Results 1 to 10 of 10

Thread: YM IE not working. DDS log pelase help.

  1. #1
    Junior Member
    Join Date
    Jun 2010
    Posts
    5

    Default YM IE not working. DDS log pelase help.

    Yahoo messenger and Internet Explorer not working.
    Everythng else works fine, Firefox,MSN,AIM,mIRC. Just ran Malwarebytes and whe i started up i got a system32.exe error. This is what YM tells me. Please help.

    Checking virtual IP servers...
    [VIP Raw] Connecting to Virtual IP server 127.0.0.1...
    [VIP Raw] Resolving host name 127.0.0.1... [PASSED]
    [VIP Raw] Connecting to Virtual IP server 127.0.0.1...
    [VIP Raw] Resolving host name 127.0.0.1... [PASSED]
    [VIP Raw] Connecting to Virtual IP server 127.0.0.1...
    [VIP Raw] Resolving host name 127.0.0.1... [PASSED]
    [VIP Raw] Connecting to Virtual IP server 127.0.0.1...
    [VIP Raw] Resolving host name 127.0.0.1... [PASSED]
    [VIP Raw] FAILED
    *** 'COMPONENT_TYPE_YCP' YCPError: 'YMSG.ColoSelectionFailed' ***

    Checking HTTP virtual IP servers...
    [VIP Http] Connecting to HTTP Virtual IP server 127.0.0.1...
    [VIP Http] Resolving host name 127.0.0.1... [PASSED]
    [VIP Http] Connecting to HTTP Virtual IP server 127.0.0.1...
    [VIP Http] Resolving host name 127.0.0.1... [PASSED]
    [VIP Http] Connecting to HTTP Virtual IP server 127.0.0.1...
    [VIP Http] Resolving host name 127.0.0.1... [PASSED]
    [VIP Http] Connecting to HTTP Virtual IP server 127.0.0.1...
    [VIP Http] Resolving host name 127.0.0.1... [PASSED]
    [VIP Http] FAILED
    *** 'COMPONENT_TYPE_YCP' YCPError: 'YMSG.ColoSelectionFailed' ***

    Also here is the DDS log. Thank you guys in advance


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by User at 0:41:10.44 on Wed 06/30/2010
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.447 [GMT -4:00]

    FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\VM_STI.EXE
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\mIRC\mirc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\User\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyServer = http=127.0.0.1:5577
    uInternet Settings,ProxyOverride = <local>
    uURLSearchHooks: H - No File
    mWinlogon: Shell=Explorer.exe
    BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.0.2\dealioToolbarIE.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.0.2\dealioToolbarIE.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [AIM] c:\progra~1\aim\aim.exe -cnetwait.odl
    uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [BigDogPath] c:\windows\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
    mASetup: {44BBA844-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection c:\windows\inf\CChat25.inf,PerUserAdd.NT
    Hosts: 0.0.0.0 virusin
    Hosts: 0.0.0.0 www.vir
    Hosts: 0.0.0.0 project
    Hosts: 0.0.0.0 www.pro
    Hosts: 0.0.0.0 novirus

    Note: multiple HOSTS entries found. Please refer to Attach.txt

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\yhhem938.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

    ============= SERVICES / DRIVERS ===============

    R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2010-6-12 155136]
    R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2010-6-12 5248]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-6-30 486280]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528]
    R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2003-10-23 76160]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2009-12-16 375296]

    =============== Created Last 30 ================

    2010-06-25 07:42:12 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
    2010-06-25 07:16:59 0 d-----w- c:\program files\THQ
    2010-06-25 00:07:57 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
    2010-06-25 00:07:53 0 d-----w- c:\program files\McAfee Security Scan
    2010-06-22 20:16:46 0 d-----w- c:\program files\Microsoft Chat
    2010-06-21 08:42:40 0 d-----w- c:\documents and settings\user\screenshots
    2010-06-21 08:42:40 0 d-----w- c:\documents and settings\user\saves
    2010-06-21 08:42:40 0 d-----w- c:\documents and settings\user\cdimages
    2010-06-21 08:42:40 0 d-----w- c:\documents and settings\user\cards
    2010-06-21 05:33:12 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
    2010-06-21 05:33:11 0 d-----w- c:\program files\MagicDisc
    2010-06-21 04:55:35 0 d-----w- c:\program files\Delta
    2010-06-21 04:52:17 0 d-----w- c:\documents and settings\user\parapparappa
    2010-06-21 04:08:29 0 d-----w- c:\program files\Pcsx2
    2010-06-21 03:45:59 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
    2010-06-21 03:44:06 0 d--h--w- c:\windows\msdownld.tmp
    2010-06-21 03:43:30 0 d-----w- c:\program files\PCSX2 0.9.7
    2010-06-20 23:56:16 0 d-sh--w- c:\windows\indi64
    2010-06-19 20:28:50 0 d-----w- c:\program files\uMusic
    2010-06-16 09:47:24 195 ----a-w- c:\windows\yukon.ini
    2010-06-16 09:38:43 24236 ----a-w- c:\windows\system\YUF_____.TTF
    2010-06-16 09:38:43 1316 ----a-w- c:\windows\system\YUF_____.FOT
    2010-06-16 09:38:43 0 d-----w- C:\MECC
    2010-06-16 09:38:15 721 ----a-w- c:\windows\WIN.YKN
    2010-06-16 09:38:15 721 ----a-w- c:\windows\WIN.EXM
    2010-06-15 06:09:19 614 ----a-w- c:\windows\eReg.dat
    2010-06-12 05:17:37 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
    2010-06-12 05:17:10 0 d-----w- c:\windows\RegisteredPackages
    2010-06-12 04:58:02 5248 ----a-w- c:\windows\system32\drivers\d347prt.sys
    2010-06-12 04:58:02 155136 ----a-w- c:\windows\system32\drivers\d347bus.sys
    2010-06-12 04:58:00 0 d-----w- c:\program files\D-Tools
    2010-06-12 04:57:13 0 d-----w- c:\windows\Downloaded Installations
    2010-06-12 04:47:32 96384 ----a-w- c:\windows\system32\drivers\sptd8589.sys
    2010-06-12 04:16:59 77312 ----a-w- c:\windows\MBR.exe
    2010-06-12 04:16:58 98816 ----a-w- c:\windows\sed.exe
    2010-06-12 04:16:58 256512 ----a-w- c:\windows\PEV.exe
    2010-06-12 04:16:58 161792 ----a-w- c:\windows\SWREG.exe
    2010-06-12 04:14:35 0 d-s---w- C:\ComboFix
    2010-06-12 04:09:03 0 d-----w- c:\program files\Trend Micro
    2010-06-08 02:40:43 0 d-----w- c:\windows\system32\Adobe
    2010-06-07 19:29:02 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes
    2010-06-07 19:27:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-06-07 19:27:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-06-07 19:27:42 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-06-07 19:27:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-06-04 09:00:51 0 d-----w- C:\dosprogs
    2010-06-04 08:55:05 0 d-----w- c:\program files\DOSBox-0.74

