1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Not sure if its malware or virus or both?

Discussion in 'Malware and Virus Removal Archive' started by daiston, 2010/02/27.

  1. 2010/02/27
    daiston

    daiston Inactive Thread Starter

    Joined:
    2010/02/27
    Messages:
    3
    Likes Received:
    0
    [Active] Not sure if its malware or virus or both?

    Some weirdo friend requested me in icq and since then my internet
    explorer has been acting odd. Get pop-up windows for no reason, when
    I try to go to sites about removing spyware it redirects me (but if I
    open the site in a new tab it opens fine.. how i found this site I might
    add.) The DDS reports are listed below.


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-12-01.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/15/2010 8:28:30 PM
    System Uptime: 2/26/2010 9:15:36 PM (5 hours ago)

    Motherboard: MSI | | AMETHYST-M
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket 939 | 2188/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 279 GiB total, 162.887 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ACPI\AWY0001\2&DABA3FF&0
    Manufacturer:
    Name:
    PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
    Service:

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Video Controller (VGA Compatible)
    Device ID: PCI\VEN_1002&DEV_5954&SUBSYS_2A24103C&REV_00\4&1C9EB71F&0&2808
    Manufacturer:
    Name: Video Controller (VGA Compatible)
    PNP Device ID: PCI\VEN_1002&DEV_5954&SUBSYS_2A24103C&REV_00\4&1C9EB71F&0&2808
    Service:

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: SM Bus Controller
    Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_2A24103C&REV_11\3&61AAA01&0&A0
    Manufacturer:
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_2A24103C&REV_11\3&61AAA01&0&A0
    Service:

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8139/810x Family Fast Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A24103C&REV_10\4&1C88B56&0&18A4
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek RTL8139/810x Family Fast Ethernet NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A24103C&REV_10\4&1C88B56&0&18A4
    Service: RTL8023xp

    ==== System Restore Points ===================

    RP1: 2/15/2010 8:50:25 PM - System Checkpoint
    RP2: 2/15/2010 8:58:19 PM - Installed NETGEAR WG111v3 wireless USB 2.0 adapter
    RP3: 2/15/2010 9:14:16 PM - Software Distribution Service 3.0
    RP4: 2/15/2010 9:38:47 PM - Software Distribution Service 3.0
    RP5: 2/15/2010 10:09:47 PM - Installed Realtek AC'97 Audio
    RP6: 2/15/2010 10:22:49 PM - Software Distribution Service 3.0
    RP7: 2/15/2010 10:51:40 PM - Installed Windows Internet Explorer 8.
    RP8: 2/15/2010 10:52:01 PM - Software Distribution Service 3.0
    RP9: 2/15/2010 11:02:29 PM - Software Distribution Service 3.0
    RP10: 2/15/2010 11:32:21 PM - Software Distribution Service 3.0
    RP11: 2/15/2010 11:46:22 PM - Software Distribution Service 3.0
    RP12: 2/16/2010 12:30:10 AM - Installed BioShock
    RP13: 2/16/2010 12:40:41 AM - Installed DirectX
    RP14: 2/16/2010 12:48:02 AM - Installed Oblivion
    RP15: 2/16/2010 12:48:07 AM - Installed DirectX 9.0
    RP16: 2/16/2010 2:17:16 PM - Removed Ask Toolbar.
    RP17: 2/17/2010 2:29:31 PM - System Checkpoint
    RP18: 2/17/2010 5:32:16 PM - Installed DirectX
    RP19: 2/17/2010 5:32:57 PM - Installed DirectX
    RP20: 2/17/2010 5:33:22 PM - Installed Fallout 3
    RP21: 2/17/2010 5:57:13 PM - Installed Fallout 3 - DLC EN
    RP22: 2/17/2010 6:04:53 PM - Removed Fallout 3
    RP23: 2/17/2010 6:07:48 PM - Installed DirectX
    RP24: 2/17/2010 6:08:14 PM - Installed Fallout 3
    RP25: 2/17/2010 6:23:26 PM - Installed Fallout 3 - DLC EN
    RP26: 2/17/2010 6:27:18 PM - Installed Fallout 3 - DLC EN
    RP27: 2/17/2010 6:27:50 PM - Removed Fallout 3
    RP28: 2/17/2010 6:31:09 PM - Installed DirectX
    RP29: 2/17/2010 6:31:36 PM - Installed Fallout 3
    RP30: 2/17/2010 6:51:20 PM - Installed Fallout 3 - DLC EN
    RP31: 2/17/2010 6:55:55 PM - Removed Fallout 3
    RP32: 2/17/2010 7:02:22 PM - Installed DirectX
    RP33: 2/17/2010 7:02:49 PM - Installed Fallout 3
    RP34: 2/17/2010 8:57:49 PM - Installed Titan Quest
    RP35: 2/17/2010 9:01:32 PM - Installed DirectX
    RP36: 2/17/2010 9:04:14 PM - Installed Titan Quest Immortal Throne
    RP37: 2/17/2010 9:05:36 PM - Installed DirectX
    RP38: 2/19/2010 4:17:29 AM - System Checkpoint
    RP39: 2/20/2010 5:01:37 AM - System Checkpoint
    RP40: 2/20/2010 4:53:22 PM - Installed Nero 9 Lite 4.4.9.0
    RP41: 2/21/2010 4:48:33 PM - Installed DirectX
    RP42: 2/22/2010 7:29:44 PM - Installed Java(TM) 6 Update 18
    RP43: 2/23/2010 9:25:16 PM - System Checkpoint
    RP44: 2/24/2010 9:59:43 PM - System Checkpoint
    RP45: 2/25/2010 12:29:13 AM - Installed Steam
    RP46: 2/25/2010 12:40:20 AM - Installed Half-Life(R) 2
    RP47: 2/26/2010 1:25:26 AM - System Checkpoint
    RP48: 2/26/2010 4:41:14 PM - Installed MSXML 4.0 SP2 Parser and SDK
    RP49: 2/26/2010 9:24:04 PM - Installed Fallout 3 - DLC EN

