Program Files\Eidos Interactive
2010-05-13 23:52:17 . 2010-05-13 23:52:17 -------- d-----w- C:\Program Files\Bethesda Softworks
2010-05-13 23:51:54 . 2005-06-30 10:15:55 -------- d-----w- C:\Program Files\Common Files\InstallShield
2010-05-13 23:46:06 . 2010-05-13 23:46:05 -------- d-----w- C:\Program Files\DAEMON Tools
2010-05-13 23:46:05 . 2010-05-13 23:46:05 223128 ----a-w- C:\WINDOWS\system32\drivers\dtscsi.sys
2010-05-13 23:30:41 . 2010-05-13 23:31:45 1700864 ----a-w- C:\WINDOWS\Internet Logs\xDB2.tmp
2010-05-13 23:30:41 . 2010-05-13 23:31:43 2683392 ----a-w- C:\WINDOWS\Internet Logs\xDB1.tmp
2010-05-13 23:10:16 . 2010-05-13 23:09:58 -------- d-----w- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2010-05-13 23:10:08 . 2010-05-13 23:10:08 -------- d-----w- C:\Documents and Settings\User\Application Data\DAEMON Tools Lite
2010-05-13 22:29:33 . 2010-05-13 22:29:33 -------- d-----w- C:\Documents and Settings\User\Application Data\JAM Software
2010-05-13 22:29:22 . 2010-05-13 22:29:22 -------- d-----w- C:\Program Files\JAM Software
2010-04-29 19:39:38 . 2010-06-07 19:27:44 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 . 2010-06-07 19:27:42 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-04-29 09:47:50 . 2010-04-29 09:47:50 499712 ----a-w- C:\WINDOWS\system32\msvcp71.dll
2010-04-20 20:45:20 . 2010-06-30 03:31:15 607472 ----a-w- C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 20:44:34 3883856]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2004-12-08 22:50:04 67160]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 14:17:48 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 22:42:50 1037192]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2005-02-28 21:53:04 53248]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-26 19:01:00 4632576]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-11-08 22:00:38 128920 ----a-w- C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 21:05:02 81920 ----a-w- C:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-10-26 19:01:00 4632576 ----a-w- C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2004-10-26 16:01:00 921600 ----a-w- C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-21 03:56:49 1238352 ----a-w- C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uachgtnctuunqj]
2010-06-08 08:13:44 370432 ----a-w- c:\Documents and Settings\User\Local Settings\Application Data\lpupdgt\rgbbobc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"Application Updater"=2 (0x2)
"IDriverT"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"C:\\Documents and Settings\\User\\My Documents\\Downloads\\utorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\AIM\\aim.exe"=

R0 d347bus;d347bus;C:\WINDOWS\system32\drivers\d347bus.sys [6/12/2010 12:58:02 AM 155136]
R0 d347prt;d347prt;C:\WINDOWS\system32\drivers\d347prt.sys [6/12/2010 12:58:02 AM 5248]
R2 RPCQT;Remote Procedure Call (CQTPM);C:\WINDOWS\System32\svchost.exe -k netsvcs [4/14/2008 1:42:38 AM 14336]
R3 GTICARD;GTICARD;C:\WINDOWS\system32\drivers\gticard.sys [10/23/2003 8:04:00 PM 76160]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49:20 AM 227232]
S4 Application Updater;Application Updater;C:\Program Files\Application Updater\ApplicationUpdater.exe [12/16/2009 6:38:20 PM 375296]
S4 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [5/13/2010 7:11:32 PM 664064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
RPCQT

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 05:41:50 99840 ----a-w- C:\WINDOWS\system32\advpack.dll
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yhhem938.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\WINDOWS\system32\C2MP\npdivx32.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - trueC:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
MSConfigStartUp-Adobe ARM - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-iCall Internet Phone - C:\Program Files\iCall\iCall.exe
MSConfigStartUp-ISW - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
MSConfigStartUp-mxwmptav - C:\Documents and Settings\User\Local Settings\Application Data\ymksuqffc\sxftfyetssd.exe
MSConfigStartUp-SearchSettings - C:\Program Files\Search Settings\SearchSettings.exe
MSConfigStartUp-uxaskdww - C:\Documents and Settings\User\Local Settings\Application Data\ctsknabsf\mxufkmqtssd.exe

DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 1:10:02.72 on Mon 07/12/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.544 [GMT -4:00]

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.0.2\dealioToolbarIE.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.0.2\dealioToolbarIE.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [AIM] c:\progra~1\aim\aim.exe -cnetwait.odl
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [BigDogPath] c:\windows\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
mASetup: {44BBA844-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection c:\windows\inf\CChat25.inf,PerUserAdd.NT

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\yhhem938.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2010-6-12 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2010-6-12 5248]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-6-30 486280]
R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2003-10-23 76160]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2009-12-16 375296]