    ==================== Find3M ====================

    2010-06-25 07:51:52 11242 ----a-w- c:\windows\system32\nvModes.dat
    2010-06-12 04:52:15 664064 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-06-02 08:55:30 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
    2010-06-02 08:55:30 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
    2010-06-02 08:55:30 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
    2010-05-26 15:41:02 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
    2010-05-26 15:41:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
    2010-05-26 15:41:02 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
    2010-05-26 15:41:02 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
    2010-05-26 15:41:02 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
    2010-05-25 23:19:30 13616 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-05-13 23:46:05 223128 ----a-w- c:\windows\system32\drivers\dtscsi.sys
    2010-04-29 09:47:50 499712 ----a-w- c:\windows\system32\msvcp71.dll

    ============= FINISH: 0:43:37.59 ===============

  2. #2
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    If you still need help with this post fresh dds logs (both dds.txt & attach.txt contents).
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member
    Join Date
    Jun 2010
    Posts
    5

    Default

    Quote Originally Posted by Blade81 View Post
    Hi,

    If you still need help with this post fresh dds logs (both dds.txt & attach.txt contents).
    Yes i still am having the same problem. Here are fresh logs. Thank you.



    DDS (Ver_10-03-17.01) - NTFSx86
    Run by User at 18:25:37.35 on Tue 07/06/2010
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.501 [GMT -4:00]

    FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\VM_STI.EXE
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\AIM\aim.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\mIRC\mirc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\User\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyServer = http=127.0.0.1:5577
    uInternet Settings,ProxyOverride = <local>
    uURLSearchHooks: H - No File
    mWinlogon: Shell=Explorer.exe
    BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.0.2\dealioToolbarIE.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.0.2\dealioToolbarIE.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [AIM] c:\progra~1\aim\aim.exe -cnetwait.odl
    uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [BigDogPath] c:\windows\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
    mASetup: {44BBA844-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection c:\windows\inf\CChat25.inf,PerUserAdd.NT
    Hosts: 0.0.0.0 virusin
    Hosts: 0.0.0.0 www.vir
    Hosts: 0.0.0.0 project
    Hosts: 0.0.0.0 www.pro
    Hosts: 0.0.0.0 novirus

    Note: multiple HOSTS entries found. Please refer to Attach.txt

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\yhhem938.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

    ============= SERVICES / DRIVERS ===============

    R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2010-6-12 155136]
    R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2010-6-12 5248]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-6-30 486280]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528]
    R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2003-10-23 76160]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2009-12-16 375296]

    =============== Created Last 30 ================

    2010-07-02 19:57:47 0 d--h--w- c:\windows\PIF
    2010-06-25 07:42:12 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
    2010-06-25 00:07:57 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
    2010-06-25 00:07:53 0 d-----w- c:\program files\McAfee Security Scan
    2010-06-22 20:16:46 0 d-----w- c:\program files\Microsoft Chat
    2010-06-21 08:42:40 0 d-----w- c:\documents and settings\user\screenshots
    2010-06-21 08:42:40 0 d-----w- c:\documents and settings\user\saves
    2010-06-21 08:42:40 0 d-----w- c:\documents and settings\user\cdimages
    2010-06-21 08:42:40 0 d-----w- c:\documents and settings\user\cards
    2010-06-21 05:33:12 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
    2010-06-21 05:33:11 0 d-----w- c:\program files\MagicDisc
    2010-06-21 04:55:35 0 d-----w- c:\program files\Delta
    2010-06-21 04:52:17 0 d-----w- c:\documents and settings\user\parapparappa
    2010-06-21 04:08:29 0 d-----w- c:\program files\Pcsx2
    2010-06-21 03:45:59 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
    2010-06-21 03:44:06 0 d--h--w- c:\windows\msdownld.tmp
    2010-06-21 03:43:30 0 d-----w- c:\program files\PCSX2 0.9.7
    2010-06-20 23:56:16 0 d-sh--w- c:\windows\indi64
    2010-06-19 20:28:50 0 d-----w- c:\program files\uMusic
    2010-06-16 09:47:24 195 ----a-w- c:\windows\yukon.ini
    2010-06-16 09:38:43 24236 ----a-w- c:\windows\system\YUF_____.TTF
    2010-06-16 09:38:43 1316 ----a-w- c:\windows\system\YUF_____.FOT
    2010-06-16 09:38:43 0 d-----w- C:\MECC
    2010-06-16 09:38:15 721 ----a-w- c:\windows\WIN.YKN
    2010-06-16 09:38:15 721 ----a-w- c:\windows\WIN.EXM
    2010-06-15 06:09:19 614 ----a-w- c:\windows\eReg.dat
    2010-06-12 05:17:37 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
    2010-06-12 05:17:10 0 d-----w- c:\windows\RegisteredPackages
    2010-06-12 04:58:02 5248 ----a-w- c:\windows\system32\drivers\d347prt.sys
    2010-06-12 04:58:02 155136 ----a-w- c:\windows\system32\drivers\d347bus.sys
    2010-06-12 04:58:00 0 d-----w- c:\program files\D-Tools
    2010-06-12 04:57:13 0 d-----w- c:\windows\Downloaded Installations
    2010-06-12 04:47:32 96384 ----a-w- c:\windows\system32\drivers\sptd8589.sys
    2010-06-12 04:16:59 77312 ----a-w- c:\windows\MBR.exe
    2010-06-12 04:16:58 98816 ----a-w- c:\windows\sed.exe
    2010-06-12 04:16:58 256512 ----a-w- c:\windows\PEV.exe
    2010-06-12 04:16:58 161792 ----a-w- c:\windows\SWREG.exe
    2010-06-12 04:14:35 0 d-s---w- C:\ComboFix
    2010-06-12 04:09:03 0 d-----w- c:\program files\Trend Micro
    2010-06-08 02:40:43 0 d-----w- c:\windows\system32\Adobe
    2010-06-07 19:29:02 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes
    2010-06-07 19:27:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-06-07 19:27:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-06-07 19:27:42 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-06-07 19:27:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

    ==================== Find3M ====================

    2010-06-25 07:51:52 11242 ----a-w- c:\windows\system32\nvModes.dat
    2010-06-12 04:52:15 664064 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-06-02 08:55:30 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
    2010-06-02 08:55:30 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
    2010-06-02 08:55:30 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
    2010-05-26 15:41:02 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
    2010-05-26 15:41:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
    2010-05-26 15:41:02 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
    2010-05-26 15:41:02 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
    2010-05-26 15:41:02 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
    2010-05-25 23:19:30 13616 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-05-13 23:46:05 223128 ----a-w- c:\windows\system32\drivers\dtscsi.sys
    2010-04-29 09:47:50 499712 ----a-w- c:\windows\system32\msvcp71.dll

    ============= FINISH: 18:28:42.03 ===============


    Attach file.

