Loan Call, did not make? Infected?

[Rikazu]

Im posting here because the scans I ran failed to find any malware.

Yesterday something odd happened, I was not on any suspicious site, just some forum that I go to a lot. My internet suddenly did not work for around 3 hours, when my dad's and my brother's did. [We are all connected to the same network.]

While only my internet was down, we got a call asking about a loan Adam [Insert last name here] requested. I did not ever ask for a loan, so I thought that I must be infected. Except shortly after I hung up my internet came back. Everything was working fine now, except we got another call an hour later. When I disabled my network and went through the Start>Run>Msconfig>BOOT.INI>/SAFEBOOT, I ran scans using Spybot Search and Destroy, SUPERAntiSpyware, and the mrt.exe. Nothing was found on all of them.

I got the logs and I will post them below. I really want to know if I am infected with anything or not :/.

DDS Log


DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 11:00:03.14 on Wed 07/08/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.240 [GMT -6:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\ShortKeys2\shklite.exe
svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\system32\rundll32.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*hxxp://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*hxxp://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://www.yahoo.com
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {0D624EA8-F36B-4087-B5E1-08D7F17A85B9} - No File
BHO: {37DCAC3E-32BF-4E74-A3B8-D166A5317E15} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Answers.com Toolbar: {6341761b-babe-406d-b0d6-8d99b81c2ee5} - c:\program files\answers.com\tbAnsw.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {7754C418-F62E-44AA-B169-E719E718BCFD} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [FLMOFFICE4DMOUSE] c:\program files\browser mouse\mouse32a.exe
mRun: [20299561] rundll32.exe
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
mRunOnce: [SpybotDeletingA4778] command /c del "c:\windows\system32\2b0a511f-.txt"
mRunOnce: [SpybotDeletingC4073] cmd /c del "c:\windows\system32\2b0a511f-.txt"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\shortk~1.lnk - c:\program files\shortkeys2\shklite.exe
IE: &AOL Toolbar search
IE: Answers... - file://c:\program files\1-click answers\html\atiemenu.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.qwest.com/internethelp/ocf/content/includes/controls/tgctlsr.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - hxxp://download1.answers.com/pub/AnswersSetup.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\opnnnnND