    ==== Installed Programs ======================

    µTorrent
    7-Zip 4.65
    Action Replay Code Manager
    Adobe Flash Player 10 ActiveX
    Advertising Center
    Ask Toolbar
    BioShock
    Dropbox
    Fallout 3
    Google Toolbar for Internet Explorer
    Google Update Helper
    Half-Life(R) 2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    ICQ7
    Java Auto Updater
    Java(TM) 6 Update 18
    K-Lite Codec Pack 5.7.0 (Full)
    LUNA Online v1.0.0
    MagicDisc 2.7.106
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    MSXML 4.0 SP2 Parser and SDK
    Nero 9 Lite
    Nero ControlCenter
    Nero Installer
    Nero Online Upgrade
    Nero StartSmart
    neroxml
    NETGEAR WG111v3 wireless USB 2.0 adapter
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    Oblivion
    Pando Media Booster
    Realtek AC'97 Audio
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    Steam
    Titan Quest
    Titan Quest Immortal Throne
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB978207)
    WebFldrs XP
    Windows Commander (Remove only)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3

    ==== Event Viewer Messages From Past Week ========

    2/26/2010 9:16:24 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    2/26/2010 9:16:24 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

    ==== End Of File ===========================



    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Daist'n at 2:13:30.32 on Sat 02/27/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1021 [GMT -8:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Pando Networks\Media Booster\PMB.exe
    C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\wincmd\WINCMD32.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\0001 - NCC\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
    BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
    mRun: [AlcxMonitor] ALCXMNTR.EXE
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    StartupFolder: c:\docume~1\daist'n\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\icq7.0\ICQ.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266297049187
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266297040296
    DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2010-2-26 8576]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
    R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 341504]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 135664]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