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/30/2005 5:35:15 AM
    System Uptime: 7/6/2010 6:06:25 PM (0 hours ago)

    Motherboard: Dell Computer Corporation | |
    Processor: Intel(R) Pentium(R) M processor 1700MHz | Microprocessor | 1698/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 37 GiB total, 2.6 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Network Controller
    Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00011028&REV_02\4&39A85202&0&18F0
    Manufacturer:
    Name: Network Controller
    PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00011028&REV_02\4&39A85202&0&18F0
    Service:

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: PCI Modem
    Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_542214F1&REV_01\3&61AAA01&0&FE
    Manufacturer:
    Name: PCI Modem
    PNP Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_542214F1&REV_01\3&61AAA01&0&FE
    Service:

    ==== System Restore Points ===================

    RP44: 7/2/2010 4:01:50 PM - Removed GTA San Andreas

    ==== Hosts File Hijack ======================

    Hosts: 0.0.0.0 virusin
    Hosts: 0.0.0.0 www.vir
    Hosts: 0.0.0.0 project
    Hosts: 0.0.0.0 www.pro
    Hosts: 0.0.0.0 novirus
    Hosts: 0.0.0.0 www.nov
    Hosts: 0.0.0.0 www.ant
    Hosts: 0.0.0.0 zeustra
    Hosts: 0.0.0.0 www.zeu
    Hosts: 0.0.0.0 www.mal
    Hosts: 0.0.0.0 www3.ma
    Hosts: 0.0.0.0 forum.m
    Hosts: 0.0.0.0 www.thr
    Hosts: 0.0.0.0 threate
    Hosts: 0.0.0.0 www.av-
    Hosts: 0.0.0.0 av-comp
    Hosts: 0.0.0.0 av-test
    Hosts: 0.0.0.0 www.av-
    Hosts: 0.0.0.0 www.sca
    Hosts: 0.0.0.0 www.vir
    Hosts: 0.0.0.0 adwarer
    Hosts: 0.0.0.0 www.adw
    Hosts: 0.0.0.0 malware
    Hosts: 0.0.0.0 www.mal
    Hosts: 0.0.0.0 spyware
    Hosts: 0.0.0.0 www.spy
    Hosts: 0.0.0.0 avsoft.
    Hosts: 0.0.0.0 www.avs
    Hosts: 0.0.0.0 onecare
    Hosts: 0.0.0.0 anubis.
    Hosts: 0.0.0.0 wepawet
    Hosts: 0.0.0.0 iseclab
    Hosts: 0.0.0.0 www.ise
    Hosts: 0.0.0.0 www.fre
    Hosts: 0.0.0.0 freespa
    Hosts: 0.0.0.0 sunbelt
    Hosts: 0.0.0.0 www.sun
    Hosts: 0.0.0.0 www.pre
    Hosts: 0.0.0.0 prevx.c
    Hosts: 0.0.0.0 analysi
    Hosts: 0.0.0.0 www.joe
    Hosts: 0.0.0.0 joebox.
    Hosts: 0.0.0.0 gmer.ne
    Hosts: 0.0.0.0 www.gme
    Hosts: 0.0.0.0 antiroo
    Hosts: 0.0.0.0 www.ant
    Hosts: 0.0.0.0 sectool
    Hosts: 0.0.0.0 www.san
    Hosts: 0.0.0.0 sandbox
    Hosts: 0.0.0.0 mwcolle
    Hosts: 0.0.0.0 www.amt
    Hosts: 0.0.0.0 amtso.o
    Hosts: 0.0.0.0 www.che
    Hosts: 0.0.0.0 checkvi
    Hosts: 0.0.0.0 www.che
    Hosts: 0.0.0.0 check-m
    Hosts: 0.0.0.0 www.ant
    Hosts: 0.0.0.0 anti-ma
    Hosts: 0.0.0.0 www.av-
    Hosts: 0.0.0.0 www.wil
    Hosts: 0.0.0.0 wildlis
    Hosts: 0.0.0.0 www.aav
    Hosts: 0.0.0.0 central
    Hosts: 0.0.0.0 www.sta
    Hosts: 0.0.0.0 staysaf
    Hosts: 0.0.0.0 www.sup
    Hosts: 0.0.0.0 superan
    Hosts: 0.0.0.0 www.kas
    Hosts: 0.0.0.0 kaspers
    Hosts: 0.0.0.0 kaspers
    Hosts: 0.0.0.0 kaspers
    Hosts: 0.0.0.0 kaspers
    Hosts: 0.0.0.0 kaspers
    Hosts: 0.0.0.0 kaspers
    Hosts: 0.0.0.0 kaspers
    Hosts: 0.0.0.0 kaspers
    Hosts: 0.0.0.0 kaspers
    Hosts: 0.0.0.0 www.kas
    Hosts: 0.0.0.0 kaspers
    Hosts: 0.0.0.0 www.avp
    Hosts: 0.0.0.0 avp.ru

    ==== Installed Programs ======================

    µTorrent
    Acrobat.com
    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3
    Adobe Shockwave Player 11.5
    AMCap
    AMIP (remove only)
    AOL Instant Messenger
    Broadcom Gigabit Integrated Controller
    C-Major Audio
    CardBus
    D-i-v-X AVI Codec Pack Pro 2.4.0
    DAEMON Tools
    Dealio Toolbar v4.0.2
    HiJackThis
    Hotfix for Windows XP (KB954708)
    Java Auto Updater
    Java(TM) 6 Update 18
    Junk Mail filter update
    Lernout & Hauspie TruVoice American English TTS Engine
    MagicDisc 2.7.106
    Malwarebytes' Anti-Malware
    McAfee Security Scan Plus
    Microsoft .NET Framework 2.0
    Microsoft Application Error Reporting
    Microsoft Chat 2.5
    Microsoft Choice Guard
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Windows Journal Viewer
    mIRC
    Mozilla Firefox (3.5.10)
    MSVCRT
    NVIDIA Drivers
    PCI 7510 CardBus Controller with SmartCard and Software
    PCSX2 - Playstation 2 Emulator
    Pcsx2 0.9.6
    Project64 1.6
    Search Settings v1.2.3
    Segoe UI
    Skype Toolbars
    Skype™ 4.2
    Speakonia
    Steam
    System Requirements Lab
    TreeSize Free V2.4
    uMusic
    VC 9.0 Runtime
    VideoLAN VLC media player 0.8.6f
    Viewpoint Media Player
    Vimicro USB PC Camera (ZC0301PL)
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
    VoipBuster
    WebFldrs XP
    Winamp
    Winamp Detector Plug-in
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    WinRAR archiver
    Yahoo! Messenger
    ZoneAlarm
    ZoneAlarm Toolbar