=============== Created Last 30 ================

2010-07-12 04:34:58 42112 -c--a-w- c:\windows\system32\dllcache\imapi.sys
2010-07-12 04:34:58 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2010-07-12 04:33:07 0 d-sha-r- C:\cmdcons
2010-07-12 04:28:08 0 d-----w- C:\ComboFix
2010-07-08 23:14:28 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-07 07:16:39 0 d-----w- c:\docume~1\user\applic~1\MiK
2010-07-07 07:16:13 0 d-----w- c:\docume~1\alluse~1\applic~1\MiK
2010-07-07 07:16:08 0 d-----w- c:\program files\ExifPro
2010-07-07 07:11:16 0 ----a-w- c:\windows\PixFiler.ini
2010-07-07 07:11:06 0 d-----w- c:\program files\PixFiler
2010-07-07 07:03:33 0 d-----w- c:\program files\Element-IT Software
2010-07-02 19:57:47 0 d--h--w- c:\windows\PIF
2010-06-25 07:42:12 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-25 00:07:57 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-06-25 00:07:53 0 d-----w- c:\program files\McAfee Security Scan
2010-06-22 20:16:46 0 d-----w- c:\program files\Microsoft Chat
2010-06-21 08:42:40 0 d-----w- c:\documents and settings\user\screenshots
2010-06-21 08:42:40 0 d-----w- c:\documents and settings\user\saves
2010-06-21 08:42:40 0 d-----w- c:\documents and settings\user\cdimages
2010-06-21 08:42:40 0 d-----w- c:\documents and settings\user\cards
2010-06-21 05:33:12 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-06-21 05:33:11 0 d-----w- c:\program files\MagicDisc
2010-06-21 04:55:35 0 d-----w- c:\program files\Delta
2010-06-21 04:52:17 0 d-----w- c:\documents and settings\user\parapparappa
2010-06-21 04:08:29 0 d-----w- c:\program files\Pcsx2
2010-06-21 03:45:59 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2010-06-21 03:44:06 0 d--h--w- c:\windows\msdownld.tmp
2010-06-21 03:43:30 0 d-----w- c:\program files\PCSX2 0.9.7
2010-06-20 23:56:16 0 d-sh--w- c:\windows\indi64
2010-06-19 20:28:50 0 d-----w- c:\program files\uMusic
2010-06-16 09:47:24 195 ----a-w- c:\windows\yukon.ini
2010-06-16 09:38:43 24236 ----a-w- c:\windows\system\YUF_____.TTF
2010-06-16 09:38:43 1316 ----a-w- c:\windows\system\YUF_____.FOT
2010-06-16 09:38:43 0 d-----w- C:\MECC
2010-06-16 09:38:15 721 ----a-w- c:\windows\WIN.YKN
2010-06-16 09:38:15 721 ----a-w- c:\windows\WIN.EXM
2010-06-15 06:09:19 614 ----a-w- c:\windows\eReg.dat
2010-06-12 05:17:37 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-06-12 05:17:10 0 d-----w- c:\windows\RegisteredPackages

==================== Find3M ====================

2010-06-25 07:51:52 11242 ----a-w- c:\windows\system32\nvModes.dat
2010-06-12 04:52:15 96384 ----a-w- c:\windows\system32\drivers\sptd8589.sys
2010-06-12 04:52:15 664064 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-02 08:55:30 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 08:55:30 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 08:55:30 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-26 15:41:02 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 15:41:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 15:41:02 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 15:41:02 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 15:41:02 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-25 23:19:30 13616 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-13 23:46:05 223128 ----a-w- c:\windows\system32\drivers\dtscsi.sys
2010-04-29 09:47:50 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-04-26 19:58:12 256512 ----a-w- c:\windows\PEV.exe

============= FINISH: 1:11:20.57 ===============

**Blade81** · 2010-07-12, 08:18

Hi,

Was that complete c:\ComboFix.txt contents? It looks like ending part may have something missing there.

**deadpool** · 2010-07-12, 09:07

Yes thats the whole file. Should i try to run it again and paste the results?

**Blade81** · 2010-07-12, 10:45

Hi again,

Open notepad and copy/paste the text in the quotebox below into it:

Code:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Folder::
c:\Documents and Settings\User\Local Settings\Application Data\lpupdgt
C:\Documents and Settings\User\Application Data\uTorrent
File::
C:\Documents and Settings\User\My Documents\Downloads\utorrent.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uachgtnctuunqj]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Documents and Settings\\User\\My Documents\\Downloads\\utorrent.exe"=-

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Get latest Adobe Reader updates (9.3.2 & 9.3.3) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 21.
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

**Blade81** · 2010-07-18, 09:46

Are you still there?

**tashi** · 2010-07-22, 23:14

deadpool this thread has been archived due to inactivity.

As it has been four days or more since your last post, and the helper assisting you posted a response to which you did not reply, your topic will not be re-opened. If you still require help, please start a new topic and include a DDS log with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.

Thank you Blade81.

Thread: YM IE not working. DDS log pelase help.

Thread Tools

Display

YM IE not working. DDS log pelase help.

Posting Permissions