    =============== Created Last 30 ================

    2010-02-27 05:06:46 0 d-----w- c:\docume~1\daist'n\applic~1\Dropbox
    2010-02-27 05:01:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
    2010-02-27 05:01:42 0 d-----w- c:\program files\MagicDisc
    2010-02-27 04:42:42 8576 ----a-w- c:\windows\system32\drivers\VCdRom.sys
    2010-02-27 00:41:14 0 d-----w- c:\program files\MSXML 4.0
    2010-02-27 00:40:58 0 d-----w- c:\program files\Datel
    2010-02-26 22:14:51 0 d-----w- c:\program files\Activision
    2010-02-26 22:10:48 100 ----a-w- c:\windows\Sfc3ng.ini
    2010-02-26 20:19:25 0 d-----w- c:\program files\ICQ7.0
    2010-02-25 08:29:14 0 d-----w- c:\program files\Steam
    2010-02-24 05:57:52 3433232 ----a-w- c:\windows\system32\GameMon.des
    2010-02-24 05:57:25 5174 ----a-w- c:\windows\system32\nppt9x.vxd
    2010-02-24 05:57:25 4682 ----a-w- c:\windows\system32\npptNT2.sys
    2010-02-24 05:56:54 0 d-----w- c:\program files\common files\INCA Shared
    2010-02-24 05:33:26 0 d-----w- C:\gPotato
    2010-02-24 04:15:30 0 d-----w- c:\docume~1\alluse~1\applic~1\PMB Files
    2010-02-24 04:14:48 0 d-----w- c:\program files\Pando Networks
    2010-02-23 03:58:43 0 d-----w- C:\.jagex_cache_32
    2010-02-23 03:32:16 69 ----a-w- c:\documents and settings\daist'n\jagex_runescape_preferences2.dat
    2010-02-23 03:30:56 41 ----a-w- c:\documents and settings\daist'n\jagex_runescape_preferences.dat
    2010-02-23 03:30:41 0 d-----w- c:\windows\.jagex_cache_32
    2010-02-23 03:30:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-02-23 03:30:00 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-02-22 00:48:38 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2010-02-22 00:48:37 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
    2010-02-22 00:48:27 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
    2010-02-21 07:59:07 0 d--h--w- c:\windows\PIF
    2010-02-21 00:53:34 0 d-----w- c:\program files\Nero
    2010-02-21 00:53:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Nero
    2010-02-21 00:53:10 0 d-----w- c:\program files\Ask.com
    2010-02-18 05:01:29 503808 ----a-w- c:\windows\system32\MSVCP71.dll
    2010-02-18 05:01:29 40960 ----a-r- c:\windows\system32\psfind.dll
    2010-02-18 05:01:29 1060864 ----a-w- c:\windows\system32\mfc71.dll
    2010-02-18 04:57:50 0 d-----w- c:\program files\THQ
    2010-02-18 01:32:55 0 d-----w- c:\windows\Logs
    2010-02-18 01:32:12 0 d-----w- c:\windows\system32\xlive
    2010-02-16 22:00:52 0 d-----w- c:\program files\uTorrent
    2010-02-16 22:00:34 0 d-----w- c:\docume~1\daist'n\applic~1\uTorrent
    2010-02-16 21:10:30 545 ----a-w- c:\windows\UC.PIF
    2010-02-16 21:10:30 545 ----a-w- c:\windows\RAR.PIF
    2010-02-16 21:10:30 545 ----a-w- c:\windows\PKZIP.PIF
    2010-02-16 21:10:30 545 ----a-w- c:\windows\PKUNZIP.PIF
    2010-02-16 21:10:30 545 ----a-w- c:\windows\NOCLOSE.PIF
    2010-02-16 21:10:30 545 ----a-w- c:\windows\LHA.PIF
    2010-02-16 21:10:30 545 ----a-w- c:\windows\ARJ.PIF
    2010-02-16 21:10:30 1246 ----a-w- c:\windows\wincmd.ini
    2010-02-16 21:10:30 0 d-----w- C:\wincmd
    2010-02-16 10:54:03 23 ----a-w- c:\windows\BlendSettings.ini
    2010-02-16 08:48:04 0 d-----w- c:\program files\Bethesda Softworks
    2010-02-16 08:41:04 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
    2010-02-16 08:41:04 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
    2010-02-16 08:41:04 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
    2010-02-16 08:41:04 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
    2010-02-16 08:41:04 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
    2010-02-16 08:41:03 81768 ----a-w- c:\windows\system32\xinput1_3.dll
    2010-02-16 08:41:02 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
    2010-02-16 08:41:01 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
    2010-02-16 08:41:01 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
    2010-02-16 08:39:27 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2010-02-16 08:30:10 0 d-----w- c:\program files\2K Games
    2010-02-16 08:27:13 38 ----a-w- c:\windows\avisplitter.ini
    2010-02-16 08:27:13 178176 ----a-w- c:\windows\system32\unrar.dll
    2010-02-16 08:27:12 881664 ----a-w- c:\windows\system32\xvidcore.dll
    2010-02-16 08:27:12 839680 ----a-w- c:\windows\system32\lameACM.acm
    2010-02-16 08:27:12 630784 ----a-w- c:\windows\system32\vp7vfw.dll
    2010-02-16 08:27:12 414 ----a-w- c:\windows\system32\lame_acm.xml
    2010-02-16 08:27:12 39936 ----a-w- c:\windows\system32\huffyuv.dll
    2010-02-16 08:27:12 217088 ----a-w- c:\windows\system32\yv12vfw.dll
    2010-02-16 08:27:12 205824 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-02-16 08:27:12 151552 ----a-w- c:\windows\system32\ac3acm.acm
    2010-02-16 08:27:11 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
    2010-02-16 08:27:10 85504 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-02-16 08:27:09 0 d-----w- c:\program files\K-Lite Codec Pack
    2010-02-16 08:12:54 0 d-----w- C:\0001 - NCC
    2010-02-16 08:03:38 8 ----a-w- c:\windows\system32\nvModes.dat
    2010-02-16 07:45:02 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
    2010-02-16 07:42:45 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-02-16 07:38:46 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
    2010-02-16 07:38:39 0 d-----w- c:\program files\NVIDIA Corporation
    2010-02-16 07:35:45 0 d-----w- c:\windows\system32\XPSViewer
    2010-02-16 07:35:23 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2010-02-16 07:35:23 117760 ------w- c:\windows\system32\prntvpt.dll
    2010-02-16 07:35:22 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2010-02-16 07:35:22 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2010-02-16 07:35:22 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2010-02-16 07:35:22 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2010-02-16 07:35:22 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2010-02-16 07:35:22 0 d-----w- C:\01f286769ff4ff261f0d
    2010-02-16 07:33:27 0 d-----w- c:\program files\Windows Media Connect 2
    2010-02-16 07:32:42 0 d-----w- c:\windows\system32\LogFiles
    2010-02-16 06:56:15 0 d-sh--w- c:\documents and settings\daist'n\PrivacIE
    2010-02-16 06:55:03 0 d-sh--w- c:\documents and settings\daist'n\IETldCache
    2010-02-16 06:52:20 0 d-----w- c:\windows\ie8updates
    2010-02-16 06:51:16 0 dc-h--w- c:\windows\ie8
    2010-02-16 06:49:51 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2010-02-16 06:49:48 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2010-02-16 06:49:47 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-02-16 06:49:47 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-02-16 06:49:47 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2010-02-16 06:49:47 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-02-16 06:49:45 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2010-02-16 06:29:02 0 d-----w- c:\windows\system32\scripting
    2010-02-16 06:29:02 0 d-----w- c:\windows\system32\en
    2010-02-16 06:29:02 0 d-----w- c:\windows\system32\bits
    2010-02-16 06:29:02 0 d-----w- c:\windows\l2schemas
    2010-02-16 06:26:31 0 d-----w- c:\windows\network diagnostic
    2010-02-16 06:25:45 0 d-----w- c:\windows\system32\ReinstallBackups
    2010-02-16 06:24:37 0 d-----w- c:\windows\EHome
    2010-02-16 06:21:59 9216 ------w- c:\windows\system32\dot3dlg.dll
    2010-02-16 06:18:49 0 d-----w- c:\docume~1\daist'n\applic~1\WinBatch
    2010-02-16 06:10:12 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
    2010-02-16 06:10:11 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
    2010-02-16 06:10:10 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
    2010-02-16 06:10:06 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
    2010-02-16 06:10:05 142592 ----a-w- c:\windows\system32\drivers\aec.sys
    2010-02-16 06:10:04 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
    2010-02-16 06:10:04 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
    2010-02-16 06:10:03 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
    2010-02-16 06:10:02 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys
    2010-02-16 06:10:01 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys
    2010-02-16 06:09:49 0 d-----w- c:\program files\Realtek AC97
    2010-02-16 05:35:45 353792 -c----w- c:\windows\system32\dllcache\srv.sys
    2010-02-16 05:33:10 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2010-02-16 05:29:17 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2010-02-16 05:29:17 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2010-02-16 05:29:09 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2010-02-16 05:29:09 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2010-02-16 05:24:39 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-02-16 05:20:34 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2010-02-16 05:20:12 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2010-02-16 05:19:29 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
    2010-02-16 05:17:47 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2010-02-16 05:17:19 2560 ------w- c:\windows\system32\xpsp4res.dll
    2010-02-16 05:17:18 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2010-02-16 05:14:33 26144 ----a-w- c:\windows\system32\spupdsvc.exe
    2010-02-16 05:14:33 0 d-----w- c:\windows\system32\PreInstall
    2010-02-16 05:11:15 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
    2010-02-16 05:11:15 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2010-02-16 05:11:15 0 d-----w- c:\windows\system32\SoftwareDistribution
    2010-02-16 05:11:14 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2010-02-16 05:11:14 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
    2010-02-16 05:10:04 0 d-sh--w- c:\documents and settings\daist'n\UserData
    2010-02-16 05:05:49 12540 ----a-w- c:\windows\system32\wpa.bak
    2010-02-16 04:58:34 0 d-----w- c:\program files\NETGEAR
    2010-02-16 04:26:00 0 d-sh--w- c:\documents and settings\all users\DRM
    2010-02-16 04:25:45 0 d--h--w- c:\program files\WindowsUpdate
    2010-02-16 04:24:47 0 d-----w- c:\program files\common files\MSSoap
    2010-02-16 04:23:27 0 d-----w- c:\program files\Online Services
    2010-02-16 04:23:23 0 d-----w- c:\program files\Messenger
    2010-02-16 04:23:19 0 d-----w- c:\program files\MSN Gaming Zone
    2010-02-16 04:22:30 0 d-----w- c:\program files\Windows NT
    2010-02-15 20:16:16 0 d-----w- c:\program files\common files\ODBC
    2010-02-15 20:16:11 0 d-----w- c:\program files\common files\SpeechEngines
    2010-02-15 20:15:41 0 d-----r- c:\documents and settings\all users\Documents

    ==================== Find3M ====================

    2010-02-16 04:59:12 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2010-02-16 04:23:59 21640 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-01-12 20:03:34 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
    2010-01-12 20:03:34 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2010-01-12 20:03:34 4104192 ----a-w- c:\windows\system32\nvcuda.dll
    2010-01-12 20:03:34 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-01-12 20:03:34 2283526 ----a-w- c:\windows\system32\nvdata.bin
    2010-01-12 20:03:34 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-01-12 20:03:34 182888 ----a-w- c:\windows\system32\nvcodins.dll
    2010-01-12 20:03:34 182888 ----a-w- c:\windows\system32\nvcod.dll
    2010-01-12 20:03:34 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
    2010-01-12 20:03:34 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-01-12 20:03:34 1081344 ----a-w- c:\windows\system32\nvapi.dll
    2010-01-12 20:03:34 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2010-01-12 06:17:44 278120 ----a-w- c:\windows\system32\nvmccs.dll
    2010-01-12 06:17:44 154216 ----a-w- c:\windows\system32\nvsvc32.exe
    2010-01-12 06:17:44 145000 ----a-w- c:\windows\system32\nvcolor.exe
    2010-01-12 06:17:44 13666408 ----a-w- c:\windows\system32\nvcpl.dll
    2010-01-12 06:17:44 110696 ----a-w- c:\windows\system32\nvmctray.dll
    2010-01-12 06:17:40 81920 ----a-w- c:\windows\system32\nvwddi.dll
    2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2009-12-08 19:26:15 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
    2009-12-08 18:43:51 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2009-12-01 02:02:40 171144 ----a-w- c:\windows\system32\xliveinstall.dll
    2009-12-01 02:02:38 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
    2007-12-28 23:02:12 287232 ----a-w- c:\windows\inf\wg111v3\wg111v3.sys
    2007-12-28 22:59:30 342528 ----a-w- c:\windows\inf\wg111v3\vista64\wg111v3.sys
    2007-11-28 01:53:58 63488 ----a-w- c:\windows\inf\wg111v3\SetDrv64.exe
    2007-11-28 01:52:44 32768 ----a-w- c:\windows\inf\wg111v3\SetDrv.exe
    2006-12-15 19:30:36 98304 ----a-w- c:\windows\inf\wg111v3\UScanM.exe
    2006-12-15 19:30:36 315392 ----a-w- c:\windows\inf\wg111v3\InstallDriver.exe
    2006-12-15 19:30:36 212992 ----a-w- c:\windows\inf\wg111v3\CopyWHQLDriver.exe
    2006-12-15 19:30:36 20480 ----a-w- c:\windows\inf\wg111v3\RTWUPath.exe
    2006-12-15 19:30:36 19968 ----a-w- c:\windows\inf\wg111v3\RTWREFU.EXE

    ============= FINISH: 2:14:26.95 ===============
     
    daiston,
    #1
  2. 2010/02/27
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them,

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.
     
    Admin.,
    #2


  3. to hide this advert.

  4. 2010/02/27
    daiston

    daiston Inactive Thread Starter

    Joined:
    2010/02/27
    Messages:
    3
    Likes Received:
    0
    Utorrent is now uninstalled.
     
    daiston,
    #3
  5. 2010/02/27
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    That's fine, but I suggest you carefully read the links above to educate yourself in the risks involved. Your brain is the best protection against malware/virus infections!
     
    Admin.,
    #4
  6. 2010/02/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I don't see any antivirus program running. Why would that be?
     
    broni,
    #5
  7. 2010/02/27
    daiston

    daiston Inactive Thread Starter

    Joined:
    2010/02/27
    Messages:
    3
    Likes Received:
    0
    reinstalled (didn't realize it had been uninstalled..) trend micro internet security and it found and cleaned a bunch of stuff.. seemed to fix some problems gonna repost a new dds report just in case it missed anything..


    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Daist'n at 21:10:56.14 on Sat 02/27/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1455 [GMT -8:00]

    AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
    FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

    ============== Running Processes ===============

    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Pando Networks\Media Booster\PMB.exe
    C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\wincmd\WINCMD32.EXE
    c:\0001 - NCC\dds.scr
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
    BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
    mRun: [AlcxMonitor] ALCXMNTR.EXE
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe "
    StartupFolder: c:\docume~1\daist'n\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\icq7.0\ICQ.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266297049187
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266297040296
    DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 89.149.210.47 www.google.nl
    Hosts: 89.149.210.47 www.google.fr
    Hosts: 89.149.210.47 us.search.yahoo.com
    Hosts: 89.149.210.47 www.google.ca
    Hosts: 89.149.210.47 uk.search.yahoo.com

    Note: multiple HOSTS entries found. Please refer to Attach.txt

    ============= SERVICES / DRIVERS ===============

    R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2010-2-26 8576]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
    R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-2-27 36368]
    R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 341504]
    R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2010-2-27 339984]
    R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-2-27 50704]
    R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-2-27 497008]
    R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-2-27 689416]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

    =============== Created Last 30 ================

    2010-02-28 02:56:30 59920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
    2010-02-28 02:56:30 50704 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
    2010-02-28 02:56:30 158224 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2010-02-28 02:55:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro
    2010-02-28 02:55:30 0 d-----w- c:\program files\Trend Micro
    2010-02-28 02:54:27 661808 ----a-w- c:\windows\system32\UfWSC.cpl
    2010-02-28 02:54:26 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
    2010-02-28 02:54:26 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
    2010-02-28 02:54:26 339984 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
    2010-02-28 02:54:26 225808 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
    2010-02-28 02:54:26 1223832 ----a-w- c:\windows\system32\drivers\vsapint.sys
    2010-02-27 18:45:46 0 d-sh--w- c:\windows\system32\lowsec
    2010-02-27 13:35:18 0 d-----w- c:\windows\Cache
    2010-02-27 12:24:14 0 d-----w- c:\docume~1\daist'n\applic~1\Malwarebytes
    2010-02-27 12:24:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-02-27 12:24:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-27 12:24:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-27 12:24:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-02-27 05:06:46 0 d-----w- c:\docume~1\daist'n\applic~1\Dropbox
    2010-02-27 05:01:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
    2010-02-27 05:01:42 0 d-----w- c:\program files\MagicDisc
    2010-02-27 04:42:42 8576 ----a-w- c:\windows\system32\drivers\VCdRom.sys
    2010-02-27 00:41:14 0 d-----w- c:\program files\MSXML 4.0
    2010-02-27 00:40:58 0 d-----w- c:\program files\Datel
    2010-02-26 22:14:51 0 d-----w- c:\program files\Activision
    2010-02-26 22:10:48 100 ----a-w- c:\windows\Sfc3ng.ini
    2010-02-26 20:19:25 0 d-----w- c:\program files\ICQ7.0
    2010-02-25 08:29:14 0 d-----w- c:\program files\Steam
    2010-02-24 05:57:52 3433232 ----a-w- c:\windows\system32\GameMon.des
    2010-02-24 05:57:25 5174 ----a-w- c:\windows\system32\nppt9x.vxd
    2010-02-24 05:57:25 4682 ----a-w- c:\windows\system32\npptNT2.sys
    2010-02-24 05:56:54 0 d-----w- c:\program files\common files\INCA Shared
    2010-02-24 05:33:26 0 d-----w- C:\gPotato
    2010-02-24 04:15:30 0 d-----w- c:\docume~1\alluse~1\applic~1\PMB Files
    2010-02-24 04:14:48 0 d-----w- c:\program files\Pando Networks
    2010-02-23 03:58:43 0 d-----w- C:\.jagex_cache_32
    2010-02-23 03:32:16 69 ----a-w- c:\documents and settings\daist'n\jagex_runescape_preferences2.dat
    2010-02-23 03:30:56 41 ----a-w- c:\documents and settings\daist'n\jagex_runescape_preferences.dat
    2010-02-23 03:30:41 0 d-----w- c:\windows\.jagex_cache_32
    2010-02-23 03:30:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-02-23 03:30:00 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-02-22 00:48:38 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2010-02-22 00:48:37 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
    2010-02-22 00:48:27 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
    2010-02-21 07:59:07 0 d--h--w- c:\windows\PIF
    2010-02-21 00:53:34 0 d-----w- c:\program files\Nero
    2010-02-21 00:53:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Nero
    2010-02-21 00:53:10 0 d-----w- c:\program files\Ask.com
    2010-02-18 05:01:29 503808 ----a-w- c:\windows\system32\MSVCP71.dll
    2010-02-18 05:01:29 40960 ----a-r- c:\windows\system32\psfind.dll
    2010-02-18 05:01:29 1060864 ----a-w- c:\windows\system32\mfc71.dll
    2010-02-18 04:57:50 0 d-----w- c:\program files\THQ
    2010-02-18 01:32:55 0 d-----w- c:\windows\Logs
    2010-02-18 01:32:12 0 d-----w- c:\windows\system32\xlive
    2010-02-16 21:10:30 545 ----a-w- c:\windows\UC.PIF
    2010-02-16 21:10:30 545 ----a-w- c:\windows\RAR.PIF
    2010-02-16 21:10:30 545 ----a-w- c:\windows\PKZIP.PIF
    2010-02-16 21:10:30 545 ----a-w- c:\windows\PKUNZIP.PIF
    2010-02-16 21:10:30 545 ----a-w- c:\windows\NOCLOSE.PIF
    2010-02-16 21:10:30 545 ----a-w- c:\windows\LHA.PIF
    2010-02-16 21:10:30 545 ----a-w- c:\windows\ARJ.PIF
    2010-02-16 21:10:30 1273 ----a-w- c:\windows\wincmd.ini
    2010-02-16 21:10:30 0 d-----w- C:\wincmd
    2010-02-16 10:54:03 23 ----a-w- c:\windows\BlendSettings.ini
    2010-02-16 08:48:04 0 d-----w- c:\program files\Bethesda Softworks
    2010-02-16 08:41:04 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
    2010-02-16 08:41:04 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
    2010-02-16 08:41:04 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
    2010-02-16 08:41:04 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
    2010-02-16 08:41:04 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
    2010-02-16 08:41:03 81768 ----a-w- c:\windows\system32\xinput1_3.dll
    2010-02-16 08:41:02 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
    2010-02-16 08:41:01 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
    2010-02-16 08:41:01 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
    2010-02-16 08:39:27 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2010-02-16 08:30:10 0 d-----w- c:\program files\2K Games
    2010-02-16 08:27:13 38 ----a-w- c:\windows\avisplitter.ini
    2010-02-16 08:27:13 178176 ----a-w- c:\windows\system32\unrar.dll
    2010-02-16 08:27:12 881664 ----a-w- c:\windows\system32\xvidcore.dll
    2010-02-16 08:27:12 839680 ----a-w- c:\windows\system32\lameACM.acm
    2010-02-16 08:27:12 630784 ----a-w- c:\windows\system32\vp7vfw.dll
    2010-02-16 08:27:12 414 ----a-w- c:\windows\system32\lame_acm.xml
    2010-02-16 08:27:12 39936 ----a-w- c:\windows\system32\huffyuv.dll
    2010-02-16 08:27:12 217088 ----a-w- c:\windows\system32\yv12vfw.dll
    2010-02-16 08:27:12 205824 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-02-16 08:27:12 151552 ----a-w- c:\windows\system32\ac3acm.acm
    2010-02-16 08:27:11 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
    2010-02-16 08:27:10 85504 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-02-16 08:27:09 0 d-----w- c:\program files\K-Lite Codec Pack
    2010-02-16 08:12:54 0 d-----w- C:\0001 - NCC
    2010-02-16 08:03:38 8 ----a-w- c:\windows\system32\nvModes.dat
    2010-02-16 07:45:02 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
    2010-02-16 07:42:45 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-02-16 07:38:46 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
    2010-02-16 07:38:39 0 d-----w- c:\program files\NVIDIA Corporation
    2010-02-16 07:35:45 0 d-----w- c:\windows\system32\XPSViewer
    2010-02-16 07:35:23 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2010-02-16 07:35:23 117760 ------w- c:\windows\system32\prntvpt.dll
    2010-02-16 07:35:22 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2010-02-16 07:35:22 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2010-02-16 07:35:22 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2010-02-16 07:35:22 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2010-02-16 07:35:22 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2010-02-16 07:35:22 0 d-----w- C:\01f286769ff4ff261f0d
    2010-02-16 07:33:27 0 d-----w- c:\program files\Windows Media Connect 2
    2010-02-16 07:32:42 0 d-----w- c:\windows\system32\LogFiles
    2010-02-16 06:56:15 0 d-sh--w- c:\documents and settings\daist'n\PrivacIE
    2010-02-16 06:55:03 0 d-sh--w- c:\documents and settings\daist'n\IETldCache
    2010-02-16 06:52:20 0 d-----w- c:\windows\ie8updates
    2010-02-16 06:51:16 0 dc-h--w- c:\windows\ie8
    2010-02-16 06:49:51 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2010-02-16 06:49:48 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2010-02-16 06:49:47 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-02-16 06:49:47 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-02-16 06:49:47 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2010-02-16 06:49:47 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-02-16 06:49:45 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2010-02-16 06:29:02 0 d-----w- c:\windows\system32\scripting
    2010-02-16 06:29:02 0 d-----w- c:\windows\system32\en
    2010-02-16 06:29:02 0 d-----w- c:\windows\system32\bits
    2010-02-16 06:29:02 0 d-----w- c:\windows\l2schemas
    2010-02-16 06:26:31 0 d-----w- c:\windows\network diagnostic
    2010-02-16 06:25:45 0 d-----w- c:\windows\system32\ReinstallBackups
    2010-02-16 06:24:37 0 d-----w- c:\windows\EHome
    2010-02-16 06:21:59 9216 ------w- c:\windows\system32\dot3dlg.dll
    2010-02-16 06:18:49 0 d-----w- c:\docume~1\daist'n\applic~1\WinBatch
    2010-02-16 06:10:12 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
    2010-02-16 06:10:11 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
    2010-02-16 06:10:10 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
    2010-02-16 06:10:06 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
    2010-02-16 06:10:05 142592 ----a-w- c:\windows\system32\drivers\aec.sys
    2010-02-16 06:10:04 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
    2010-02-16 06:10:04 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
    2010-02-16 06:10:03 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
    2010-02-16 06:10:02 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys
    2010-02-16 06:10:01 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys
    2010-02-16 06:09:49 0 d-----w- c:\program files\Realtek AC97
    2010-02-16 05:35:45 353792 -c----w- c:\windows\system32\dllcache\srv.sys
    2010-02-16 05:33:10 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2010-02-16 05:29:17 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2010-02-16 05:29:17 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2010-02-16 05:29:09 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2010-02-16 05:29:09 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2010-02-16 05:24:39 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-02-16 05:20:34 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2010-02-16 05:20:12 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2010-02-16 05:19:29 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
    2010-02-16 05:17:47 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2010-02-16 05:17:19 2560 ------w- c:\windows\system32\xpsp4res.dll
    2010-02-16 05:17:18 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2010-02-16 05:14:33 26144 ----a-w- c:\windows\system32\spupdsvc.exe
    2010-02-16 05:14:33 0 d-----w- c:\windows\system32\PreInstall
    2010-02-16 05:11:15 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
    2010-02-16 05:11:15 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2010-02-16 05:11:15 0 d-----w- c:\windows\system32\SoftwareDistribution
    2010-02-16 05:11:14 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2010-02-16 05:11:14 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
    2010-02-16 05:10:04 0 d-sh--w- c:\documents and settings\daist'n\UserData
    2010-02-16 05:05:49 12540 ----a-w- c:\windows\system32\wpa.bak
    2010-02-16 04:58:34 0 d-----w- c:\program files\NETGEAR
    2010-02-16 04:26:00 0 d-sh--w- c:\documents and settings\all users\DRM
    2010-02-16 04:25:45 0 d--h--w- c:\program files\WindowsUpdate
    2010-02-16 04:24:47 0 d-----w- c:\program files\common files\MSSoap
    2010-02-16 04:23:27 0 d-----w- c:\program files\Online Services
    2010-02-16 04:23:23 0 d-----w- c:\program files\Messenger
    2010-02-16 04:23:19 0 d-----w- c:\program files\MSN Gaming Zone
    2010-02-16 04:22:30 0 d-----w- c:\program files\Windows NT
    2010-02-15 20:16:16 0 d-----w- c:\program files\common files\ODBC
    2010-02-15 20:16:11 0 d-----w- c:\program files\common files\SpeechEngines
    2010-02-15 20:15:41 0 d-----r- c:\documents and settings\all users\Documents

    ==================== Find3M ====================

    2010-02-16 04:59:12 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2010-02-16 04:23:59 21640 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-01-12 20:03:34 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
    2010-01-12 20:03:34 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2010-01-12 20:03:34 4104192 ----a-w- c:\windows\system32\nvcuda.dll
    2010-01-12 20:03:34 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-01-12 20:03:34 2283526 ----a-w- c:\windows\system32\nvdata.bin
    2010-01-12 20:03:34 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-01-12 20:03:34 182888 ----a-w- c:\windows\system32\nvcodins.dll
    2010-01-12 20:03:34 182888 ----a-w- c:\windows\system32\nvcod.dll
    2010-01-12 20:03:34 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
    2010-01-12 20:03:34 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-01-12 20:03:34 1081344 ----a-w- c:\windows\system32\nvapi.dll
    2010-01-12 20:03:34 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2010-01-12 06:17:44 278120 ----a-w- c:\windows\system32\nvmccs.dll
    2010-01-12 06:17:44 154216 ----a-w- c:\windows\system32\nvsvc32.exe
    2010-01-12 06:17:44 145000 ----a-w- c:\windows\system32\nvcolor.exe
    2010-01-12 06:17:44 13666408 ----a-w- c:\windows\system32\nvcpl.dll
    2010-01-12 06:17:44 110696 ----a-w- c:\windows\system32\nvmctray.dll
    2010-01-12 06:17:40 81920 ----a-w- c:\windows\system32\nvwddi.dll
    2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2009-12-08 19:26:15 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
    2009-12-08 18:43:51 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2009-12-01 02:02:40 171144 ----a-w- c:\windows\system32\xliveinstall.dll
    2009-12-01 02:02:38 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
    2007-12-28 23:02:12 287232 ----a-w- c:\windows\inf\wg111v3\wg111v3.sys
    2007-12-28 22:59:30 342528 ----a-w- c:\windows\inf\wg111v3\vista64\wg111v3.sys
    2007-11-28 01:53:58 63488 ----a-w- c:\windows\inf\wg111v3\SetDrv64.exe
    2007-11-28 01:52:44 32768 ----a-w- c:\windows\inf\wg111v3\SetDrv.exe
    2006-12-15 19:30:36 98304 ----a-w- c:\windows\inf\wg111v3\UScanM.exe
    2006-12-15 19:30:36 315392 ----a-w- c:\windows\inf\wg111v3\InstallDriver.exe
    2006-12-15 19:30:36 212992 ----a-w- c:\windows\inf\wg111v3\CopyWHQLDriver.exe
    2006-12-15 19:30:36 20480 ----a-w- c:\windows\inf\wg111v3\RTWUPath.exe
    2006-12-15 19:30:36 19968 ----a-w- c:\windows\inf\wg111v3\RTWREFU.EXE

    ============= FINISH: 21:12:00.51 ===============




    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-12-01.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/15/2010 8:28:30 PM
    System Uptime: 2/27/2010 7:59:42 PM (2 hours ago)

    Motherboard: MSI | | AMETHYST-M
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket 939 | 2188/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 279 GiB total, 161.966 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ACPI\AWY0001\2&DABA3FF&0
    Manufacturer:
    Name:
    PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
    Service:

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Video Controller (VGA Compatible)
    Device ID: PCI\VEN_1002&DEV_5954&SUBSYS_2A24103C&REV_00\4&1C9EB71F&0&2808
    Manufacturer:
    Name: Video Controller (VGA Compatible)
    PNP Device ID: PCI\VEN_1002&DEV_5954&SUBSYS_2A24103C&REV_00\4&1C9EB71F&0&2808
    Service:

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: SM Bus Controller
    Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_2A24103C&REV_11\3&61AAA01&0&A0
    Manufacturer:
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_2A24103C&REV_11\3&61AAA01&0&A0
    Service:

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8139/810x Family Fast Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A24103C&REV_10\4&1C88B56&0&18A4
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek RTL8139/810x Family Fast Ethernet NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A24103C&REV_10\4&1C88B56&0&18A4
    Service: RTL8023xp

    ==== System Restore Points ===================

    RP1: 2/15/2010 8:50:25 PM - System Checkpoint
    RP2: 2/15/2010 8:58:19 PM - Installed NETGEAR WG111v3 wireless USB 2.0 adapter
    RP3: 2/15/2010 9:14:16 PM - Software Distribution Service 3.0
    RP4: 2/15/2010 9:38:47 PM - Software Distribution Service 3.0
    RP5: 2/15/2010 10:09:47 PM - Installed Realtek AC'97 Audio
    RP6: 2/15/2010 10:22:49 PM - Software Distribution Service 3.0
    RP7: 2/15/2010 10:51:40 PM - Installed Windows Internet Explorer 8.
    RP8: 2/15/2010 10:52:01 PM - Software Distribution Service 3.0
    RP9: 2/15/2010 11:02:29 PM - Software Distribution Service 3.0
    RP10: 2/15/2010 11:32:21 PM - Software Distribution Service 3.0
    RP11: 2/15/2010 11:46:22 PM - Software Distribution Service 3.0
    RP12: 2/16/2010 12:30:10 AM - Installed BioShock
    RP13: 2/16/2010 12:40:41 AM - Installed DirectX
    RP14: 2/16/2010 12:48:02 AM - Installed Oblivion
    RP15: 2/16/2010 12:48:07 AM - Installed DirectX 9.0
    RP16: 2/16/2010 2:17:16 PM - Removed Ask Toolbar.
    RP17: 2/17/2010 2:29:31 PM - System Checkpoint
    RP18: 2/17/2010 5:32:16 PM - Installed DirectX
    RP19: 2/17/2010 5:32:57 PM - Installed DirectX
    RP20: 2/17/2010 5:33:22 PM - Installed Fallout 3
    RP21: 2/17/2010 5:57:13 PM - Installed Fallout 3 - DLC EN
    RP22: 2/17/2010 6:04:53 PM - Removed Fallout 3
    RP23: 2/17/2010 6:07:48 PM - Installed DirectX
    RP24: 2/17/2010 6:08:14 PM - Installed Fallout 3
    RP25: 2/17/2010 6:23:26 PM - Installed Fallout 3 - DLC EN
    RP26: 2/17/2010 6:27:18 PM - Installed Fallout 3 - DLC EN
    RP27: 2/17/2010 6:27:50 PM - Removed Fallout 3
    RP28: 2/17/2010 6:31:09 PM - Installed DirectX
    RP29: 2/17/2010 6:31:36 PM - Installed Fallout 3
    RP30: 2/17/2010 6:51:20 PM - Installed Fallout 3 - DLC EN
    RP31: 2/17/2010 6:55:55 PM - Removed Fallout 3
    RP32: 2/17/2010 7:02:22 PM - Installed DirectX
    RP33: 2/17/2010 7:02:49 PM - Installed Fallout 3
    RP34: 2/17/2010 8:57:49 PM - Installed Titan Quest
    RP35: 2/17/2010 9:01:32 PM - Installed DirectX
    RP36: 2/17/2010 9:04:14 PM - Installed Titan Quest Immortal Throne
    RP37: 2/17/2010 9:05:36 PM - Installed DirectX
    RP38: 2/19/2010 4:17:29 AM - System Checkpoint
    RP39: 2/20/2010 5:01:37 AM - System Checkpoint
    RP40: 2/20/2010 4:53:22 PM - Installed Nero 9 Lite 4.4.9.0
    RP41: 2/21/2010 4:48:33 PM - Installed DirectX
    RP42: 2/22/2010 7:29:44 PM - Installed Java(TM) 6 Update 18
    RP43: 2/23/2010 9:25:16 PM - System Checkpoint
    RP44: 2/24/2010 9:59:43 PM - System Checkpoint
    RP45: 2/25/2010 12:29:13 AM - Installed Steam
    RP46: 2/25/2010 12:40:20 AM - Installed Half-Life(R) 2
    RP47: 2/26/2010 1:25:26 AM - System Checkpoint
    RP48: 2/26/2010 4:41:14 PM - Installed MSXML 4.0 SP2 Parser and SDK
    RP49: 2/26/2010 9:24:04 PM - Installed Fallout 3 - DLC EN
    RP50: 2/27/2010 6:55:29 PM - Installed Trend Micro Internet Security
    RP51: 2/27/2010 7:57:03 PM - Software Distribution Service 3.0

    ==== Hosts File Hijack ======================

    Hosts: 89.149.210.47 www.google.nl
    Hosts: 89.149.210.47 www.google.fr
    Hosts: 89.149.210.47 us.search.yahoo.com
    Hosts: 89.149.210.47 www.google.ca
    Hosts: 89.149.210.47 uk.search.yahoo.com
    Hosts: 89.149.210.47 www.google.es
    Hosts: 89.149.210.47 www.google.co.za
    Hosts: 89.149.210.47 www.google.pt
    Hosts: 89.149.210.47 www.google.ie
    Hosts: 89.149.210.47 www.google.com.br
    Hosts: 89.149.210.47 www.google.co.jp
    Hosts: 89.149.210.47 search.yahoo.com
    Hosts: 89.149.210.47 www.google.gr
    Hosts: 89.149.210.47 www.google.ch
    Hosts: 89.149.210.47 www.google.fi
    Hosts: 89.149.210.47 www.google.com.au
    Hosts: 89.149.210.47 www.google.dk
    Hosts: 89.149.210.47 www.google.com.mx
    Hosts: 89.149.210.47 www.google.se
    Hosts: 89.149.210.47 www.google.it
    Hosts: 89.149.210.47 www.google.de
    Hosts: 89.149.210.47 www.google.co.uk
    Hosts: 89.149.210.47 www.google.at
    Hosts: 89.149.210.47 www.google.no
    Hosts: 89.149.210.47 www.google.be

    ==== Installed Programs ======================

    7-Zip 4.65
    Action Replay Code Manager
    Adobe Flash Player 10 ActiveX
    Advertising Center
    Ask Toolbar
    BioShock
    Dropbox
    Fallout 3
    Half-Life(R) 2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    ICQ7
    Java Auto Updater
    Java(TM) 6 Update 18
    K-Lite Codec Pack 5.7.0 (Full)
    LUNA Online v1.0.0
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Nero 9 Lite
    Nero ControlCenter
    Nero Installer
    Nero Online Upgrade
    Nero StartSmart
    neroxml
    NETGEAR WG111v3 wireless USB 2.0 adapter
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    Oblivion
    Pando Media Booster
    Realtek AC'97 Audio
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    Steam
    Titan Quest
    Titan Quest Immortal Throne
    Trend Micro Internet Security
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB978207)
    WebFldrs XP
    Windows Commander (Remove only)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3

    ==== Event Viewer Messages From Past Week ========

    2/26/2010 9:16:24 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    2/26/2010 9:16:24 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

    ==== End Of File ===========================
     
    daiston,
    #6
  8. 2010/02/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***


    STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 3. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Installer under Version 2.0.2
    [DO NOT download version 2.0.3 (beta)]
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #7

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...