    ==== Event Viewer Messages From Past Week ========

    7/5/2010 12:17:36 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
    7/3/2010 1:09:15 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file imapi.sys. This file was restored to the original version to maintain system stability. The file version of the bad file is 0.0.0.1, the version of the system file is 5.1.2600.5512.
    7/2/2010 3:55:39 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
    7/1/2010 8:23:57 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:.
    7/1/2010 8:23:22 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
    7/1/2010 4:36:20 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
    7/1/2010 4:36:20 PM, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/1/2010 4:35:47 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    7/1/2010 4:35:47 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
    7/1/2010 12:39:09 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
    7/1/2010 12:39:08 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    7/1/2010 12:39:08 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/29/2010 11:23:39 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service YahooAUService with arguments "" in order to run the server: {90AFF435-B544-4F94-A0C2-CC020EACA4E3}
    6/29/2010 11:16:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
    6/29/2010 11:15:15 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    6/29/2010 11:14:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/29/2010 11:01:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    6/29/2010 11:00:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vsdatant
    6/29/2010 11:00:39 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2010 11:00:39 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2010 11:00:39 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2010 11:00:39 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2010 11:00:39 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2010 10:59:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    6/29/2010 10:57:24 PM, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: Access is denied.

    ==== End Of File ===========================

  4. #4
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    µTorrent


    I'd like you to read this thread.

    Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


    Uninstall ZoneAlarm Toolbar if not installed on purpose.


    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #5
    Junior Member
    Join Date
    Jun 2010
    Posts
    5

    Default

    ComboFix 10-07-11.03 - User 07/12/2010 0:44:10.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.776 [GMT -4:00]
    Running from: C:\Documents and Settings\User\My Documents\Downloads\ComboFix.exe
    FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\User\Application Data\Dealio
    C:\Documents and Settings\User\Application Data\Dealio\res\widgets.xml
    C:\Documents and Settings\User\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
    C:\Documents and Settings\User\Local Settings\Application Data\ctsknabsf
    C:\Documents and Settings\User\Local Settings\Application Data\ctsknabsf\mxufkmqtssd.exe
    C:\Documents and Settings\User\Local Settings\Temporary Internet Files\750.tmp
    C:\install.exe
    C:\Program Files\Dealio Toolbar
    C:\Program Files\Dealio Toolbar\FF\chrome.manifest
    C:\Program Files\Dealio Toolbar\FF\chrome\content\chevron.js
    C:\Program Files\Dealio Toolbar\FF\chrome\content\chevron.xul
    C:\Program Files\Dealio Toolbar\FF\chrome\content\login.js
    C:\Program Files\Dealio Toolbar\FF\chrome\content\login.xul
    C:\Program Files\Dealio Toolbar\FF\chrome\content\parser.js
    C:\Program Files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
    C:\Program Files\Dealio Toolbar\FF\chrome\content\searchbox.js
    C:\Program Files\Dealio Toolbar\FF\chrome\content\searchbox.xul
    C:\Program Files\Dealio Toolbar\FF\chrome\content\widgichevron.js
    C:\Program Files\Dealio Toolbar\FF\chrome\content\widgicomm.js
    C:\Program Files\Dealio Toolbar\FF\chrome\content\widgihandling.js
    C:\Program Files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
    C:\Program Files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
    C:\Program Files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
    C:\Program Files\Dealio Toolbar\FF\chrome\content\widgiui.js
    C:\Program Files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
    C:\Program Files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
    C:\Program Files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
    C:\Program Files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\amazon.gif
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\apple.gif
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\barnes.gif
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\chevron.gif
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\ebay.gif
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\macys.gif
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\newegg.gif
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\overstock.gif
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\search-button.gif
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\searchbox.css
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\separator.gif
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\target.gif
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\walmart.gif
    C:\Program Files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
    C:\Program Files\Dealio Toolbar\FF\components\config.ini
    C:\Program Files\Dealio Toolbar\FF\components\dealioToolbarFF.dll
    C:\Program Files\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt
    C:\Program Files\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt
    C:\Program Files\Dealio Toolbar\FF\install.rdf
    C:\Program Files\Dealio Toolbar\IE\4.0.2\config.ini
    C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
    C:\Program Files\Dealio Toolbar\Res\amazon.gif
    C:\Program Files\Dealio Toolbar\Res\apple.gif
    C:\Program Files\Dealio Toolbar\Res\barnes.gif
    C:\Program Files\Dealio Toolbar\Res\bestbuy.gif
    C:\Program Files\Dealio Toolbar\Res\dealio_logo.gif
    C:\Program Files\Dealio Toolbar\Res\dealio_logo_hover.gif
    C:\Program Files\Dealio Toolbar\Res\ebay.gif
    C:\Program Files\Dealio Toolbar\Res\icon_settings.gif
    C:\Program Files\Dealio Toolbar\Res\macys.gif
    C:\Program Files\Dealio Toolbar\Res\newegg.gif
    C:\Program Files\Dealio Toolbar\Res\overstock.gif
    C:\Program Files\Dealio Toolbar\Res\search-button-hover.gif
    C:\Program Files\Dealio Toolbar\Res\search-button.gif
    C:\Program Files\Dealio Toolbar\Res\search-chevron-hover.gif
    C:\Program Files\Dealio Toolbar\Res\search-chevron.gif
    C:\Program Files\Dealio Toolbar\Res\search_amazon.gif
    C:\Program Files\Dealio Toolbar\Res\search_dealio.gif
    C:\Program Files\Dealio Toolbar\Res\search_ebay.gif
    C:\Program Files\Dealio Toolbar\Res\search_yahoo.gif
    C:\Program Files\Dealio Toolbar\Res\target.gif
    C:\Program Files\Dealio Toolbar\Res\walmart.gif
    C:\Program Files\Dealio Toolbar\Res\widgets.xml
    C:\Program Files\Dealio Toolbar\WidgiHelper.exe
    C:\Program Files\Search Settings
    C:\Program Files\Search Settings\FF\chrome.manifest
    C:\Program Files\Search Settings\FF\chrome\content\plugin.js
    C:\Program Files\Search Settings\FF\chrome\content\plugin.xul
    C:\Program Files\Search Settings\FF\chrome\content\protection.js
    C:\Program Files\Search Settings\FF\chrome\content\utils.js
    C:\Program Files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
    C:\Program Files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
    C:\Program Files\Search Settings\FF\components\IFBHOSearch.xpt
    C:\Program Files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
    C:\Program Files\Search Settings\FF\components\IFHelperPreferences.xpt
    C:\Program Files\Search Settings\FF\components\SearchSettingsFF.dll
    C:\Program Files\Search Settings\FF\install.rdf
    C:\Program Files\Search Settings\SearchSettings.dll
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Search Settings\SearchSettingsRes409.dll
    C:\WINDOWS\daemon.dll
    C:\WINDOWS\system32\SHELLLNK.TLB

    Infected copy of C:\WINDOWS\system32\DRIVERS\imapi.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((( Files Created from 2010-06-12 to 2010-07-12 )))))))))))))))))))))))))))))))
    .