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\08k6skyu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.hxxp.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "hxxps://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-6-20 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-20 47640]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2009-3-22 24936]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2009-6-13 582992]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2009-6-13 206608]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 MzBot;MzBot;\??\c:\mzbot.sys --> c:\MzBot.sys [?]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys --> c:\windows\system32\drivers\teamviewervpn.sys [?]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2009-6-13 206608]
S3 XDva037;XDva037;\??\c:\windows\system32\xdva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva098;XDva098;\??\c:\windows\system32\xdva098.sys --> c:\windows\system32\XDva098.sys [?]
S3 XDva134;XDva134;\??\c:\windows\system32\xdva134.sys --> c:\windows\system32\XDva134.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-07-07 20:00 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-07-07 19:55 <DIR> --d----- c:\program files\Hamachi
2009-07-07 17:18 <DIR> --d----- c:\program files\MSXML 6.0
2009-07-07 16:54 <DIR> --d----- c:\program files\Microsoft SQL Server
2009-07-04 19:39 771,581 ac------ c:\windows\system32\dllcache\winacisa.sys
2009-07-04 19:38 397,502 ac------ c:\windows\system32\dllcache\vpctcom.sys
2009-07-04 19:37 94,720 ac------ c:\windows\system32\dllcache\umaxud32.dll
2009-07-04 19:36 440,576 ac------ c:\windows\system32\dllcache\tridkb.dll
2009-07-04 19:35 7,040 ac------ c:\windows\system32\dllcache\tandqic.sys
2009-07-04 19:34 48,736 ac------ c:\windows\system32\dllcache\srwlnd5.sys
2009-07-04 19:33 24,576 ac------ c:\windows\system32\dllcache\smc8000n.sys
2009-07-04 19:32 252,032 ac------ c:\windows\system32\dllcache\sis300iv.dll
2009-07-04 19:31 43,904 ac------ c:\windows\system32\dllcache\sbp2port.sys
2009-07-04 19:30 19,017 ac------ c:\windows\system32\dllcache\rtl8029.sys
2009-07-04 19:30 30,720 ac------ c:\windows\system32\dllcache\rthwcls.sys
2009-07-04 19:30 9,216 ac------ c:\windows\system32\dllcache\rsmgrstr.dll
2009-07-04 19:30 3,840 ac------ c:\windows\system32\dllcache\rpfun.sys
2009-07-04 19:30 79,104 ac------ c:\windows\system32\dllcache\rocket.sys
2009-07-04 19:30 37,563 ac------ c:\windows\system32\dllcache\rlnet5.sys
2009-07-04 19:30 86,097 ac------ c:\windows\system32\dllcache\reslog32.dll
2009-07-04 19:30 19,584 ac------ c:\windows\system32\dllcache\rasirda.sys
2009-07-04 19:30 714,762 ac------ c:\windows\system32\dllcache\r2mdmkxx.sys
2009-07-04 19:30 899,146 ac------ c:\windows\system32\dllcache\r2mdkxga.sys
2009-07-04 19:30 41,472 ac------ c:\windows\system32\dllcache\qvusd.dll
2009-07-04 19:30 3,328 ac------ c:\windows\system32\dllcache\qv2kux.sys
2009-07-04 19:28 92,416 ac------ c:\windows\system32\dllcache\phildec.sys
2009-07-04 19:27 351,616 ac------ c:\windows\system32\dllcache\ovcodek2.sys
2009-07-04 13:38 <DIR> --d----- C:\My Programs
2009-07-04 13:21 <DIR> --d----- C:\MinGW
2009-06-30 17:54 <DIR> --d----- c:\program files\ImageConverter Plus
2009-06-30 14:01 87,040 ac------ c:\windows\system32\dllcache\nm6wdm.sys
2009-06-30 14:00 229,439 ac------ c:\windows\system32\dllcache\multibox.dll
2009-06-30 14:00 21,888 ac------ c:\windows\system32\dllcache\mxcard.sys
2009-06-30 14:00 103,296 ac------ c:\windows\system32\dllcache\mtxvideo.sys
2009-06-30 14:00 49,024 ac------ c:\windows\system32\dllcache\mstape.sys
2009-06-30 14:00 12,416 ac------ c:\windows\system32\dllcache\msriffwv.sys
2009-06-30 14:00 2,944 ac------ c:\windows\system32\dllcache\msmpu401.sys
2009-06-30 14:00 22,016 ac------ c:\windows\system32\dllcache\msircomm.sys
2009-06-30 14:00 1,875,968 ac------ c:\windows\system32\dllcache\msir3jp.lex
2009-06-30 14:00 98,304 ac------ c:\windows\system32\dllcache\msir3jp.dll
2009-06-30 14:00 35,200 ac------ c:\windows\system32\dllcache\msgame.sys
2009-06-30 14:00 6,016 ac------ c:\windows\system32\dllcache\msfsio.sys
2009-06-30 13:58 802,683 ac------ c:\windows\system32\dllcache\ltsm.sys
2009-06-30 13:57 6,144 ac------ c:\windows\system32\dllcache\kbd106.dll
2009-06-30 13:56 372,824 ac------ c:\windows\system32\dllcache\iconf32.dll
2009-06-30 13:55 10,096,640 ac------ c:\windows\system32\dllcache\hwxcht.dll
2009-06-30 13:54 165,888 ac------ c:\windows\system32\dllcache\hpgt53.dll
2009-06-30 13:53 92,160 ac------ c:\windows\system32\dllcache\fuusd.dll
2009-06-30 13:52 594,238 ac------ c:\windows\system32\dllcache\es56hpi.sys
2009-06-30 13:51 334,208 ac------ c:\windows\system32\dllcache\ds1wdm.sys
2009-06-30 13:50 110,592 ac------ c:\windows\system32\dllcache\dc260usd.dll
2009-06-30 13:49 8,192 ac------ c:\windows\system32\dllcache\changer.sys
2009-06-30 13:48 102,400 ac------ c:\windows\system32\dllcache\binlsvc.dll
2009-06-30 13:47 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-06-30 10:44 <DIR> --d----- c:\documents and settings\owner\cd
2009-06-30 10:34 <DIR> --d----- c:\docume~1\owner\applic~1\MAXON
2009-06-30 10:20 <DIR> --d----- c:\program files\CINEMA 4D
2009-06-29 12:51 <DIR> --d----- c:\documents and settings\owner\.SunDownloadManager
2009-06-26 00:36 <DIR> --d----- c:\program files\KingsIsle Entertainment
2009-06-13 18:20 206,608 a------- c:\windows\system32\drivers\TMPassthru.sys
2009-06-13 18:20 <DIR> --d----- c:\program files\Trend Micro
2009-06-13 14:59 4,672 a------- c:\windows\system32\OEMINFO.PNF
2009-06-13 14:32 91,328 a------- c:\windows\system32\drivers\msfwdrv.sys
2009-06-13 14:32 116,416 a------- c:\windows\system32\drivers\msfwhlpr.sys
2009-06-13 14:31 53,168 a------- c:\windows\system32\drivers\MpFilter.sys
2009-06-13 14:29 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-06-10 20:17 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 20:17 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-08 14:37 2,086 a------- c:\windows\system32\msexcr.ini

==================== Find3M ====================

2009-07-07 21:48 1,648 a------- c:\windows\system32\d3d8caps.dat
2009-06-30 00:27 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-05-13 20:46 107 a------- c:\docume~1\owner\applic~1\netstat.bat
2009-05-12 23:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 09:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 06:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 08:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-08 20:09 34 a------- c:\documents and settings\owner\jagex_runescape_preferences.dat
2008-05-24 22:57 1,019,904 a------- c:\documents and settings\owner\Register3DMaze.exe
2008-05-24 22:57 83,456 a------- c:\documents and settings\owner\mapath.dll
2008-05-24 22:57 83,456 a------- c:\documents and settings\owner\gmap.dll
2005-12-30 12:50 0 ac------ c:\docume~1\owner\applic~1\wklnhst.dat
2008-09-18 18:42 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080908\index.dat
2008-09-18 19:03 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091820080919\index.dat
2008-09-19 22:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091920080920\index.dat

============= FINISH: 11:00:59.04 ===============


The other two logs are in the attachment.

[Ried]

Hello Rikazu,

That certainly is odd. I'm not seeing any malware in the logs. What I'd like you to do is run this online scan and see if it picks up on anything. It can take some time, so please be patient and allow it to run it's full course:


**Vista users - right click on the IE icon and run as administrator


Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

[Rikazu]

Had to run it like 4 times before it worked.
It found one item in my recovery drive.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, July 11, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, July 12, 2009 04:42:07
Records in database: 2461783
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 109239
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:09:16


File name / Threat name / Threats count
D:\i386\Apps\App03130\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.

[Ried]

Hi Rikazu,

That is only minor AdWare. Kaspersky is doing it's job by reporting it but we won't be acting on it since it came with your purchase of your machine.


By any chance were you using TeamViewer shortly before any of this happened?

[Rikazu]

Yes..

I only use it for playing games or transferring files.

One of my old programs that I downloaded was "Trend Micro's RUBotted". Team viewer never had any problems before, but when I open team viewer the RUBotted would pop up saying "Bot found!"

I closed team viewer, cleared the list of its history, and ran the RUBotted again. It said I was clean.
Around a week before It happened I was transferring some brushes from GIMP to my friend. It said it would take over 3 hours to transfer them so I cancelled it and told him to download them himself.

Thats the only use I can remember..

[Ried]

Did you happen to save that first RUbotted report? I'd like to see the results.

TeamViewer is supposed to be a secure connection, as is LogMeIn, but it would be arrogant and foolhardy for any of us to think that any application is completely safe from being exploited or hacked.

I'm not seeing any malware. Keep an eye on things for a while.