    2010-07-12 04:34:58 . 2008-04-14 04:11:00 42112 -c--a-w- C:\WINDOWS\system32\dllcache\imapi.sys
    2010-07-12 04:34:58 . 2008-04-14 04:11:00 42112 ----a-w- C:\WINDOWS\system32\drivers\imapi.sys
    2010-07-08 23:14:28 . 2010-07-08 23:14:28 552 ----a-w- C:\WINDOWS\system32\d3d8caps.dat
    2010-07-08 23:14:16 . 2010-07-08 23:14:17 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    2010-07-07 07:16:39 . 2010-07-07 07:16:39 -------- d-----w- C:\Documents and Settings\User\Application Data\MiK
    2010-07-07 07:16:13 . 2010-07-07 07:16:13 -------- d-----w- C:\Documents and Settings\All Users\Application Data\MiK
    2010-07-07 07:16:08 . 2010-07-07 07:19:15 -------- d-----w- C:\Program Files\ExifPro
    2010-07-07 07:11:06 . 2010-07-07 07:11:07 -------- d-----w- C:\Program Files\PixFiler
    2010-07-07 07:03:33 . 2010-07-07 07:03:33 -------- d-----w- C:\Program Files\Element-IT Software
    2010-07-02 19:57:47 . 2010-07-02 19:57:47 -------- d--h--w- C:\WINDOWS\PIF
    2010-06-28 05:41:33 . 2010-06-28 05:41:33 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\McAfee
    2010-06-25 07:42:12 . 2010-06-25 07:42:12 108144 ----a-w- C:\WINDOWS\system32\CmdLineExt.dll
    2010-06-25 00:07:57 . 2010-06-25 00:07:57 -------- d-----w- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
    2010-06-25 00:07:56 . 2010-06-25 00:07:56 -------- d-----w- C:\Documents and Settings\All Users\Application Data\McAfee
    2010-06-25 00:07:53 . 2010-06-28 05:41:09 -------- d-----w- C:\Program Files\McAfee Security Scan
    2010-06-24 20:06:03 . 2010-06-24 23:57:08 -------- d-----w- C:\Documents and Settings\User\Local Settings\Application Data\Temp
    2010-06-24 20:05:51 . 2010-06-25 00:11:03 -------- d-----w- C:\Documents and Settings\User\Local Settings\Application Data\Google
    2010-06-24 06:37:59 . 2010-06-24 06:37:59 -------- d-----w- C:\Documents and Settings\User\Application Data\dvdcss
    2010-06-23 13:56:59 . 2010-06-23 13:57:09 -------- d-----w- C:\Documents and Settings\User\Local Settings\Application Data\Deployment
    2010-06-22 20:16:46 . 2010-06-24 20:28:41 -------- d-----w- C:\Program Files\Microsoft Chat
    2010-06-21 08:42:40 . 2010-06-21 08:42:40 -------- d-----w- C:\Documents and Settings\User\screenshots
    2010-06-21 08:42:40 . 2010-06-21 08:42:40 -------- d-----w- C:\Documents and Settings\User\saves
    2010-06-21 08:42:40 . 2010-06-21 08:42:40 -------- d-----w- C:\Documents and Settings\User\cdimages
    2010-06-21 08:42:40 . 2010-06-21 08:42:40 -------- d-----w- C:\Documents and Settings\User\cards
    2010-06-21 05:33:12 . 2009-02-24 22:42:14 116736 ----a-w- C:\WINDOWS\system32\drivers\mcdbus.sys
    2010-06-21 05:33:11 . 2010-06-21 05:33:22 -------- d-----w- C:\Program Files\MagicDisc
    2010-06-21 04:55:35 . 2010-06-21 05:29:50 -------- d-----w- C:\Program Files\Delta
    2010-06-21 04:52:17 . 2010-06-21 08:23:31 -------- d-----w- C:\Documents and Settings\User\parapparappa
    2010-06-21 04:08:29 . 2010-06-21 04:08:29 -------- d-----w- C:\Program Files\Pcsx2
    2010-06-21 03:51:27 . 2010-06-21 04:05:27 -------- d-----w- C:\Documents and Settings\User\Local Settings\Application Data\pcsx2
    2010-06-21 03:45:59 . 2008-05-30 18:18:52 238088 ----a-w- C:\WINDOWS\system32\xactengine3_1.dll
    2010-06-21 03:44:06 . 2010-06-21 04:22:36 -------- d--h--w- C:\WINDOWS\msdownld.tmp
    2010-06-21 03:43:30 . 2010-06-21 04:22:47 -------- d-----w- C:\Program Files\PCSX2 0.9.7
    2010-06-20 23:56:16 . 2010-06-30 02:51:11 -------- d-sh--w- C:\WINDOWS\indi64
    2010-06-19 20:28:50 . 2010-06-19 20:28:51 -------- d-----w- C:\Program Files\uMusic
    2010-06-16 09:38:43 . 2010-06-16 09:38:43 -------- d-----w- C:\MECC
    2010-06-15 06:09:19 . 2010-06-15 06:09:19 614 ----a-w- C:\WINDOWS\eReg.dat
    2010-06-12 05:17:37 . 2005-05-26 19:34:52 2297552 ----a-w- C:\WINDOWS\system32\d3dx9_26.dll
    2010-06-12 05:16:34 . 2004-07-09 08:26:40 354816 -c--a-w- C:\WINDOWS\system32\dllcache\psisdecd.dll
    2010-06-12 05:16:34 . 2004-07-09 08:26:40 354816 ----a-w- C:\WINDOWS\system32\psisdecd.dll
    2010-06-12 05:16:34 . 2004-07-09 08:26:38 52096 -c--a-w- C:\WINDOWS\system32\dllcache\msdv.sys
    2010-06-12 05:16:34 . 2004-07-09 08:26:38 52096 ----a-w- C:\WINDOWS\system32\drivers\msdv.sys
    2010-06-12 05:16:34 . 2004-07-09 08:26:38 15104 -c--a-w- C:\WINDOWS\system32\dllcache\mpe.sys
    2010-06-12 05:16:34 . 2004-07-09 08:26:38 15104 ----a-w- C:\WINDOWS\system32\drivers\mpe.sys
    2010-06-12 05:16:34 . 2004-07-09 08:26:38 11392 -c--a-w- C:\WINDOWS\system32\dllcache\bdasup.sys
    2010-06-12 05:16:34 . 2004-07-09 08:26:38 11392 ----a-w- C:\WINDOWS\system32\drivers\bdasup.sys
    2010-06-12 05:16:30 . 2002-12-12 04:14:32 46592 ----a-w- C:\WINDOWS\system32\dxdllreg.exe
    2010-06-12 05:16:29 . 2002-08-29 07:41:00 31744 -c--a-w- C:\WINDOWS\system32\dllcache\pid.dll
    2010-06-12 04:58:02 . 2004-08-22 20:31:48 5248 ----a-w- C:\WINDOWS\system32\drivers\d347prt.sys
    2010-06-12 04:58:02 . 2004-08-22 20:31:10 155136 ----a-w- C:\WINDOWS\system32\drivers\d347bus.sys
    2010-06-12 04:58:00 . 2010-06-12 04:58:01 -------- d-----w- C:\Program Files\D-Tools
    2010-06-12 04:57:13 . 2010-06-12 04:57:13 -------- d-----w- C:\WINDOWS\Downloaded Installations

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-12 04:35:27 . 2010-03-06 02:07:16 -------- d-----w- C:\Documents and Settings\User\Application Data\mIRC
    2010-07-12 04:32:06 . 2010-03-06 02:07:16 -------- d-----w- C:\Program Files\mIRC
    2010-07-12 04:23:41 . 2010-03-06 19:01:20 2805969 ----a-w- C:\WINDOWS\Internet Logs\tvDebug.Zip
    2010-07-12 04:21:49 . 2010-05-01 02:09:20 -------- d-----w- C:\Documents and Settings\User\Application Data\uTorrent
    2010-07-11 01:49:03 . 2010-04-12 03:47:23 664 ----a-w- C:\WINDOWS\system32\d3d9caps.dat
    2010-07-07 07:05:08 . 2010-07-07 07:05:08 318 ----a-r- C:\Documents and Settings\User\Application Data\Microsoft\Installer\{CDE1D6E5-758F-48AC-9ED6-4A094172D5DD}\_69525f90.exe
    2010-07-07 07:05:08 . 2010-07-07 07:05:08 1406 ----a-r- C:\Documents and Settings\User\Application Data\Microsoft\Installer\{CDE1D6E5-758F-48AC-9ED6-4A094172D5DD}\_294823.exe
    2010-07-07 07:05:08 . 2010-07-07 07:05:08 1406 ----a-r- C:\Documents and Settings\User\Application Data\Microsoft\Installer\{CDE1D6E5-758F-48AC-9ED6-4A094172D5DD}\_18be6784.exe
    2010-07-07 07:05:08 . 2010-07-07 07:05:08 1150 ----a-r- C:\Documents and Settings\User\Application Data\Microsoft\Installer\{CDE1D6E5-758F-48AC-9ED6-4A094172D5DD}\_4ae13d6c.exe
    2010-07-07 07:05:08 . 2010-07-07 07:05:08 1078 ----a-r- C:\Documents and Settings\User\Application Data\Microsoft\Installer\{CDE1D6E5-758F-48AC-9ED6-4A094172D5DD}\_2cd672ae.exe
    2010-07-02 20:01:57 . 2005-06-30 10:19:48 -------- d--h--w- C:\Program Files\InstallShield Installation Information
    2010-07-01 04:37:40 . 2010-04-02 08:32:15 -------- d-----w- C:\Program Files\Yahoo!
    2010-06-30 03:31:29 . 2010-04-02 08:33:53 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Yahoo!
    2010-06-30 02:51:35 . 2010-05-21 03:56:07 -------- d-----w- C:\Program Files\Steam
    2010-06-28 16:40:58 . 2010-06-28 16:42:09 1757696 ----a-w- C:\WINDOWS\Internet Logs\xDB3.tmp
    2010-06-25 07:51:52 . 2005-06-30 10:18:06 11242 ----a-w- C:\WINDOWS\system32\nvModes.dat
    2010-06-25 00:07:50 . 2005-06-30 11:36:11 -------- d-----w- C:\Documents and Settings\All Users\Application Data\NOS
    2010-06-24 20:26:26 . 2010-04-04 03:59:48 -------- d-----w- C:\Documents and Settings\User\Application Data\Skype
    2010-06-24 20:09:03 . 2010-04-04 04:02:15 -------- d-----w- C:\Documents and Settings\User\Application Data\skypePM
    2010-06-24 20:00:37 . 2010-05-22 08:32:49 -------- d-----w- C:\Program Files\iCall
    2010-06-16 09:50:35 . 2010-06-04 08:55:05 -------- d-----w- C:\Program Files\DOSBox-0.74
    2010-06-14 06:44:55 . 2005-06-30 11:31:43 13304 ----a-w- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-06-12 04:52:15 . 2010-06-12 04:47:32 96384 ----a-w- C:\WINDOWS\system32\drivers\sptd8589.sys
    2010-06-12 04:52:15 . 2010-05-13 23:11:32 664064 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys
    2010-06-12 04:09:05 . 2010-06-12 04:09:05 388096 ----a-r- C:\Documents and Settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-06-12 04:09:03 . 2010-06-12 04:09:03 -------- d-----w- C:\Program Files\Trend Micro
    2010-06-07 19:29:02 . 2010-06-07 19:29:02 -------- d-----w- C:\Documents and Settings\User\Application Data\Malwarebytes
    2010-06-07 19:27:50 . 2010-06-07 19:27:42 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
    2010-06-07 19:27:42 . 2010-06-07 19:27:42 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2010-06-02 08:55:30 . 2010-06-21 03:46:19 74072 ----a-w- C:\WINDOWS\system32\XAPOFX1_5.dll
    2010-06-02 08:55:30 . 2010-06-21 03:46:19 527192 ----a-w- C:\WINDOWS\system32\XAudio2_7.dll
    2010-06-02 08:55:30 . 2010-06-21 03:46:18 239960 ----a-w- C:\WINDOWS\system32\xactengine3_7.dll
    2010-05-26 15:41:02 . 2010-06-21 03:46:17 2106216 ----a-w- C:\WINDOWS\system32\D3DCompiler_43.dll
    2010-05-26 15:41:02 . 2010-06-21 03:46:17 1868128 ----a-w- C:\WINDOWS\system32\d3dcsx_43.dll
    2010-05-26 15:41:02 . 2010-06-21 03:46:16 470880 ----a-w- C:\WINDOWS\system32\d3dx10_43.dll
    2010-05-26 15:41:02 . 2010-06-21 03:46:16 248672 ----a-w- C:\WINDOWS\system32\d3dx11_43.dll
    2010-05-26 15:41:02 . 2010-06-21 03:46:16 1998168 ----a-w- C:\WINDOWS\system32\D3DX9_43.dll
    2010-05-25 23:19:30 . 2010-03-24 10:00:01 13616 ---ha-w- C:\WINDOWS\system32\mlfcache.dat
    2010-05-25 03:03:07 . 2010-05-25 03:03:07 -------- d-----w- C:\Program Files\Rockstar Games
    2010-05-23 00:44:09 . 2010-05-23 00:44:04 -------- d-----w- C:\Documents and Settings\User\Application Data\SystemRequirementsLab
    2010-05-23 00:44:08 . 2010-05-23 00:44:07 -------- d-----w- C:\Program Files\SystemRequirementsLab
    2010-05-23 00:44:04 . 2010-05-23 00:44:04 290816 ----a-w- C:\Documents and Settings\User\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
    2010-05-23 00:44:04 . 2010-05-23 00:44:04 290816 ----a-w- C:\Documents and Settings\User\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
    2010-05-23 00:44:04 . 2010-05-23 00:44:04 290816 ----a-w- C:\Documents and Settings\User\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
    2010-05-23 00:44:04 . 2010-05-23 00:44:04 290816 ----a-w- C:\Documents and Settings\User\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
    2010-05-22 08:28:11 . 2010-05-22 08:25:58 -------- d-----w- C:\Documents and Settings\User\Application Data\VoipBuster
    2010-05-22 08:24:57 . 2010-05-22 08:24:57 -------- d-----w- C:\Program Files\VoipBuster.com
    2010-05-21 08:16:18 . 2010-05-21 08:15:52 -------- d-----w- C:\Documents and Settings\User\Application Data\Media Player Classic
    2010-05-21 07:48:44 . 2010-05-21 07:48:44 -------- d-----w- C:\Documents and Settings\User\Application Data\vlc
    2010-05-21 07:41:41 . 2010-05-21 07:41:41 -------- d-----w- C:\Program Files\VideoLAN
    2010-05-21 07:40:40 . 2010-05-21 07:40:40 -------- d-----w- C:\Program Files\Atrinsic
    2010-05-20 06:40:42 . 2010-05-20 06:39:59 -------- d-----w- C:\Program Files\Project64 1.6
    2010-05-20 06:40:01 . 2010-05-20 06:40:01 8854 ----a-r- C:\Documents and Settings\User\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
    2010-05-20 06:40:01 . 2010-05-20 06:40:01 40960 ----a-r- C:\Documents and Settings\User\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
    2010-05-20 06:40:01 . 2010-05-20 06:40:01 40960 ----a-r- C:\Documents and Settings\User\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
    2010-05-16 05:19:29 . 2010-05-16 05:19:29 -------- d-----w- C:\Program Files\Noel Danjou
    2010-05-16 00:55:26 . 2010-05-16 00:55:26 -------- d-----w- C:\Program Files\Eidos Interactive
    2010-05-13 23:52:17 . 2010-05-13 23:52:17 -------- d-----w- C:\Program Files\Bethesda Softworks
    2010-05-13 23:51:54 . 2005-06-30 10:15:55 -------- d-----w- C:\Program Files\Common Files\InstallShield
    2010-05-13 23:46:06 . 2010-05-13 23:46:05 -------- d-----w- C:\Program Files\DAEMON Tools
    2010-05-13 23:46:05 . 2010-05-13 23:46:05 223128 ----a-w- C:\WINDOWS\system32\drivers\dtscsi.sys
    2010-05-13 23:30:41 . 2010-05-13 23:31:45 1700864 ----a-w- C:\WINDOWS\Internet Logs\xDB2.tmp
    2010-05-13 23:30:41 . 2010-05-13 23:31:43 2683392 ----a-w- C:\WINDOWS\Internet Logs\xDB1.tmp
    2010-05-13 23:10:16 . 2010-05-13 23:09:58 -------- d-----w- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    2010-05-13 23:10:08 . 2010-05-13 23:10:08 -------- d-----w- C:\Documents and Settings\User\Application Data\DAEMON Tools Lite
    2010-05-13 22:29:33 . 2010-05-13 22:29:33 -------- d-----w- C:\Documents and Settings\User\Application Data\JAM Software
    2010-05-13 22:29:22 . 2010-05-13 22:29:22 -------- d-----w- C:\Program Files\JAM Software
    2010-04-29 19:39:38 . 2010-06-07 19:27:44 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2010-04-29 19:39:26 . 2010-06-07 19:27:42 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
    2010-04-29 09:47:50 . 2010-04-29 09:47:50 499712 ----a-w- C:\WINDOWS\system32\msvcp71.dll
    2010-04-20 20:45:20 . 2010-06-30 03:31:15 607472 ----a-w- C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 20:44:34 3883856]
    "AIM"="C:\PROGRA~1\AIM\aim.exe" [2004-12-08 22:50:04 67160]
    "Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 14:17:48 5252408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 22:42:50 1037192]
    "BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2005-02-28 21:53:04 53248]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-26 19:01:00 4632576]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    backup=C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^MagicDisc.lnk]
    path=C:\Documents and Settings\User\Start Menu\Programs\Startup\MagicDisc.lnk
    backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    2005-11-08 22:00:38 128920 ----a-w- C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
    2004-08-22 21:05:02 81920 ----a-w- C:\Program Files\D-Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2004-10-26 19:01:00 4632576 ----a-w- C:\WINDOWS\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2004-10-26 16:01:00 921600 ----a-w- C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-05-21 03:56:49 1238352 ----a-w- C:\Program Files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uachgtnctuunqj]
    2010-06-08 08:13:44 370432 ----a-w- c:\Documents and Settings\User\Local Settings\Application Data\lpupdgt\rgbbobc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "YahooAUService"=2 (0x2)
    "Application Updater"=2 (0x2)
    "IDriverT"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "C:\\Program Files\\Steam\\Steam.exe"=
    "C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
    "C:\\Documents and Settings\\User\\My Documents\\Downloads\\utorrent.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\AIM\\aim.exe"=

    R0 d347bus;d347bus;C:\WINDOWS\system32\drivers\d347bus.sys [6/12/2010 12:58:02 AM 155136]
    R0 d347prt;d347prt;C:\WINDOWS\system32\drivers\d347prt.sys [6/12/2010 12:58:02 AM 5248]
    R2 RPCQT;Remote Procedure Call (CQTPM);C:\WINDOWS\System32\svchost.exe -k netsvcs [4/14/2008 1:42:38 AM 14336]
    R3 GTICARD;GTICARD;C:\WINDOWS\system32\drivers\gticard.sys [10/23/2003 8:04:00 PM 76160]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49:20 AM 227232]
    S4 Application Updater;Application Updater;C:\Program Files\Application Updater\ApplicationUpdater.exe [12/16/2009 6:38:20 PM 375296]
    S4 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [5/13/2010 7:11:32 PM 664064]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    RPCQT

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}]
    2008-04-14 05:41:50 99840 ----a-w- C:\WINDOWS\system32\advpack.dll
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyServer = http=127.0.0.1:5577
    uInternet Settings,ProxyOverride = <local>
    FF - ProfilePath - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\yhhem938.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
    FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\WINDOWS\system32\C2MP\npdivx32.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - trueC:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
    Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
    MSConfigStartUp-Adobe ARM - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    MSConfigStartUp-iCall Internet Phone - C:\Program Files\iCall\iCall.exe
    MSConfigStartUp-ISW - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    MSConfigStartUp-mxwmptav - C:\Documents and Settings\User\Local Settings\Application Data\ymksuqffc\sxftfyetssd.exe
    MSConfigStartUp-SearchSettings - C:\Program Files\Search Settings\SearchSettings.exe
    MSConfigStartUp-uxaskdww - C:\Documents and Settings\User\Local Settings\Application Data\ctsknabsf\mxufkmqtssd.exe




    DDS (Ver_10-03-17.01) - NTFSx86
    Run by User at 1:10:02.72 on Mon 07/12/2010
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.544 [GMT -4:00]

    FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\VM_STI.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\explorer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\User\My Documents\Downloads\dds(2).scr

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyServer = http=127.0.0.1:5577
    uInternet Settings,ProxyOverride = <local>
    uURLSearchHooks: H - No File
    BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.0.2\dealioToolbarIE.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.0.2\dealioToolbarIE.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [AIM] c:\progra~1\aim\aim.exe -cnetwait.odl
    uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [BigDogPath] c:\windows\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
    mASetup: {44BBA844-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection c:\windows\inf\CChat25.inf,PerUserAdd.NT

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\yhhem938.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

    ============= SERVICES / DRIVERS ===============

    R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2010-6-12 155136]
    R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2010-6-12 5248]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-6-30 486280]
    R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2003-10-23 76160]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2009-12-16 375296]

    =============== Created Last 30 ================

    2010-07-12 04:34:58 42112 -c--a-w- c:\windows\system32\dllcache\imapi.sys
    2010-07-12 04:34:58 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
    2010-07-12 04:33:07 0 d-sha-r- C:\cmdcons
    2010-07-12 04:28:08 0 d-----w- C:\ComboFix
    2010-07-08 23:14:28 552 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-07-07 07:16:39 0 d-----w- c:\docume~1\user\applic~1\MiK
    2010-07-07 07:16:13 0 d-----w- c:\docume~1\alluse~1\applic~1\MiK
    2010-07-07 07:16:08 0 d-----w- c:\program files\ExifPro
    2010-07-07 07:11:16 0 ----a-w- c:\windows\PixFiler.ini
    2010-07-07 07:11:06 0 d-----w- c:\program files\PixFiler
    2010-07-07 07:03:33 0 d-----w- c:\program files\Element-IT Software
    2010-07-02 19:57:47 0 d--h--w- c:\windows\PIF
    2010-06-25 07:42:12 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
    2010-06-25 00:07:57 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
    2010-06-25 00:07:53 0 d-----w- c:\program files\McAfee Security Scan
    2010-06-22 20:16:46 0 d-----w- c:\program files\Microsoft Chat
    2010-06-21 08:42:40 0 d-----w- c:\documents and settings\user\screenshots
    2010-06-21 08:42:40 0 d-----w- c:\documents and settings\user\saves
    2010-06-21 08:42:40 0 d-----w- c:\documents and settings\user\cdimages
    2010-06-21 08:42:40 0 d-----w- c:\documents and settings\user\cards
    2010-06-21 05:33:12 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
    2010-06-21 05:33:11 0 d-----w- c:\program files\MagicDisc
    2010-06-21 04:55:35 0 d-----w- c:\program files\Delta
    2010-06-21 04:52:17 0 d-----w- c:\documents and settings\user\parapparappa
    2010-06-21 04:08:29 0 d-----w- c:\program files\Pcsx2
    2010-06-21 03:45:59 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
    2010-06-21 03:44:06 0 d--h--w- c:\windows\msdownld.tmp
    2010-06-21 03:43:30 0 d-----w- c:\program files\PCSX2 0.9.7
    2010-06-20 23:56:16 0 d-sh--w- c:\windows\indi64
    2010-06-19 20:28:50 0 d-----w- c:\program files\uMusic
    2010-06-16 09:47:24 195 ----a-w- c:\windows\yukon.ini
    2010-06-16 09:38:43 24236 ----a-w- c:\windows\system\YUF_____.TTF
    2010-06-16 09:38:43 1316 ----a-w- c:\windows\system\YUF_____.FOT
    2010-06-16 09:38:43 0 d-----w- C:\MECC
    2010-06-16 09:38:15 721 ----a-w- c:\windows\WIN.YKN
    2010-06-16 09:38:15 721 ----a-w- c:\windows\WIN.EXM
    2010-06-15 06:09:19 614 ----a-w- c:\windows\eReg.dat
    2010-06-12 05:17:37 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
    2010-06-12 05:17:10 0 d-----w- c:\windows\RegisteredPackages

    ==================== Find3M ====================

    2010-06-25 07:51:52 11242 ----a-w- c:\windows\system32\nvModes.dat
    2010-06-12 04:52:15 96384 ----a-w- c:\windows\system32\drivers\sptd8589.sys
    2010-06-12 04:52:15 664064 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-06-02 08:55:30 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
    2010-06-02 08:55:30 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
    2010-06-02 08:55:30 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
    2010-05-26 15:41:02 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
    2010-05-26 15:41:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
    2010-05-26 15:41:02 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
    2010-05-26 15:41:02 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
    2010-05-26 15:41:02 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
    2010-05-25 23:19:30 13616 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-05-13 23:46:05 223128 ----a-w- c:\windows\system32\drivers\dtscsi.sys
    2010-04-29 09:47:50 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-04-26 19:58:12 256512 ----a-w- c:\windows\PEV.exe

    ============= FINISH: 1:11:20.57 ===============

  6. #6
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Was that complete c:\ComboFix.txt contents? It looks like ending part may have something missing there.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  7. #7
    Junior Member
    Join Date
    Jun 2010
    Posts
    5

    Default

    Yes thats the whole file. Should i try to run it again and paste the results?

  8. #8
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi again,


    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5577
    uInternet Settings,ProxyOverride = <local>
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    Folder::
    c:\Documents and Settings\User\Local Settings\Application Data\lpupdgt
    C:\Documents and Settings\User\Application Data\uTorrent
    File::
    C:\Documents and Settings\User\My Documents\Downloads\utorrent.exe
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uachgtnctuunqj]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Documents and Settings\\User\\My Documents\\Downloads\\utorrent.exe"=-

    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
    Then post the resultant log.


    Get latest Adobe Reader updates (9.3.2 & 9.3.3) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 Update 21.
    • Click the
      Download
      button to the right.
    • Select Windows on platform combobox and check the box that says:
      Accept License Agreement. Click continue.
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.




    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    If you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    If you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


    Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  9. #9
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Are you still there?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  10. #10
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,667

    Default

    deadpool this thread has been archived due to inactivity.

    As it has been four days or more since your last post, and the helper assisting you posted a response to which you did not reply, your topic will not be re-opened. If you still require help, please start a new topic and include a DDS log with a link to your previous thread.

    Please do not add any logs that might have been requested previously, you would be starting fresh.

    Applies only to the original poster, anyone else with similar problems please start your own topic.

    Thank you Blade81.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •