Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Task Manager will not open up.


  • This topic is locked This topic is locked
19 replies to this topic

#1 Shindou

Shindou

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 14 August 2009 - 10:48 PM

No clue what happened, but now I cannot open up my task manager, I was being bombarded with erros saying something called mslsgw.exe could not run, so I found that file in my system32 folder, and deleted it, still to no avail. DDS log to follow.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Shindou at 20:43:52.56 on Fri 08/14/2009
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3326.1719 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Razer\Lachesis\OSD.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Razer\Lachesis\razertra.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Shindou\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [RemoveIT Pro v7Ent] c:\program files\incode solutions\removeit pro v7 enterprise\removeit.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Lachesis] c:\program files\razer\lachesis\razerhid.exe
mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {92B1B76A-7E59-4D75-BCCD-6801B8251E70} = 216.228.160.3,216.228.160.4
AppInit_DLLs: acaptuser32.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\shindou\appdata\roaming\mozilla\firefox\profiles\xw81g6bz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.runescape.com/title.ws
FF - component: c:\users\shindou\appdata\roaming\mozilla\firefox\profiles\xw81g6bz.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\users\shindou\appdata\roaming\mozilla\firefox\profiles\xw81g6bz.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2009-8-4 31616]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2009-7-31 12032]
S2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-5-18 185640]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SaiH075C;SaiH075C;c:\windows\system32\drivers\SaiH075C.sys [2007-5-1 132232]
S3 uisp;Freescale USB JW32 driver;c:\windows\system32\drivers\Usbicp.sys [2009-7-31 14592]

=============== Created Last 30 ================

2009-08-14 20:34 <DIR> --d----- c:\program files\Trend Micro
2009-08-14 20:09 68 a------- c:\windows\wininit.ini
2009-08-14 15:37 <DIR> --d----- c:\programdata\SimCity Societies
2009-08-14 15:37 <DIR> --d----- c:\progra~2\SimCity Societies
2009-08-14 15:35 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-08-14 15:12 531 a------- c:\windows\eReg.dat
2009-08-14 15:12 <DIR> --d----- c:\program files\Maxis
2009-08-14 14:28 <DIR> --d----- c:\windows\pss
2009-08-13 17:57 <DIR> --d----- c:\program files\Project64 1.6
2009-08-12 01:21 <DIR> --d----- c:\programdata\FLEXnet
2009-08-12 00:23 <DIR> --d----- c:\users\shindou\appdata\roaming\TortoiseSVN
2009-08-12 00:11 <DIR> --d----- c:\program files\Unlocker
2009-08-12 00:05 <DIR> --d----- c:\programdata\Saitek
2009-08-12 00:05 <DIR> --d----- c:\progra~2\Saitek
2009-08-12 00:05 <DIR> --d----- c:\program files\Saitek
2009-08-11 23:41 1,081,616 a------- c:\windows\system32\mscomctl.OCX
2009-08-11 23:41 152,848 a------- c:\windows\system32\comdlg32.OCX
2009-08-11 23:41 <DIR> --d----- c:\users\shindou\appdata\roaming\Convivea
2009-08-11 23:41 <DIR> --d----- c:\program files\Bit Che
2009-08-11 22:01 8,252 a------- c:\windows\system32\SaiD075C.pr0
2009-08-11 22:00 <DIR> --d----- C:\sw3dg
2009-08-11 21:41 <DIR> --d----- c:\program files\HyperLobbyPro3
2009-08-11 13:46 <DIR> --d----- c:\users\shindou\appdata\roaming\TeamViewer
2009-08-11 13:46 <DIR> --d----- c:\program files\TeamViewer
2009-08-11 13:46 <DIR> --d----- c:\users\shindou\temp
2009-08-11 12:01 41,872 a------- c:\windows\system32\xfcodec.dll
2009-08-10 13:53 34 a------- c:\users\shindou\jagex_runescape_preferences.dat
2009-08-10 13:52 <DIR> --d----- c:\windows\.jagex_cache_32
2009-08-10 04:15 439,008 a------- c:\windows\system32\perfh001.dat
2009-08-10 04:15 285,290 a------- c:\windows\system32\perfi001.dat
2009-08-10 04:15 78,292 a------- c:\windows\system32\perfc001.dat
2009-08-10 04:15 41,018 a------- c:\windows\system32\perfd001.dat
2009-08-10 04:14 <DIR> --d----- c:\windows\fr-FR
2009-08-10 04:14 <DIR> --d----- c:\windows\ar-SA
2009-08-10 04:14 <DIR> --d----- c:\windows\system32\fr
2009-08-10 04:14 <DIR> --d----- c:\windows\system32\drivers\fr-FR
2009-08-10 04:14 <DIR> --d----- c:\windows\system32\drivers\ar-SA
2009-08-10 04:14 <DIR> --d----- c:\windows\system32\ar
2009-08-10 04:14 <DIR> --d----- c:\windows\system32\040C
2009-08-10 04:13 <DIR> --d----- c:\windows\system32\wbem\fr-FR
2009-08-10 04:13 <DIR> --d----- c:\windows\system32\wbem\ar-SA
2009-08-10 03:57 332,666 a------- c:\windows\system32\perfi019.dat
2009-08-10 03:57 653,058 a------- c:\windows\system32\perfh019.dat
2009-08-10 03:57 125,564 a------- c:\windows\system32\perfc019.dat
2009-08-10 03:57 38,684 a------- c:\windows\system32\perfd019.dat
2009-08-10 03:56 <DIR> --d----- c:\windows\system32\0419
2009-08-10 03:56 <DIR> --d----- c:\windows\system32\drivers\ru-RU
2009-08-10 03:56 <DIR> --d----- c:\windows\system32\ru
2009-08-10 03:56 <DIR> --d----- c:\windows\system32\wbem\ru-RU
2009-08-10 03:56 <DIR> --d----- c:\windows\ru-RU
2009-08-09 23:46 <DIR> --d----- c:\windows\East India Company v1.01 Update
2009-08-09 23:41 <DIR> --d----- c:\users\shindou\appdata\roaming\Participatory Culture Foundation
2009-08-09 23:40 <DIR> --d----- c:\program files\Participatory Culture Foundation
2009-08-07 20:08 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-08-07 20:08 <DIR> --d----- c:\program files\Hamachi
2009-08-06 16:01 3,194,176 a------- c:\windows\system32\GameMon.des
2009-08-06 16:01 5,174 a------- c:\windows\system32\nppt9x.vxd
2009-08-06 16:01 4,682 a------- c:\windows\system32\npptNT2.sys
2009-08-06 16:01 <DIR> --d----- c:\program files\common files\INCA Shared
2009-08-06 15:55 <DIR> --d----- C:\ijji
2009-08-06 15:55 <DIR> --d----- c:\programdata\ijjigame
2009-08-06 15:55 <DIR> --d----- c:\progra~2\ijjigame
2009-08-06 15:51 710,064 a------- c:\windows\system32\ijjiSetup.exe
2009-08-06 15:51 157,152 a------- c:\windows\system32\PubPlugin.dll
2009-08-06 15:51 58,800 a------- c:\windows\system32\ijjiProcessRestarter.exe
2009-08-06 15:51 58,800 a------- c:\windows\system32\ijjiPlugin2.dll
2009-08-06 15:51 <DIR> --d----- c:\program files\NHN USA
2009-08-06 15:07 367,936 a------- c:\windows\system32\prfh0404.dat
2009-08-06 15:07 116,540 a------- c:\windows\system32\prfi0404.dat
2009-08-06 15:07 100,982 a------- c:\windows\system32\prfc0404.dat
2009-08-06 15:07 30,674 a------- c:\windows\system32\prfd0404.dat
2009-08-06 15:07 <DIR> --d----- c:\windows\zh-TW
2009-08-06 15:07 <DIR> --d----- c:\windows\system32\zh-CHT
2009-08-06 15:06 <DIR> --d----- c:\windows\system32\drivers\zh-TW
2009-08-06 15:06 <DIR> --d----- c:\windows\system32\drivers\zh-HK
2009-08-06 15:06 <DIR> --d----- c:\windows\system32\wbem\zh-TW
2009-08-06 15:06 <DIR> --d----- c:\windows\system32\0C04
2009-08-06 14:54 395,034 a------- c:\windows\system32\perfh012.dat
2009-08-06 14:54 155,890 a------- c:\windows\system32\perfi012.dat
2009-08-06 14:54 100,912 a------- c:\windows\system32\perfc012.dat
2009-08-06 14:54 30,674 a------- c:\windows\system32\perfd012.dat
2009-08-06 14:53 <DIR> --d----- c:\windows\ko-KR
2009-08-06 14:53 <DIR> --d----- c:\windows\system32\0412
2009-08-06 14:53 <DIR> --d----- c:\windows\system32\drivers\ko-KR
2009-08-06 14:53 <DIR> --d----- c:\windows\system32\ko
2009-08-06 14:53 <DIR> --d----- c:\windows\system32\wbem\ko-KR
2009-08-06 14:41 359,370 a------- c:\windows\system32\prfh0804.dat
2009-08-06 14:41 109,926 a------- c:\windows\system32\prfi0804.dat
2009-08-06 14:41 100,976 a------- c:\windows\system32\prfc0804.dat
2009-08-06 14:41 30,674 a------- c:\windows\system32\prfd0804.dat
2009-08-06 14:41 <DIR> --d----- c:\windows\system32\zh-CHS
2009-08-06 14:41 <DIR> --d----- c:\windows\system32\drivers\zh-CN
2009-08-06 14:41 <DIR> --d----- c:\windows\system32\wbem\zh-CN
2009-08-06 14:41 <DIR> --d----- c:\windows\system32\0804
2009-08-06 14:40 <DIR> --d----- c:\windows\zh-CN
2009-08-06 14:29 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-08-06 13:51 <DIR> --d----- c:\programdata\Viewpoint
2009-08-06 13:51 <DIR> --d----- c:\progra~2\Viewpoint
2009-08-06 13:51 <DIR> --d----- c:\programdata\acccore
2009-08-06 13:51 <DIR> --d----- c:\program files\Viewpoint
2009-08-06 13:51 <DIR> --d----- c:\progra~2\acccore
2009-08-06 13:51 <DIR> --d----- c:\programdata\AOL OCP
2009-08-06 13:51 <DIR> --d----- c:\programdata\AOL
2009-08-06 13:51 <DIR> --d----- c:\program files\common files\AOL
2009-08-06 13:50 <DIR> --d----- c:\program files\AIM6
2009-08-06 13:50 365 a---h--- C:\IPH.PH
2009-08-05 22:39 <DIR> --d----- c:\program files\HuxleyTheDystopia
2009-08-05 19:48 <DIR> --d----- c:\programdata\LogiShrd
2009-08-05 17:55 <DIR> --d----- c:\program files\Download Manager
2009-08-04 19:52 116,736 a------- c:\windows\system32\drivers\mcdbus.sys
2009-08-04 19:52 <DIR> --d----- c:\program files\MagicDisc
2009-08-04 19:45 <DIR> --d----- c:\program files\MagicISO
2009-08-04 19:21 <DIR> --d----- C:\Games
2009-08-04 19:12 <DIR> --d----- c:\users\shindou\appdata\roaming\RipIt4Me
2009-08-04 19:11 <DIR> --d----- c:\program files\DVD Decrypter
2009-08-04 16:57 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-08-04 16:52 <DIR> --d----- c:\program files\r2 Studios
2009-08-04 16:51 31,616 a------- c:\windows\system32\drivers\vrtaucbl.sys
2009-08-04 16:51 <DIR> --d----- c:\program files\Virtual Audio Cable
2009-08-04 00:53 <DIR> --d----- c:\program files\Paradox Interactive
2009-08-03 19:38 <DIR> --d----- c:\users\shindou\Tracing
2009-08-03 19:37 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-08-03 19:37 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-08-03 19:36 <DIR> --d----- c:\program files\Microsoft
2009-08-03 19:36 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-08-03 19:36 <DIR> --d----- c:\windows\PCHEALTH
2009-08-03 19:26 <DIR> --d----- c:\program files\common files\Windows Live
2009-08-02 00:42 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-08-02 00:41 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2009-08-02 00:37 <DIR> --d----- c:\programdata\Adobe
2009-08-02 00:05 <DIR> --d----- c:\program files\uTorrent
2009-08-02 00:04 <DIR> --d----- c:\users\shindou\appdata\roaming\uTorrent
2009-08-01 23:12 233,888 a------- c:\windows\system32\DreamScene.dll
2009-08-01 23:11 3,851,784 a------- c:\windows\system32\D3DX9_39.dll
2009-08-01 23:10 381,834 a------- c:\windows\system32\perfh011.dat
2009-08-01 23:10 139,030 a------- c:\windows\system32\perfi011.dat
2009-08-01 23:10 101,144 a------- c:\windows\system32\perfc011.dat
2009-08-01 23:10 30,674 a------- c:\windows\system32\perfd011.dat
2009-08-01 23:07 <DIR> --d----- c:\windows\ja-JP
2009-08-01 23:07 <DIR> --d----- c:\windows\system32\ja
2009-08-01 23:07 <DIR> --d----- c:\windows\system32\0411
2009-08-01 23:07 <DIR> --d----- c:\windows\system32\drivers\ja-JP
2009-08-01 23:07 <DIR> --d----- c:\windows\system32\wbem\ja-JP
2009-08-01 22:53 <DIR> --d----- c:\program files\BitLocker
2009-08-01 22:52 711 a------- c:\windows\system32\CPSOKBTasks.xml
2009-08-01 22:52 1,171,848 a------- c:\windows\system32\SecureKeyBackupCPL.dll
2009-08-01 21:16 <DIR> --d----- c:\windows\system32\eu-ES
2009-08-01 21:16 <DIR> --d----- c:\windows\system32\ca-ES
2009-08-01 21:16 <DIR> --d----- c:\windows\system32\vi-VN
2009-08-01 20:51 <DIR> --d----- c:\windows\system32\EventProviders
2009-08-01 20:49 1,017,856 a------- c:\windows\system32\wevtsvc.dll
2009-08-01 20:48 1,671,680 a------- c:\windows\system32\wlanpref.dll
2009-08-01 13:51 <DIR> --d----- c:\users\shindou\appdata\roaming\EVEMon
2009-08-01 13:51 <DIR> --d----- c:\program files\EVEMon
2009-08-01 11:42 <DIR> --d----- c:\users\shindou\appdata\roaming\Subversion
2009-08-01 11:38 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-01 02:57 <DIR> --d----- c:\program files\CCleaner
2009-08-01 01:59 <DIR> --d----- c:\program files\TortoiseSVN
2009-08-01 01:59 <DIR> --d----- c:\program files\common files\TortoiseOverlays
2009-08-01 01:55 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-08-01 01:55 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-01 01:53 <DIR> --d----- c:\program files\iPod
2009-08-01 01:52 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-01 01:52 <DIR> --d----- c:\program files\iTunes
2009-08-01 01:52 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-01 01:49 <DIR> --d----- c:\program files\Bonjour
2009-08-01 01:44 <DIR> --d----- c:\programdata\Apple Computer
2009-08-01 01:29 <DIR> --d----- c:\programdata\Apple
2009-08-01 01:22 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-08-01 01:17 675,152 a------- c:\windows\system32\gpprefcl.dll
2009-08-01 01:17 28,274 a------- c:\windows\system32\wbem\polprocl.mof
2009-08-01 01:00 <DIR> --d----- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2009-08-01 00:55 <DIR> --d----- C:\NVIDIA
2009-08-01 00:46 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-08-01 00:45 18,904 a------- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-08-01 00:45 11,967,524 a------- c:\windows\system32\korwbrkr.lex
2009-08-01 00:44 <DIR> --d----- c:\program files\Haali
2009-08-01 00:41 85,504 a------- c:\windows\system32\ff_vfw.dll
2009-08-01 00:41 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-08-01 00:41 50,688 a------- c:\windows\system32\ff_acm.acm
2009-08-01 00:41 <DIR> --d----- c:\program files\ffdshow
2009-08-01 00:39 <DIR> --d----- c:\program files\Combined Community Codec Pack
2009-08-01 00:38 <DIR> --d----- c:\program files\VideoLAN
2009-08-01 00:03 41,984 a------- c:\windows\system32\netfxperf.dll
2009-07-31 23:49 0 a---h--- c:\windows\system32\drivers\Msft_User_lgSSBW_01_00_00.Wdf
2009-07-31 23:49 0 a---h--- c:\windows\system32\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
2009-07-31 23:21 828,416 a------- c:\windows\system32\wininet.dll
2009-07-31 23:21 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-31 23:21 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-07-31 23:20 623,616 a------- c:\windows\system32\localspl.dll
2009-07-31 23:20 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-31 23:20 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-31 23:20 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-31 23:20 34,304 a------- c:\windows\system32\atmlib.dll
2009-07-31 23:20 23,552 a------- c:\windows\system32\lpk.dll
2009-07-31 23:20 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-31 23:20 2,034,688 a------- c:\windows\system32\win32k.sys
2009-07-31 23:20 6,656 a------- c:\windows\system32\kbd106n.dll
2009-07-31 23:16 <DIR> --d----- c:\windows\system32\RTCOM
2009-07-31 23:15 <DIR> --d----- c:\program files\Realtek
2009-07-31 23:14 <DIR> --d-h--- c:\program files\Temp
2009-07-31 23:14 831,488 a------- c:\windows\RtlExUpd.dll
2009-07-31 23:12 <DIR> --d----- c:\program files\JRE
2009-07-31 23:11 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-07-31 23:08 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-31 23:01 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-07-31 22:53 3,727,720 a------- c:\windows\system32\d3dx9_35.dll
2009-07-31 22:52 <DIR> --d----- c:\program files\Galaxy Online
2009-07-31 22:39 <DIR> --d----- c:\users\shindou\appdata\roaming\Xfire
2009-07-31 22:39 <DIR> --d----- c:\programdata\Xfire
2009-07-31 22:39 <DIR> --d----- c:\progra~2\Xfire
2009-07-31 22:39 <DIR> --d----- c:\program files\Xfire
2009-07-31 22:07 <DIR> --d----- c:\programdata\CCP
2009-07-31 22:07 <DIR> --d----- c:\program files\CCP
2009-07-31 22:07 <DIR> --d----- c:\progra~2\CCP
2009-07-31 21:55 <DIR> --d----- c:\program files\common files\Steam
2009-07-31 21:55 <DIR> --d----- c:\program files\Steam
2009-07-31 21:54 <DIR> --d----- c:\program files\Ventrilo
2009-07-31 21:54 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-07-31 21:44 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-31 21:40 <DIR> --d----- c:\programdata\Logitech
2009-07-31 21:40 <DIR> --dsh--- c:\windows\Installer
2009-07-31 21:23 <DIR> --d----- c:\windows\Panther
2009-07-31 21:23 8,192 a--s-r-- C:\BOOTSECT.BAK
2009-07-31 21:23 333,257 a--shr-- C:\bootmgr
2009-07-31 21:23 <DIR> --dsh--- C:\Boot
2009-07-31 21:22 249,856 a------- c:\windows\system32\Lachesis.cpl
2009-07-31 21:22 14,592 a------- c:\windows\system32\drivers\Usbicp.sys
2009-07-31 21:22 <DIR> --d----- c:\programdata\Razer
2009-07-31 21:18 12,032 a------- c:\windows\system32\drivers\Lachesis.sys
2009-07-31 21:14 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-07-31 21:14 83,456 a------- c:\windows\system32\wudriver.dll
2009-07-31 21:14 162,064 a------- c:\windows\system32\wuwebv.dll
2009-07-31 21:14 31,232 a------- c:\windows\system32\wuapp.exe
2009-07-31 20:38 <DIR> --d----- c:\users\Shindou
2009-07-30 22:00 <DIR> --d----- C:\UzN CO
2009-07-29 21:48 <DIR> --d----- C:\evetest

==================== Find3M ====================

2009-08-12 00:06 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-12 00:06 51,200 a------- c:\windows\inf\infpub.dat
2009-08-12 00:06 86,016 a------- c:\windows\inf\infstor.dat
2009-08-10 04:13 285,290 a------- c:\windows\inf\perflib\0401\perfi.dat
2009-08-10 04:13 285,290 a------- c:\windows\inf\perflib\0401\perfh.dat
2009-08-10 04:13 41,018 a------- c:\windows\inf\perflib\0401\perfd.dat
2009-08-10 04:13 41,018 a------- c:\windows\inf\perflib\0401\perfc.dat
2009-08-10 03:56 332,666 a------- c:\windows\inf\perflib\0419\perfi.dat
2009-08-10 03:56 332,666 a------- c:\windows\inf\perflib\0419\perfh.dat
2009-08-10 03:56 38,684 a------- c:\windows\inf\perflib\0419\perfd.dat
2009-08-10 03:56 38,684 a------- c:\windows\inf\perflib\0419\perfc.dat
2009-08-06 15:06 116,540 a------- c:\windows\inf\perflib\0404\perfi.dat
2009-08-06 15:06 116,540 a------- c:\windows\inf\perflib\0404\perfh.dat
2009-08-06 15:06 30,674 a------- c:\windows\inf\perflib\0404\perfd.dat
2009-08-06 15:06 30,674 a------- c:\windows\inf\perflib\0404\perfc.dat
2009-08-06 14:54 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-06 14:53 155,890 a------- c:\windows\inf\perflib\0412\perfi.dat
2009-08-06 14:53 155,890 a------- c:\windows\inf\perflib\0412\perfh.dat
2009-08-06 14:53 30,674 a------- c:\windows\inf\perflib\0412\perfd.dat
2009-08-06 14:53 30,674 a------- c:\windows\inf\perflib\0412\perfc.dat
2009-08-06 14:40 109,926 a------- c:\windows\inf\perflib\0804\perfi.dat
2009-08-06 14:40 109,926 a------- c:\windows\inf\perflib\0804\perfh.dat
2009-08-06 14:40 30,674 a------- c:\windows\inf\perflib\0804\perfd.dat
2009-08-06 14:40 30,674 a------- c:\windows\inf\perflib\0804\perfc.dat
2009-08-01 23:07 139,030 a------- c:\windows\inf\perflib\0411\perfi.dat
2009-08-01 23:07 139,030 a------- c:\windows\inf\perflib\0411\perfh.dat
2009-08-01 23:07 30,674 a------- c:\windows\inf\perflib\0411\perfd.dat
2009-08-01 23:07 30,674 a------- c:\windows\inf\perflib\0411\perfc.dat
2009-07-31 23:15 319,456 a------- c:\windows\DIFxAPI.dll
2009-07-20 19:22 1,226,272 a------- c:\windows\system32\RtkPgExt.dll
2009-07-20 19:22 52,256 a------- c:\windows\system32\RtkCoInst.dll
2009-07-20 19:21 2,898,464 a------- c:\windows\system32\RtkAPO.dll
2009-07-20 19:21 326,176 a------- c:\windows\system32\RtkApoApi.dll
2009-07-20 19:15 2,664,032 a------- c:\windows\system32\drivers\RTKVHDA.sys
2009-07-17 06:54 71,680 a------- c:\windows\system32\atl.dll
2009-07-15 05:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-15 05:39 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-15 05:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-15 05:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 11:54 10,854,400 a------- c:\windows\system32\nvoglv32.dll
2009-07-14 11:54 9,557,216 a------- c:\windows\system32\drivers\nvlddmkm.sys
2009-07-14 11:54 7,565,824 a------- c:\windows\system32\nvd3dum.dll
2009-07-14 11:54 3,287,040 a------- c:\windows\system32\nvwgf2um.dll
2009-07-14 11:54 2,169,376 a------- c:\windows\system32\nvcuvid.dll
2009-07-14 11:54 1,983,488 a------- c:\windows\system32\nvcuda.dll
2009-07-14 11:54 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-07-14 11:54 1,044,992 a------- c:\windows\system32\nvapi.dll
2009-07-14 11:54 485,920 a------- c:\windows\system32\nvudisp.exe
2009-07-14 11:54 151,552 a------- c:\windows\system32\nvcod157.dll
2009-07-14 11:54 151,552 a------- c:\windows\system32\nvcod.dll
2009-07-14 11:54 4,224 a------- c:\windows\system32\drivers\nvBridge.kmd
2009-07-10 07:01 485,920 a------- c:\windows\system32\nvuninst.exe
2009-07-09 12:16 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-07-09 12:16 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-06-29 12:16 160,256 a------- c:\windows\system32\FMAPO.dll
2009-06-15 07:54 175,104 a------- c:\windows\system32\wdigest.dll
2009-06-15 07:53 72,704 a------- c:\windows\system32\secur32.dll
2009-06-15 07:53 270,848 a------- c:\windows\system32\schannel.dll
2009-06-15 07:53 218,624 a------- c:\windows\system32\msv1_0.dll
2009-06-15 07:52 1,259,008 a------- c:\windows\system32\lsasrv.dll
2009-06-15 07:52 499,712 a------- c:\windows\system32\kerberos.dll
2009-06-15 05:48 9,728 a------- c:\windows\system32\lsass.exe
2009-06-10 04:42 160,256 a------- c:\windows\system32\wkssvc.dll
2009-06-10 04:38 91,136 a------- c:\windows\system32\avifil32.dll
2009-06-04 05:07 2,066,432 a------- c:\windows\system32\mstscax.dll
2008-01-20 19:41 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 20:44:27.49 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 27 August 2009 - 08:46 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 Shindou

Shindou
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 28 August 2009 - 02:03 AM

DDS (Ver_09-07-30.01) - NTFSx86
Run by Shindou at 0:00:26.49 on Fri 08/28/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3326.1967 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Razer\Lachesis\razertra.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Shindou\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Shindou\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Lachesis] c:\program files\razer\lachesis\razerhid.exe
mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {92B1B76A-7E59-4D75-BCCD-6801B8251E70} = 216.228.160.3,216.228.160.4
AppInit_DLLs: acaptuser32.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\shindou\appdata\roaming\mozilla\firefox\profiles\xw81g6bz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.runescape.com/title.ws
FF - component: c:\users\shindou\appdata\roaming\mozilla\firefox\profiles\xw81g6bz.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\users\shindou\appdata\roaming\mozilla\firefox\profiles\xw81g6bz.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-5-18 185640]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2009-8-4 31616]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2009-7-31 12032]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SaiH075C;SaiH075C;c:\windows\system32\drivers\SaiH075C.sys [2007-5-1 132232]
S3 uisp;Freescale USB JW32 driver;c:\windows\system32\drivers\Usbicp.sys [2009-7-31 14592]

=============== Created Last 30 ================

2009-08-25 18:59 2,048 a------- c:\windows\system32\tzres.dll
2009-08-25 18:54 72,704 a------- c:\windows\system32\admparse.dll
2009-08-25 18:52 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-25 18:52 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-20 12:35 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-08-19 17:35 <DIR> --d----- c:\program files\Bethesda Softworks
2009-08-19 17:32 <DIR> --d----- c:\windows\system32\xlive
2009-08-19 17:16 <DIR> --d----- c:\program files\Cryptic Studios
2009-08-18 14:33 <DIR> --d----- c:\users\shindou\appdata\roaming\Notepad2
2009-08-18 14:33 <DIR> --d----- c:\program files\Notepad2
2009-08-14 20:34 <DIR> --d----- c:\program files\Trend Micro
2009-08-14 20:09 68 a------- c:\windows\wininit.ini
2009-08-14 15:37 <DIR> --d----- c:\programdata\SimCity Societies
2009-08-14 15:37 <DIR> --d----- c:\progra~2\SimCity Societies
2009-08-14 15:35 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-08-14 15:12 531 a------- c:\windows\eReg.dat
2009-08-14 15:12 <DIR> --d----- c:\program files\Maxis
2009-08-14 14:28 <DIR> --d----- c:\windows\pss
2009-08-13 17:57 <DIR> --d----- c:\program files\Project64 1.6
2009-08-13 12:53 41,872 a------- c:\windows\system32\xfcodec.dll
2009-08-12 01:21 <DIR> --d----- c:\programdata\FLEXnet
2009-08-12 00:23 <DIR> --d----- c:\users\shindou\appdata\roaming\TortoiseSVN
2009-08-12 00:11 <DIR> --d----- c:\program files\Unlocker
2009-08-12 00:05 <DIR> --d----- c:\programdata\Saitek
2009-08-12 00:05 <DIR> --d----- c:\progra~2\Saitek
2009-08-12 00:05 <DIR> --d----- c:\program files\Saitek
2009-08-11 23:41 1,081,616 a------- c:\windows\system32\mscomctl.OCX
2009-08-11 23:41 152,848 a------- c:\windows\system32\comdlg32.OCX
2009-08-11 23:41 <DIR> --d----- c:\users\shindou\appdata\roaming\Convivea
2009-08-11 23:41 <DIR> --d----- c:\program files\Bit Che
2009-08-11 22:01 8,252 a------- c:\windows\system32\SaiD075C.pr0
2009-08-11 22:00 <DIR> --d----- C:\sw3dg
2009-08-11 21:41 <DIR> --d----- c:\program files\HyperLobbyPro3
2009-08-11 13:46 <DIR> --d----- c:\users\shindou\appdata\roaming\TeamViewer
2009-08-11 13:46 <DIR> --d----- c:\program files\TeamViewer
2009-08-11 13:46 <DIR> --d----- c:\users\shindou\temp
2009-08-10 13:53 34 a------- c:\users\shindou\jagex_runescape_preferences.dat
2009-08-10 13:52 <DIR> --d----- c:\windows\.jagex_cache_32
2009-08-10 04:15 441,560 a------- c:\windows\system32\perfh001.dat
2009-08-10 04:15 285,290 a------- c:\windows\system32\perfi001.dat
2009-08-10 04:15 80,356 a------- c:\windows\system32\perfc001.dat
2009-08-10 04:15 41,018 a------- c:\windows\system32\perfd001.dat
2009-08-10 04:14 <DIR> --d----- c:\windows\fr-FR
2009-08-10 04:14 <DIR> --d----- c:\windows\ar-SA
2009-08-10 04:14 <DIR> --d----- c:\windows\system32\fr
2009-08-10 04:14 <DIR> --d----- c:\windows\system32\drivers\fr-FR
2009-08-10 04:14 <DIR> --d----- c:\windows\system32\drivers\ar-SA
2009-08-10 04:14 <DIR> --d----- c:\windows\system32\ar
2009-08-10 04:14 <DIR> --d----- c:\windows\system32\040C
2009-08-10 04:13 <DIR> --d----- c:\windows\system32\wbem\fr-FR
2009-08-10 04:13 <DIR> --d----- c:\windows\system32\wbem\ar-SA
2009-08-10 03:57 332,666 a------- c:\windows\system32\perfi019.dat
2009-08-10 03:57 655,610 a------- c:\windows\system32\perfh019.dat
2009-08-10 03:57 127,628 a------- c:\windows\system32\perfc019.dat
2009-08-10 03:57 38,684 a------- c:\windows\system32\perfd019.dat
2009-08-10 03:56 <DIR> --d----- c:\windows\system32\0419
2009-08-10 03:56 <DIR> --d----- c:\windows\system32\drivers\ru-RU
2009-08-10 03:56 <DIR> --d----- c:\windows\system32\ru
2009-08-10 03:56 <DIR> --d----- c:\windows\system32\wbem\ru-RU
2009-08-10 03:56 <DIR> --d----- c:\windows\ru-RU
2009-08-09 23:46 <DIR> --d----- c:\windows\East India Company v1.01 Update
2009-08-09 23:41 <DIR> --d----- c:\users\shindou\appdata\roaming\Participatory Culture Foundation
2009-08-09 23:40 <DIR> --d----- c:\program files\Participatory Culture Foundation
2009-08-07 20:08 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-08-07 20:08 <DIR> --d----- c:\program files\Hamachi
2009-08-06 16:01 3,194,176 a------- c:\windows\system32\GameMon.des
2009-08-06 16:01 5,174 a------- c:\windows\system32\nppt9x.vxd
2009-08-06 16:01 4,682 a------- c:\windows\system32\npptNT2.sys
2009-08-06 16:01 <DIR> --d----- c:\program files\common files\INCA Shared
2009-08-06 15:55 <DIR> --d----- C:\ijji
2009-08-06 15:55 <DIR> --d----- c:\programdata\ijjigame
2009-08-06 15:55 <DIR> --d----- c:\progra~2\ijjigame
2009-08-06 15:51 710,064 a------- c:\windows\system32\ijjiSetup.exe
2009-08-06 15:51 157,152 a------- c:\windows\system32\PubPlugin.dll
2009-08-06 15:51 58,800 a------- c:\windows\system32\ijjiProcessRestarter.exe
2009-08-06 15:51 58,800 a------- c:\windows\system32\ijjiPlugin2.dll
2009-08-06 15:51 <DIR> --d----- c:\program files\NHN USA
2009-08-06 15:07 370,488 a------- c:\windows\system32\prfh0404.dat
2009-08-06 15:07 116,540 a------- c:\windows\system32\prfi0404.dat
2009-08-06 15:07 103,046 a------- c:\windows\system32\prfc0404.dat
2009-08-06 15:07 30,674 a------- c:\windows\system32\prfd0404.dat
2009-08-06 15:07 <DIR> --d----- c:\windows\zh-TW
2009-08-06 15:07 <DIR> --d----- c:\windows\system32\zh-CHT
2009-08-06 15:06 <DIR> --d----- c:\windows\system32\drivers\zh-TW
2009-08-06 15:06 <DIR> --d----- c:\windows\system32\drivers\zh-HK
2009-08-06 15:06 <DIR> --d----- c:\windows\system32\wbem\zh-TW
2009-08-06 15:06 <DIR> --d----- c:\windows\system32\0C04
2009-08-06 14:54 397,586 a------- c:\windows\system32\perfh012.dat
2009-08-06 14:54 155,890 a------- c:\windows\system32\perfi012.dat
2009-08-06 14:54 102,976 a------- c:\windows\system32\perfc012.dat
2009-08-06 14:54 30,674 a------- c:\windows\system32\perfd012.dat
2009-08-06 14:53 <DIR> --d----- c:\windows\ko-KR
2009-08-06 14:53 <DIR> --d----- c:\windows\system32\0412
2009-08-06 14:53 <DIR> --d----- c:\windows\system32\drivers\ko-KR
2009-08-06 14:53 <DIR> --d----- c:\windows\system32\ko
2009-08-06 14:53 <DIR> --d----- c:\windows\system32\wbem\ko-KR
2009-08-06 14:41 361,922 a------- c:\windows\system32\prfh0804.dat
2009-08-06 14:41 109,926 a------- c:\windows\system32\prfi0804.dat
2009-08-06 14:41 103,040 a------- c:\windows\system32\prfc0804.dat
2009-08-06 14:41 30,674 a------- c:\windows\system32\prfd0804.dat
2009-08-06 14:41 <DIR> --d----- c:\windows\system32\zh-CHS
2009-08-06 14:41 <DIR> --d----- c:\windows\system32\drivers\zh-CN
2009-08-06 14:41 <DIR> --d----- c:\windows\system32\wbem\zh-CN
2009-08-06 14:41 <DIR> --d----- c:\windows\system32\0804
2009-08-06 14:40 <DIR> --d----- c:\windows\zh-CN
2009-08-06 14:29 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-08-06 13:51 <DIR> --d----- c:\programdata\Viewpoint
2009-08-06 13:51 <DIR> --d----- c:\progra~2\Viewpoint
2009-08-06 13:51 <DIR> --d----- c:\programdata\acccore
2009-08-06 13:51 <DIR> --d----- c:\program files\Viewpoint
2009-08-06 13:51 <DIR> --d----- c:\progra~2\acccore
2009-08-06 13:51 <DIR> --d----- c:\programdata\AOL OCP
2009-08-06 13:51 <DIR> --d----- c:\programdata\AOL
2009-08-06 13:51 <DIR> --d----- c:\program files\common files\AOL
2009-08-06 13:50 <DIR> --d----- c:\program files\AIM6
2009-08-06 13:50 365 a---h--- C:\IPH.PH
2009-08-05 22:39 <DIR> --d----- c:\program files\HuxleyTheDystopia
2009-08-05 19:48 <DIR> --d----- c:\programdata\LogiShrd
2009-08-05 17:55 <DIR> --d----- c:\program files\Download Manager
2009-08-04 19:52 116,736 a------- c:\windows\system32\drivers\mcdbus.sys
2009-08-04 19:52 <DIR> --d----- c:\program files\MagicDisc
2009-08-04 19:45 <DIR> --d----- c:\program files\MagicISO
2009-08-04 19:21 <DIR> --d----- C:\Games
2009-08-04 19:12 <DIR> --d----- c:\users\shindou\appdata\roaming\RipIt4Me
2009-08-04 19:11 <DIR> --d----- c:\program files\DVD Decrypter
2009-08-04 16:57 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-08-04 16:52 <DIR> --d----- c:\program files\r2 Studios
2009-08-04 16:51 31,616 a------- c:\windows\system32\drivers\vrtaucbl.sys
2009-08-04 16:51 <DIR> --d----- c:\program files\Virtual Audio Cable
2009-08-04 00:53 <DIR> --d----- c:\program files\Paradox Interactive
2009-08-03 19:38 <DIR> --d----- c:\users\shindou\Tracing
2009-08-03 19:37 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-08-03 19:37 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-08-03 19:36 <DIR> --d----- c:\program files\Microsoft
2009-08-03 19:36 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-08-03 19:36 <DIR> --d----- c:\windows\PCHEALTH
2009-08-03 19:26 <DIR> --d----- c:\program files\common files\Windows Live
2009-08-02 00:42 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-08-02 00:41 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2009-08-02 00:37 <DIR> --d----- c:\programdata\Adobe
2009-08-02 00:05 <DIR> --d----- c:\program files\uTorrent
2009-08-02 00:04 <DIR> --d----- c:\users\shindou\appdata\roaming\uTorrent
2009-08-01 23:12 233,888 a------- c:\windows\system32\DreamScene.dll
2009-08-01 23:11 3,851,784 a------- c:\windows\system32\D3DX9_39.dll
2009-08-01 23:10 384,386 a------- c:\windows\system32\perfh011.dat
2009-08-01 23:10 139,030 a------- c:\windows\system32\perfi011.dat
2009-08-01 23:10 103,208 a------- c:\windows\system32\perfc011.dat
2009-08-01 23:10 30,674 a------- c:\windows\system32\perfd011.dat
2009-08-01 23:07 <DIR> --d----- c:\windows\ja-JP
2009-08-01 23:07 <DIR> --d----- c:\windows\system32\ja
2009-08-01 23:07 <DIR> --d----- c:\windows\system32\0411
2009-08-01 23:07 <DIR> --d----- c:\windows\system32\drivers\ja-JP
2009-08-01 23:07 <DIR> --d----- c:\windows\system32\wbem\ja-JP
2009-08-01 22:53 <DIR> --d----- c:\program files\BitLocker
2009-08-01 22:52 711 a------- c:\windows\system32\CPSOKBTasks.xml
2009-08-01 22:52 1,171,848 a------- c:\windows\system32\SecureKeyBackupCPL.dll
2009-08-01 21:16 <DIR> --d----- c:\windows\system32\eu-ES
2009-08-01 21:16 <DIR> --d----- c:\windows\system32\ca-ES
2009-08-01 21:16 <DIR> --d----- c:\windows\system32\vi-VN
2009-08-01 20:51 <DIR> --d----- c:\windows\system32\EventProviders
2009-08-01 20:49 1,017,856 a------- c:\windows\system32\wevtsvc.dll
2009-08-01 20:48 1,671,680 a------- c:\windows\system32\wlanpref.dll
2009-08-01 13:51 <DIR> --d----- c:\users\shindou\appdata\roaming\EVEMon
2009-08-01 13:51 <DIR> --d----- c:\program files\EVEMon
2009-08-01 11:42 <DIR> --d----- c:\users\shindou\appdata\roaming\Subversion
2009-08-01 11:38 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-01 02:57 <DIR> --d----- c:\program files\CCleaner
2009-08-01 01:59 <DIR> --d----- c:\program files\TortoiseSVN
2009-08-01 01:59 <DIR> --d----- c:\program files\common files\TortoiseOverlays
2009-08-01 01:55 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-08-01 01:55 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-01 01:53 <DIR> --d----- c:\program files\iPod
2009-08-01 01:52 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-01 01:52 <DIR> --d----- c:\program files\iTunes
2009-08-01 01:52 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-01 01:49 <DIR> --d----- c:\program files\Bonjour
2009-08-01 01:44 <DIR> --d----- c:\programdata\Apple Computer
2009-08-01 01:29 <DIR> --d----- c:\programdata\Apple
2009-08-01 01:22 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-08-01 01:17 675,152 a------- c:\windows\system32\gpprefcl.dll
2009-08-01 01:17 28,274 a------- c:\windows\system32\wbem\polprocl.mof
2009-08-01 01:00 <DIR> --d----- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2009-08-01 00:55 <DIR> --d----- C:\NVIDIA
2009-08-01 00:46 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-08-01 00:45 18,904 a------- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-08-01 00:45 11,967,524 a------- c:\windows\system32\korwbrkr.lex
2009-08-01 00:44 <DIR> --d----- c:\program files\Haali
2009-08-01 00:41 85,504 a------- c:\windows\system32\ff_vfw.dll
2009-08-01 00:41 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-08-01 00:41 50,688 a------- c:\windows\system32\ff_acm.acm
2009-08-01 00:41 <DIR> --d----- c:\program files\ffdshow
2009-08-01 00:39 <DIR> --d----- c:\program files\Combined Community Codec Pack
2009-08-01 00:38 <DIR> --d----- c:\program files\VideoLAN
2009-08-01 00:03 41,984 a------- c:\windows\system32\netfxperf.dll
2009-07-31 23:49 0 a---h--- c:\windows\system32\drivers\Msft_User_lgSSBW_01_00_00.Wdf
2009-07-31 23:49 0 a---h--- c:\windows\system32\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
2009-07-31 23:20 623,616 a------- c:\windows\system32\localspl.dll
2009-07-31 23:20 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-31 23:20 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-31 23:20 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-31 23:20 34,304 a------- c:\windows\system32\atmlib.dll
2009-07-31 23:20 23,552 a------- c:\windows\system32\lpk.dll
2009-07-31 23:20 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-31 23:20 2,034,688 a------- c:\windows\system32\win32k.sys
2009-07-31 23:20 6,656 a------- c:\windows\system32\kbd106n.dll
2009-07-31 23:16 <DIR> --d----- c:\windows\system32\RTCOM
2009-07-31 23:15 <DIR> --d----- c:\program files\Realtek
2009-07-31 23:14 <DIR> --d-h--- c:\program files\Temp
2009-07-31 23:14 831,488 a------- c:\windows\RtlExUpd.dll
2009-07-31 23:12 <DIR> --d----- c:\program files\JRE
2009-07-31 23:11 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-07-31 23:08 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-31 23:01 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-07-31 22:53 3,727,720 a------- c:\windows\system32\d3dx9_35.dll
2009-07-31 22:52 <DIR> --d----- c:\program files\Galaxy Online
2009-07-31 22:39 <DIR> --d----- c:\users\shindou\appdata\roaming\Xfire
2009-07-31 22:39 <DIR> --d----- c:\programdata\Xfire
2009-07-31 22:39 <DIR> --d----- c:\progra~2\Xfire
2009-07-31 22:39 <DIR> --d----- c:\program files\Xfire
2009-07-31 22:07 <DIR> --d----- c:\programdata\CCP
2009-07-31 22:07 <DIR> --d----- c:\program files\CCP
2009-07-31 22:07 <DIR> --d----- c:\progra~2\CCP
2009-07-31 21:55 <DIR> --d----- c:\program files\common files\Steam
2009-07-31 21:55 <DIR> --d----- c:\program files\Steam
2009-07-31 21:54 <DIR> --d----- c:\program files\Ventrilo
2009-07-31 21:54 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-07-31 21:44 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-31 21:40 <DIR> --d----- c:\programdata\Logitech
2009-07-31 21:40 <DIR> --dsh--- c:\windows\Installer
2009-07-31 21:23 <DIR> --d----- c:\windows\Panther
2009-07-31 21:23 8,192 a--s-r-- C:\BOOTSECT.BAK
2009-07-31 21:23 333,257 a--shr-- C:\bootmgr
2009-07-31 21:23 <DIR> --dsh--- C:\Boot
2009-07-31 21:22 249,856 a------- c:\windows\system32\Lachesis.cpl
2009-07-31 21:22 14,592 a------- c:\windows\system32\drivers\Usbicp.sys
2009-07-31 21:22 <DIR> --d----- c:\programdata\Razer
2009-07-31 21:18 12,032 a------- c:\windows\system32\drivers\Lachesis.sys
2009-07-31 21:14 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-07-31 21:14 83,456 a------- c:\windows\system32\wudriver.dll
2009-07-31 21:14 162,064 a------- c:\windows\system32\wuwebv.dll
2009-07-31 21:14 31,232 a------- c:\windows\system32\wuapp.exe
2009-07-31 20:38 <DIR> --d----- c:\users\Shindou
2009-07-30 22:00 <DIR> --d----- C:\UzN CO
2009-07-29 21:48 <DIR> --d----- C:\evetest

==================== Find3M ====================

2009-08-12 00:06 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-12 00:06 51,200 a------- c:\windows\inf\infpub.dat
2009-08-12 00:06 86,016 a------- c:\windows\inf\infstor.dat
2009-08-10 04:13 285,290 a------- c:\windows\inf\perflib\0401\perfi.dat
2009-08-10 04:13 285,290 a------- c:\windows\inf\perflib\0401\perfh.dat
2009-08-10 04:13 41,018 a------- c:\windows\inf\perflib\0401\perfd.dat
2009-08-10 04:13 41,018 a------- c:\windows\inf\perflib\0401\perfc.dat
2009-08-10 03:56 332,666 a------- c:\windows\inf\perflib\0419\perfi.dat
2009-08-10 03:56 332,666 a------- c:\windows\inf\perflib\0419\perfh.dat
2009-08-10 03:56 38,684 a------- c:\windows\inf\perflib\0419\perfd.dat
2009-08-10 03:56 38,684 a------- c:\windows\inf\perflib\0419\perfc.dat
2009-08-06 15:06 116,540 a------- c:\windows\inf\perflib\0404\perfi.dat
2009-08-06 15:06 116,540 a------- c:\windows\inf\perflib\0404\perfh.dat
2009-08-06 15:06 30,674 a------- c:\windows\inf\perflib\0404\perfd.dat
2009-08-06 15:06 30,674 a------- c:\windows\inf\perflib\0404\perfc.dat
2009-08-06 14:54 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-06 14:53 155,890 a------- c:\windows\inf\perflib\0412\perfi.dat
2009-08-06 14:53 155,890 a------- c:\windows\inf\perflib\0412\perfh.dat
2009-08-06 14:53 30,674 a------- c:\windows\inf\perflib\0412\perfd.dat
2009-08-06 14:53 30,674 a------- c:\windows\inf\perflib\0412\perfc.dat
2009-08-06 14:40 109,926 a------- c:\windows\inf\perflib\0804\perfi.dat
2009-08-06 14:40 109,926 a------- c:\windows\inf\perflib\0804\perfh.dat
2009-08-06 14:40 30,674 a------- c:\windows\inf\perflib\0804\perfd.dat
2009-08-06 14:40 30,674 a------- c:\windows\inf\perflib\0804\perfc.dat
2009-08-01 23:07 139,030 a------- c:\windows\inf\perflib\0411\perfi.dat
2009-08-01 23:07 139,030 a------- c:\windows\inf\perflib\0411\perfh.dat
2009-08-01 23:07 30,674 a------- c:\windows\inf\perflib\0411\perfd.dat
2009-08-01 23:07 30,674 a------- c:\windows\inf\perflib\0411\perfc.dat
2009-07-31 23:15 319,456 a------- c:\windows\DIFxAPI.dll
2009-07-21 14:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 14:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 14:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 13:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-20 19:22 1,226,272 a------- c:\windows\system32\RtkPgExt.dll
2009-07-20 19:22 52,256 a------- c:\windows\system32\RtkCoInst.dll
2009-07-20 19:21 2,898,464 a------- c:\windows\system32\RtkAPO.dll
2009-07-20 19:21 326,176 a------- c:\windows\system32\RtkApoApi.dll
2009-07-20 19:15 2,664,032 a------- c:\windows\system32\drivers\RTKVHDA.sys
2009-07-17 06:54 71,680 a------- c:\windows\system32\atl.dll
2009-07-15 05:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-15 05:39 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-15 05:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-15 05:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 17:17 15,308,440 a------- c:\windows\system32\xlive.dll
2009-07-14 17:17 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-07-14 11:54 10,854,400 a------- c:\windows\system32\nvoglv32.dll
2009-07-14 11:54 9,557,216 a------- c:\windows\system32\drivers\nvlddmkm.sys
2009-07-14 11:54 7,565,824 a------- c:\windows\system32\nvd3dum.dll
2009-07-14 11:54 3,287,040 a------- c:\windows\system32\nvwgf2um.dll
2009-07-14 11:54 2,169,376 a------- c:\windows\system32\nvcuvid.dll
2009-07-14 11:54 1,983,488 a------- c:\windows\system32\nvcuda.dll
2009-07-14 11:54 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-07-14 11:54 1,044,992 a------- c:\windows\system32\nvapi.dll
2009-07-14 11:54 485,920 a------- c:\windows\system32\nvudisp.exe
2009-07-14 11:54 151,552 a------- c:\windows\system32\nvcod157.dll
2009-07-14 11:54 151,552 a------- c:\windows\system32\nvcod.dll
2009-07-14 11:54 4,224 a------- c:\windows\system32\drivers\nvBridge.kmd
2009-07-10 07:01 485,920 a------- c:\windows\system32\nvuninst.exe
2009-07-09 12:16 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-07-09 12:16 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-06-29 12:16 160,256 a------- c:\windows\system32\FMAPO.dll
2009-06-15 07:54 175,104 a------- c:\windows\system32\wdigest.dll
2009-06-15 07:53 72,704 a------- c:\windows\system32\secur32.dll
2009-06-15 07:53 270,848 a------- c:\windows\system32\schannel.dll
2009-06-15 07:53 218,624 a------- c:\windows\system32\msv1_0.dll
2009-06-15 07:52 1,259,008 a------- c:\windows\system32\lsasrv.dll
2009-06-15 07:52 499,712 a------- c:\windows\system32\kerberos.dll
2009-06-15 05:48 9,728 a------- c:\windows\system32\lsass.exe
2009-06-10 04:42 160,256 a------- c:\windows\system32\wkssvc.dll
2009-06-10 04:38 91,136 a------- c:\windows\system32\avifil32.dll
2009-06-05 04:56 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-06-05 04:56 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-06-05 04:56 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-06-05 04:56 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-06-04 05:07 2,066,432 a------- c:\windows\system32\mstscax.dll
2008-01-20 19:41 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 0:01:25.07 ===============

Attached Files



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:38 AM

Posted 02 September 2009 - 04:43 PM

Hi shindou,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

The first thing you can do is download an antivirus. I can't see one on the log.
  • Download and install an antivirus program, and make sure that you keep it updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Two good antivirus programs free for non-commercial home use are Avast! and Antivir
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

This is optional

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.


This is a warning and the probable cause of the problems

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent and Limewire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


Now we can start to fix the problems

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop but rename it Combo-Fix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Then


Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 Shindou

Shindou
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 02 September 2009 - 07:24 PM

Will run all these now, CF first since MBAM won't install or even load up the installer, same with RootRepeal as suggested by the FAQ to run and include in my post.

#6 Shindou

Shindou
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 02 September 2009 - 08:25 PM

Alright, I ran CF and now I can't open anything, error message is: "Illegal operation attempted on a registry key marked for deletion"

I managed to get the CF log off of my comp, I am on my grandmas laptop right now, I cannot live without my computer, so a prompt reply is truly necessary, I cannot even open up Firefox or IE on my comp right now, I am somewhat afraid of turning it off, for fear it will not restart, and I can't even get the backup center to open, I removed Viewpoint, which I had no clue I had...and I use uTorrent for various legitimate reasons, therefore cannot really remove it, don't have limewire as far as I know. Anyway, here is the CF log.

ComboFix 09-09-02.02 - Shindou 09/02/2009 17:26.1.4 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3326.2116 [GMT -7:00]
Running from: c:\users\Shindou\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\users\Shindou\Documents\My Documents.url
c:\windows\TEMP\logishrd\LVPrcInj04.dll
F:\install.exe

.
((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
.

2009-09-02 19:46 . 2009-09-02 19:46 45 ----a-w- c:\users\Shindou\jagex_runescape_preferences2.dat
2009-09-02 03:30 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 03:30 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-01 22:49 . 2009-09-01 22:49 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-09-01 06:06 . 2009-09-01 06:08 -------- d-----w- c:\program files\Children of the Nile - Enhanced Edition
2009-08-31 09:17 . 2009-08-31 09:17 -------- d-----w- c:\users\Shindou\AppData\Local\Microsoft Games
2009-08-31 07:08 . 2009-08-31 07:08 -------- d-----w- c:\program files\Pcsx2
2009-08-28 18:19 . 2009-08-29 05:05 -------- d-----w- c:\program files\Silent Grove Studios
2009-08-28 07:39 . 2009-08-28 07:39 -------- d-----w- c:\program files\Evolved Games
2009-08-26 22:32 . 2009-08-26 22:32 -------- d-----w- c:\users\Shindou\AppData\Local\Fallout3
2009-08-26 01:59 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 01:54 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-20 22:28 . 2009-08-20 22:28 -------- d-----w- c:\users\Shindou\AppData\Local\EVE-Central MarketUploader
2009-08-20 19:35 . 2009-08-20 19:35 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-20 00:35 . 2009-08-20 00:35 -------- d-----w- c:\program files\Bethesda Softworks
2009-08-20 00:32 . 2009-08-20 00:32 -------- d-----w- c:\windows\system32\xlive
2009-08-20 00:16 . 2009-08-31 09:16 -------- d-----w- c:\program files\Cryptic Studios
2009-08-18 21:33 . 2009-08-18 21:33 -------- d-----w- c:\users\Shindou\AppData\Roaming\Notepad2
2009-08-18 21:33 . 2009-08-18 21:33 -------- d-----w- c:\program files\Notepad2
2009-08-15 03:34 . 2009-08-15 03:34 -------- d-----w- c:\program files\Trend Micro
2009-08-14 22:37 . 2009-08-14 22:37 -------- d-----w- c:\programdata\SimCity Societies
2009-08-14 22:35 . 2009-08-14 22:35 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-14 22:12 . 2009-08-14 22:12 531 ----a-w- c:\windows\eReg.dat
2009-08-14 22:12 . 2009-08-14 22:12 -------- d-----w- c:\program files\Maxis
2009-08-14 21:28 . 2009-08-14 21:28 -------- d-----w- c:\program files\Electronic Arts
2009-08-14 00:57 . 2009-08-31 08:25 -------- d-----w- c:\program files\Project64 1.6
2009-08-12 08:21 . 2009-08-12 08:21 -------- d-----w- c:\programdata\FLEXnet
2009-08-12 07:23 . 2009-08-12 08:16 -------- d-----w- c:\users\Shindou\AppData\Roaming\TortoiseSVN
2009-08-12 07:11 . 2009-08-12 07:11 -------- d-----w- c:\program files\Unlocker
2009-08-12 07:05 . 2009-08-12 07:05 -------- d-----w- c:\programdata\Saitek
2009-08-12 07:05 . 2009-08-12 07:05 -------- d-----w- c:\program files\Saitek
2009-08-12 06:41 . 2009-08-12 06:41 -------- d-----w- c:\program files\Bit Che
2009-08-12 06:41 . 2009-08-12 06:41 -------- d-----w- c:\users\Shindou\AppData\Roaming\Convivea
2009-08-12 05:00 . 2009-08-12 05:00 -------- d-----w- C:\sw3dg
2009-08-12 04:41 . 2009-08-21 00:10 -------- d-----w- c:\program files\HyperLobbyPro3
2009-08-11 20:46 . 2009-08-11 20:49 -------- d-----w- c:\users\Shindou\AppData\Roaming\TeamViewer
2009-08-11 20:46 . 2009-08-11 20:46 -------- d-----w- c:\program files\TeamViewer
2009-08-11 20:46 . 2009-08-11 20:46 -------- d-----w- c:\users\Shindou\temp
2009-08-11 08:52 . 2009-08-11 08:52 -------- d-----w- c:\program files\Adobe Media Player
2009-08-11 08:50 . 2009-08-11 08:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-10 20:53 . 2009-09-02 20:05 37 ----a-w- c:\users\Shindou\jagex_runescape_preferences.dat
2009-08-10 20:52 . 2009-08-20 10:09 -------- d-----w- c:\windows\.jagex_cache_32
2009-08-10 11:15 . 2009-09-02 03:39 80356 ----a-w- c:\windows\system32\perfc001.dat
2009-08-10 11:15 . 2009-09-02 03:39 441560 ----a-w- c:\windows\system32\perfh001.dat
2009-08-10 11:15 . 2009-08-10 11:13 41018 ----a-w- c:\windows\system32\perfd001.dat
2009-08-10 11:15 . 2009-08-10 11:13 285290 ----a-w- c:\windows\system32\perfi001.dat
2009-08-10 11:14 . 2009-08-10 11:14 -------- d-----w- c:\windows\fr-FR
2009-08-10 11:14 . 2009-08-10 11:14 -------- d-----w- c:\windows\ar-SA
2009-08-10 11:14 . 2009-08-10 11:14 -------- d-----w- c:\windows\system32\fr
2009-08-10 11:14 . 2009-08-10 11:14 -------- d-----w- c:\windows\system32\drivers\fr-FR
2009-08-10 11:14 . 2009-08-10 11:14 -------- d-----w- c:\windows\system32\drivers\ar-SA
2009-08-10 11:14 . 2009-08-10 11:14 -------- d-----w- c:\windows\system32\ar
2009-08-10 11:14 . 2009-08-10 11:14 -------- d-----w- c:\windows\system32\040C
2009-08-10 11:13 . 2009-08-11 02:27 -------- d-----w- c:\windows\system32\wbem\ar-SA
2009-08-10 11:13 . 2009-08-10 11:13 -------- d-----w- c:\windows\system32\wbem\fr-FR
2009-08-10 10:57 . 2009-08-10 10:56 332666 ----a-w- c:\windows\system32\perfi019.dat
2009-08-10 10:57 . 2009-09-02 03:39 655610 ----a-w- c:\windows\system32\perfh019.dat
2009-08-10 10:57 . 2009-09-02 03:39 127628 ----a-w- c:\windows\system32\perfc019.dat
2009-08-10 10:57 . 2009-08-10 10:56 38684 ----a-w- c:\windows\system32\perfd019.dat
2009-08-10 10:56 . 2009-08-10 10:56 -------- d-----w- c:\windows\system32\0419
2009-08-10 10:56 . 2009-08-10 10:56 -------- d-----w- c:\windows\system32\drivers\ru-RU
2009-08-10 10:56 . 2009-08-10 10:56 -------- d-----w- c:\windows\system32\ru
2009-08-10 10:56 . 2009-08-11 02:27 -------- d-----w- c:\windows\system32\wbem\ru-RU
2009-08-10 10:56 . 2009-08-10 10:56 -------- d-----w- c:\windows\ru-RU
2009-08-10 06:46 . 2009-08-10 06:46 -------- d-----w- c:\windows\East India Company v1.01 Update
2009-08-10 06:41 . 2009-08-10 06:41 -------- d-----w- c:\users\Shindou\AppData\Roaming\Participatory Culture Foundation
2009-08-10 06:40 . 2009-08-10 06:40 -------- d-----w- c:\program files\Participatory Culture Foundation
2009-08-10 05:28 . 2009-08-10 05:30 -------- d-----w- c:\users\Shindou\AppData\Roaming\Media Player Classic
2009-08-08 03:10 . 2009-08-08 03:10 -------- d-----w- c:\users\Shindou\AppData\Local\Gas Powered Games
2009-08-08 03:08 . 2009-08-31 07:50 -------- d-----w- c:\users\Shindou\AppData\Roaming\Hamachi
2009-08-08 03:08 . 2009-08-08 03:08 -------- d-----w- c:\program files\Hamachi
2009-08-08 03:08 . 2009-08-08 03:08 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-08-06 23:01 . 2005-01-02 03:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2009-08-06 23:01 . 2009-08-06 23:01 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-08-06 22:55 . 2009-08-08 02:45 -------- d-----w- c:\users\Shindou\AppData\Roaming\ijjigame
2009-08-06 22:55 . 2009-08-06 22:55 -------- d-----w- C:\ijji
2009-08-06 22:55 . 2009-08-06 22:55 -------- d-----w- c:\programdata\ijjigame
2009-08-06 22:51 . 2009-08-06 22:51 -------- d-----w- c:\program files\NHN USA
2009-08-06 22:51 . 2009-05-27 00:31 58800 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2009-08-06 22:51 . 2009-05-13 03:48 710064 ----a-w- c:\windows\system32\ijjiSetup.exe
2009-08-06 22:51 . 2008-06-12 06:01 58800 ----a-w- c:\windows\system32\ijjiPlugin2.dll
2009-08-06 22:51 . 2008-04-23 21:02 157152 ----a-w- c:\windows\system32\PubPlugin.dll
2009-08-06 22:07 . 2009-09-02 03:39 370488 ----a-w- c:\windows\system32\prfh0404.dat
2009-08-06 22:07 . 2009-09-02 03:39 103046 ----a-w- c:\windows\system32\prfc0404.dat
2009-08-06 22:07 . 2009-08-06 22:06 30674 ----a-w- c:\windows\system32\prfd0404.dat
2009-08-06 22:07 . 2009-08-06 22:06 116540 ----a-w- c:\windows\system32\prfi0404.dat
2009-08-06 22:07 . 2009-08-06 22:07 -------- d-----w- c:\windows\zh-TW
2009-08-06 22:07 . 2009-08-06 22:07 -------- d-----w- c:\windows\system32\zh-CHT
2009-08-06 22:06 . 2009-08-06 22:06 -------- d-----w- c:\windows\system32\drivers\zh-TW
2009-08-06 22:06 . 2009-08-06 22:06 -------- d-----w- c:\windows\system32\drivers\zh-HK
2009-08-06 22:06 . 2009-08-10 10:44 -------- d-----w- c:\windows\system32\wbem\zh-TW
2009-08-06 22:06 . 2009-08-06 22:06 -------- d-----w- c:\windows\system32\0C04
2009-08-06 21:54 . 2009-09-02 03:39 397586 ----a-w- c:\windows\system32\perfh012.dat
2009-08-06 21:54 . 2009-09-02 03:39 102976 ----a-w- c:\windows\system32\perfc012.dat
2009-08-06 21:54 . 2009-08-06 21:53 30674 ----a-w- c:\windows\system32\perfd012.dat
2009-08-06 21:54 . 2009-08-06 21:53 155890 ----a-w- c:\windows\system32\perfi012.dat
2009-08-06 21:53 . 2009-08-06 21:53 -------- d-----w- c:\windows\ko-KR
2009-08-06 21:53 . 2009-08-06 21:53 -------- d-----w- c:\windows\system32\0412
2009-08-06 21:53 . 2009-08-06 21:53 -------- d-----w- c:\windows\system32\drivers\ko-KR
2009-08-06 21:53 . 2009-08-06 21:53 -------- d-----w- c:\windows\system32\ko
2009-08-06 21:53 . 2009-08-10 10:44 -------- d-----w- c:\windows\system32\wbem\ko-KR
2009-08-06 21:41 . 2009-09-02 03:39 361922 ----a-w- c:\windows\system32\prfh0804.dat
2009-08-06 21:41 . 2009-09-02 03:39 103040 ----a-w- c:\windows\system32\prfc0804.dat
2009-08-06 21:41 . 2009-08-06 21:40 30674 ----a-w- c:\windows\system32\prfd0804.dat
2009-08-06 21:41 . 2009-08-06 21:40 109926 ----a-w- c:\windows\system32\prfi0804.dat
2009-08-06 21:41 . 2009-08-06 21:41 -------- d-----w- c:\windows\system32\zh-CHS
2009-08-06 21:41 . 2009-08-06 21:41 -------- d-----w- c:\windows\system32\drivers\zh-CN
2009-08-06 21:41 . 2009-08-10 10:44 -------- d-----w- c:\windows\system32\wbem\zh-CN
2009-08-06 21:41 . 2009-08-06 21:41 -------- d-----w- c:\windows\system32\0804
2009-08-06 21:40 . 2009-08-06 21:40 -------- d-----w- c:\windows\zh-CN
2009-08-06 21:29 . 2009-08-06 21:29 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-08-06 20:51 . 2009-08-06 20:51 -------- d-----w- c:\users\Shindou\AppData\Roaming\acccore
2009-08-06 20:51 . 2009-08-06 20:51 -------- d-----w- c:\users\Shindou\AppData\Local\AOL OCP
2009-08-06 20:51 . 2009-08-06 20:51 -------- d-----w- c:\users\Shindou\AppData\Local\AOL
2009-08-06 20:51 . 2009-08-06 20:51 -------- d-----w- c:\programdata\Viewpoint
2009-08-06 20:51 . 2009-08-06 20:51 -------- d-----w- c:\programdata\acccore
2009-08-06 20:51 . 2009-08-06 20:52 -------- d-----w- c:\programdata\AOL OCP
2009-08-06 20:51 . 2009-08-06 20:51 -------- d-----w- c:\programdata\AOL
2009-08-06 20:51 . 2009-08-06 20:51 -------- d-----w- c:\program files\Common Files\AOL
2009-08-06 20:50 . 2009-08-06 20:51 -------- d-----w- c:\program files\AIM6
2009-08-06 05:39 . 2009-08-26 04:13 -------- d-----w- c:\program files\HuxleyTheDystopia
2009-08-06 02:48 . 2009-08-06 02:51 -------- d-----w- c:\programdata\LogiShrd
2009-08-06 00:55 . 2009-08-28 08:29 -------- d-----w- c:\users\Shindou\AppData\Roaming\IGN_DLM
2009-08-06 00:55 . 2009-08-06 00:55 -------- d-----w- c:\program files\Download Manager
2009-08-05 02:56 . 2009-09-02 06:27 -------- d-----w- c:\users\Shindou\AppData\Roaming\dvdcss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-03 00:41 . 2009-08-01 08:22 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-09-03 00:24 . 2009-08-01 05:39 -------- d-----w- c:\users\Shindou\AppData\Roaming\Xfire
2009-09-03 00:24 . 2009-08-02 07:04 -------- d-----w- c:\users\Shindou\AppData\Roaming\uTorrent
2009-09-02 22:10 . 2009-08-01 04:55 -------- d-----w- c:\program files\Common Files\Steam
2009-09-02 22:10 . 2009-08-01 04:55 -------- d-----w- c:\program files\Steam
2009-09-02 06:46 . 2009-08-01 07:41 -------- d-----w- c:\users\Shindou\AppData\Roaming\vlc
2009-09-02 04:22 . 2009-08-01 20:51 -------- d-----w- c:\users\Shindou\AppData\Roaming\EVEMon
2009-09-02 03:39 . 2009-08-02 06:10 384386 ----a-w- c:\windows\system32\perfh011.dat
2009-09-02 03:39 . 2009-08-02 06:10 103208 ----a-w- c:\windows\system32\perfc011.dat
2009-09-02 03:34 . 2009-08-01 05:39 -------- d-----w- c:\program files\Xfire
2009-09-02 03:34 . 2009-08-01 05:39 -------- d-----w- c:\programdata\Xfire
2009-08-31 07:20 . 2009-08-31 07:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2009-08-28 10:15 . 2009-08-01 08:44 -------- d-----w- c:\programdata\Apple Computer
2009-08-26 04:13 . 2009-08-01 04:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-21 00:18 . 2009-08-01 05:52 -------- d-----w- c:\program files\Galaxy Online
2009-08-13 09:47 . 2009-08-01 08:59 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-08-13 09:46 . 2009-08-01 08:59 -------- d-----w- c:\program files\TortoiseSVN
2009-08-12 00:27 . 2006-11-02 12:35 -------- d-----w- c:\program files\Microsoft Games
2009-08-11 22:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-11 20:19 . 2009-08-01 03:38 56032 ----a-w- c:\users\Shindou\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-11 08:53 . 2009-08-02 07:37 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-10 11:14 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-08-10 11:14 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-08-10 11:14 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-08-10 11:14 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-08-06 02:49 . 2009-08-01 07:52 -------- d-----w- c:\program files\Common Files\logishrd
2009-08-06 02:48 . 2009-08-01 04:40 -------- d-----w- c:\program files\Logitech
2009-08-06 00:42 . 2009-08-01 06:08 -------- d-----w- c:\program files\Java
2009-08-04 21:36 . 2009-08-01 05:09 -------- d-----w- c:\users\Shindou\AppData\Roaming\Ventrilo
2009-08-02 07:42 . 2009-08-02 07:42 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-08-02 07:05 . 2009-08-02 07:05 -------- d-----w- c:\program files\uTorrent
2009-08-02 06:07 . 2009-08-02 06:10 30674 ----a-w- c:\windows\system32\perfd011.dat
2009-08-02 06:07 . 2009-08-02 06:10 139030 ----a-w- c:\windows\system32\perfi011.dat
2009-08-02 05:53 . 2009-08-02 05:53 -------- d-----w- c:\program files\BitLocker
2009-08-01 20:51 . 2009-08-01 20:51 -------- d-----w- c:\program files\EVEMon
2009-08-01 18:49 . 2009-08-01 08:55 -------- d-----w- c:\users\Shindou\AppData\Roaming\Apple Computer
2009-08-01 18:42 . 2009-08-01 18:42 -------- d-----w- c:\users\Shindou\AppData\Roaming\Subversion
2009-08-01 18:38 . 2009-08-01 18:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-01 18:38 . 2009-08-01 08:29 -------- d-----w- c:\programdata\Apple
2009-08-01 09:57 . 2009-08-01 09:57 -------- d-----w- c:\program files\CCleaner
2009-08-01 08:54 . 2009-08-01 08:52 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-01 08:54 . 2009-08-01 08:52 -------- d-----w- c:\program files\iTunes
2009-08-01 08:53 . 2009-08-01 08:53 -------- d-----w- c:\program files\iPod
2009-08-01 08:53 . 2009-08-01 08:29 -------- d-----w- c:\program files\Common Files\Apple
2009-08-01 08:49 . 2009-08-01 08:49 -------- d-----w- c:\program files\Bonjour
2009-08-01 08:49 . 2009-08-01 08:44 -------- d-----w- c:\program files\QuickTime
2009-08-01 08:40 . 2009-08-01 08:39 -------- d-----w- c:\program files\Apple Software Update
2009-08-01 08:18 . 2009-08-01 08:18 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-01 07:59 . 2009-08-01 04:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-01 07:54 . 2009-08-01 03:38 680 ----a-w- c:\users\Shindou\AppData\Local\d3d9caps.dat
2009-08-01 07:46 . 2009-08-01 07:46 -------- d-----w- c:\program files\SystemRequirementsLab
2009-08-01 07:46 . 2009-08-01 07:46 -------- d-----w- c:\users\Shindou\AppData\Roaming\SystemRequirementsLab
2009-08-01 07:44 . 2009-08-01 07:44 -------- d-----w- c:\program files\Haali
2009-08-01 07:43 . 2009-08-01 07:39 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-08-01 07:41 . 2009-08-01 07:41 -------- d-----w- c:\program files\ffdshow
2009-08-01 07:38 . 2009-08-01 07:38 -------- d-----w- c:\program files\VideoLAN
2009-08-01 06:49 . 2009-08-01 06:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_lgSSBW_01_00_00.Wdf
2009-08-01 06:49 . 2009-08-01 06:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
2009-08-01 06:18 . 2009-08-01 06:14 -------- d--h--w- c:\program files\Temp
2009-08-01 06:15 . 2009-08-01 06:15 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-08-01 06:15 . 2009-08-01 06:15 -------- d-----w- c:\program files\Realtek
2009-08-01 06:14 . 2009-08-01 06:14 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-01 06:12 . 2009-08-01 06:12 -------- d-----w- c:\program files\JRE
2009-08-01 06:12 . 2009-08-01 06:11 -------- d-----w- c:\program files\OpenOffice.org 3
2009-08-01 05:39 . 2009-08-01 05:39 552 ----a-w- c:\users\Shindou\AppData\Local\d3d8caps.dat
2009-08-01 05:07 . 2009-08-01 05:07 -------- d-----w- c:\programdata\CCP
2009-08-01 05:07 . 2009-08-01 05:07 -------- d-----w- c:\program files\CCP
2009-08-01 04:54 . 2009-08-01 04:54 -------- d-----w- c:\program files\Ventrilo
2009-08-01 04:40 . 2009-08-01 04:40 -------- d-----w- c:\programdata\Logitech
2009-08-01 04:22 . 2009-08-01 04:22 -------- d-----w- c:\programdata\Razer
2009-08-01 04:18 . 2009-08-01 04:18 -------- d-----w- c:\program files\Razer
2009-08-01 04:18 . 2009-08-01 04:18 -------- d-----w- c:\users\Shindou\AppData\Roaming\InstallShield
2009-08-01 04:17 . 2009-08-01 04:17 0 ----a-w- c:\windows\nsreg.dat
2009-07-25 12:23 . 2009-08-01 06:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-08-26 01:57 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-26 01:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-26 01:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-26 01:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-21 02:22 . 2009-08-01 06:15 52256 ----a-w- c:\windows\system32\RtkCoInst.dll
2009-07-21 02:22 . 2009-08-01 06:15 1226272 ----a-w- c:\windows\system32\RtkPgExt.dll
2009-07-21 02:21 . 2009-08-01 06:15 326176 ----a-w- c:\windows\system32\RtkApoApi.dll
2009-07-21 02:21 . 2009-08-01 06:15 2898464 ----a-w- c:\windows\system32\RtkAPO.dll
2009-07-21 02:15 . 2009-08-01 06:15 2664032 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2009-07-17 13:54 . 2009-08-11 22:41 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-11 22:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-11 22:41 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-11 22:41 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-11 22:41 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-15 00:17 . 2009-07-15 00:17 15308440 ----a-w- c:\windows\system32\xlive.dll
2009-07-15 00:17 . 2009-07-15 00:17 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-07-14 18:54 . 2009-08-01 07:56 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-14 18:54 . 2009-08-01 07:56 9557216 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-07-14 18:54 . 2009-08-01 07:56 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-07-14 18:54 . 2009-08-01 07:56 3287040 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-07-14 18:54 . 2009-08-01 07:56 10854400 ----a-w- c:\windows\system32\nvoglv32.dll
2009-07-14 18:54 . 2009-08-01 07:56 7565824 ----a-w- c:\windows\system32\nvd3dum.dll
2009-07-14 18:54 . 2009-08-01 07:56 2169376 ----a-w- c:\windows\system32\nvcuvid.dll
2009-07-14 18:54 . 2009-08-01 07:56 1983488 ----a-w- c:\windows\system32\nvcuda.dll
2009-07-14 18:54 . 2009-08-01 07:56 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-07-14 18:54 . 2009-08-01 07:56 151552 ----a-w- c:\windows\system32\nvcod157.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-05-15 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2008-10-14 172032]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-05-04 354312]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-21 7625248]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-05-04 1572872]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-05-04 2817544]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Shindou^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Shindou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:thumbup2::7c,0e,9b,e6,28,13,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{19174AC6-0644-4C7E-97F7-687BDF4805C6}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{66B5D05F-954C-4CEB-9EB7-0DE9A785AA29}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"TCP Query User{BD14051C-FA2A-4A33-A356-1D2E56816B53}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{3353D71E-F11B-4735-93CC-660FE740DFFC}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"{249645C3-F15F-4B18-A13D-A38651586D72}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0A4A7644-6806-496D-B213-F91DC58058C6}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{434BF48D-A36D-4800-8B69-D9173642657B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{413FA2B7-C8A3-43EC-A34C-98EC44A91EAF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{0C421478-0F4C-436F-94C3-BA4D48450F81}"= UDP:c:\program files\Steam\steamapps\common\reaxxion\Reaxxion.exe:Reaxxion
"{3E1861EF-7829-42AB-BCC8-623CF62E9D65}"= TCP:c:\program files\Steam\steamapps\common\reaxxion\Reaxxion.exe:Reaxxion
"{C14A59DD-CA36-4774-82A5-C478CA5CFAC5}"= UDP:c:\program files\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe:Defense Grid: The Awakening
"{8F71DD06-A96C-479A-98FE-E5B8B2F45B25}"= TCP:c:\program files\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe:Defense Grid: The Awakening
"{6741ADE1-EED7-4F5F-B4EF-92F055456DDB}"= UDP:c:\program files\Steam\steamapps\common\men of war\mow.exe:Men of War
"{10306F0A-A50C-4789-8FBD-085D89D95B08}"= TCP:c:\program files\Steam\steamapps\common\men of war\mow.exe:Men of War
"{B2ED4EB3-BD66-442F-83EE-36619D3B372B}"= UDP:c:\program files\Steam\steamapps\common\men of war\mow_editor.exe:Men of War
"{BF1B4B4D-2C2F-40A8-9BF3-45A579FCE390}"= TCP:c:\program files\Steam\steamapps\common\men of war\mow_editor.exe:Men of War
"{61DDD742-9D2B-41DA-9A8C-734B60FAA2E9}"= UDP:c:\program files\Steam\steamapps\common\il 2 sturmovik 1946\il2fb.exe:IL-2 Sturmovik: 1946
"{B76A000E-AD93-4798-A982-3EAF1F4D2CD7}"= TCP:c:\program files\Steam\steamapps\common\il 2 sturmovik 1946\il2fb.exe:IL-2 Sturmovik: 1946
"{1E71E26D-9D68-4C95-AC94-208BE512B30D}"= UDP:c:\program files\Steam\steamapps\common\universe at war earth assault\LaunchUAW.exe:Universe at War: Earth Assault
"{852B3DA8-B004-4FBA-846F-44BFA5FE81E3}"= TCP:c:\program files\Steam\steamapps\common\universe at war earth assault\LaunchUAW.exe:Universe at War: Earth Assault
"{843AFEE3-6572-4061-BFCD-904FF4DC8BAD}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{1405700E-D32E-4C21-B1C1-BC8D9A0FB85B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{A4C758BE-7C0B-4ED4-A8EE-CD1D38E0A440}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BA134AFA-1702-40D1-B4A0-A56ED800354F}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{94CFE73C-E1B2-441D-ABB2-A13C85D70C3A}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{88D3F3E0-E6A7-4A72-9AF8-DE9455935467}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{3B155508-77AB-4951-AEF8-02447FF1B855}"= UDP:5353:Adobe CSI CS4
"{2B71329B-5BD1-478E-BB75-9CCAC1EF0F09}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{4D3DD023-ECD5-49D4-9C1D-A2C72E2D11CE}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [5/18/2009 6:13 AM 185640]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\System32\drivers\vrtaucbl.sys [8/4/2009 4:51 PM 31616]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\System32\drivers\Lachesis.sys [7/31/2009 9:18 PM 12032]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SaiH075C;SaiH075C;c:\windows\System32\drivers\SaiH075C.sys [5/1/2007 4:11 PM 132232]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAX5-10401C608512}]
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: {92B1B76A-7E59-4D75-BCCD-6801B8251E70} = 216.228.160.3,216.228.160.4
FF - ProfilePath - c:\users\Shindou\AppData\Roaming\Mozilla\Firefox\Profiles\xw81g6bz.default\
FF - prefs.js: browser.search.selectedEngine - isoHunt - BT search
FF - prefs.js: browser.startup.homepage - hxxp://www.runescape.com/title.ws
FF - component: c:\users\Shindou\AppData\Roaming\Mozilla\Firefox\Profiles\xw81g6bz.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\users\Shindou\AppData\Roaming\Mozilla\Firefox\Profiles\xw81g6bz.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2588)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-09-03 17:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-03 00:50

Pre-Run: 1,026,290,728,960 bytes free
Post-Run: 1,026,782,765,056 bytes free

430 --- E O F --- 2009-09-02 03:31

#7 Shindou

Shindou
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 03 September 2009 - 02:03 AM

I rebooted and it fixed the strange registry error thing, want me to run another dds after mbam and avast run?

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:38 AM

Posted 03 September 2009 - 04:43 PM

want me to run another dds after mbam and avast run?


Not yet shindou. I want to see what MBAM discovers.

No need to run Avast at this stage either.
Posted Image
m0le is a proud member of UNITE

#9 Shindou

Shindou
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 03 September 2009 - 05:57 PM

Alright, here is the MBAM report, I told it to ignore and not remove files I know are safe, they are trainers for a few games I play, trainers inherently look like Malware because they inject code into the game as it is running, as I am sure you are well aware.

Malwarebytes' Anti-Malware 1.40
Database version: 2734
Windows 6.0.6002 Service Pack 2

9/3/2009 3:56:40 PM
mbam-log-2009-09-03 (15-56-40).txt

Scan type: Full Scan (C:\|E:\|F:\|)
Objects scanned: 1232058
Time elapsed: 2 hour(s), 46 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5c0-4fcb-11cf-aax5-10401c608512} (Generic.Bot.H) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
E:\Sony Vegas Pro 9 + Crack and KeyGen\crack vegas 9\Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Shindou\AppData\Roaming\Convivea\Bit_Che\scripts\special.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\Games\Star Wars Games\Star.Wars.Empire.At.War-RELOADED\Crack\rld-sweawkg.exe (Malware.Packer) -> Quarantined and deleted successfully.
F:\Shindou\AppData\Roaming\Convivea\Bit_Che\scripts\special.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:38 AM

Posted 03 September 2009 - 07:24 PM

Someone on this system was trying to access cracks or a 'keygen'....this is a certain way to attract malware to your system. As well as being illegal, 'Cracks' and 'Keygens' are often associated or loaded with malware, and should be avoided (along with 'crack' sites).

However, your MBAM log removed a few things, please run this online scanner to check for other infected files,

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Then you can post a DDS log.

Thanks :thumbup2:

Edited by m0le, 03 September 2009 - 07:25 PM.

Posted Image
m0le is a proud member of UNITE

#11 Shindou

Shindou
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 03 September 2009 - 08:48 PM

This ESET thing is going to take a very long time, so, I will post it the minute it is finished, which may be too late for you to respond.

#12 Shindou

Shindou
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 04 September 2009 - 03:17 AM

Alright, all that ESET thing found was my trainer folder from CheatHappens, those are all legitimate. Here is the DDS and Attach.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Shindou at 1:08:08.01 on Fri 09/04/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3326.2069 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Razer\Lachesis\OSD.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Razer\Lachesis\razertra.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Users\Shindou\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Lachesis] c:\program files\razer\lachesis\razerhid.exe
mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {92B1B76A-7E59-4D75-BCCD-6801B8251E70} = 216.228.160.3,216.228.160.4
AppInit_DLLs: c:\windows\system32\acaptuser32.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\shindou\appdata\roaming\mozilla\firefox\profiles\xw81g6bz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.runescape.com/title.ws
FF - component: c:\users\shindou\appdata\roaming\mozilla\firefox\profiles\xw81g6bz.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\users\shindou\appdata\roaming\mozilla\firefox\profiles\xw81g6bz.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-3 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-3 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-9-3 53328]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-5-18 185640]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2009-8-4 31616]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2009-7-31 12032]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SaiH075C;SaiH075C;c:\windows\system32\drivers\SaiH075C.sys [2007-5-1 132232]
S3 uisp;Freescale USB JW32 driver;c:\windows\system32\drivers\Usbicp.sys [2009-7-31 14592]

=============== Created Last 30 ================

2009-09-03 18:33 <DIR> --d----- c:\program files\ESET
2009-09-03 17:54 <DIR> --d----- c:\users\shindou\appdata\roaming\OpenOffice.org
2009-09-03 15:58 <DIR> --d----- C:\NeverwinterNights
2009-09-03 00:09 53,328 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-09-03 00:03 <DIR> --d----- c:\users\shindou\appdata\roaming\Malwarebytes
2009-09-03 00:03 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-03 00:02 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-09-03 00:02 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-03 00:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-03 00:02 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-03 00:00 318,976 a------- c:\windows\system32\CF20584.exe
2009-09-03 00:00 <DIR> --ds---- C:\Combo-Fix
2009-09-02 18:19 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-09-02 17:45 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-09-02 17:25 229,888 a------- c:\windows\PEV.exe
2009-09-02 17:25 161,792 a------- c:\windows\SWREG.exe
2009-09-02 17:25 98,816 a------- c:\windows\sed.exe
2009-09-02 12:46 45 a------- c:\users\shindou\jagex_runescape_preferences2.dat
2009-09-01 20:30 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-01 20:30 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-01 15:49 41,872 a------- c:\windows\system32\xfcodec.dll
2009-08-31 23:06 <DIR> --d----- c:\program files\Children of the Nile - Enhanced Edition
2009-08-31 00:44 559 a------- c:\windows\kaillera.ini
2009-08-31 00:20 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2009-08-31 00:08 <DIR> --d----- c:\program files\Pcsx2
2009-08-28 11:19 <DIR> --d----- c:\program files\Silent Grove Studios
2009-08-28 03:13 <DIR> --d----- c:\windows\system32\appmgmt
2009-08-28 00:39 <DIR> --d----- c:\program files\Evolved Games
2009-08-25 18:59 2,048 a------- c:\windows\system32\tzres.dll
2009-08-25 18:54 72,704 a------- c:\windows\system32\admparse.dll
2009-08-20 12:35 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-08-19 17:35 <DIR> --d----- c:\program files\Bethesda Softworks
2009-08-19 17:32 <DIR> --d----- c:\windows\system32\xlive
2009-08-19 17:16 <DIR> --d----- c:\program files\Cryptic Studios
2009-08-18 14:33 <DIR> --d----- c:\users\shindou\appdata\roaming\Notepad2
2009-08-18 14:33 <DIR> --d----- c:\program files\Notepad2
2009-08-14 20:34 <DIR> --d----- c:\program files\Trend Micro
2009-08-14 20:09 68 a------- c:\windows\wininit.ini
2009-08-14 15:37 <DIR> --d----- c:\programdata\SimCity Societies
2009-08-14 15:37 <DIR> --d----- c:\progra~2\SimCity Societies
2009-08-14 15:35 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-08-14 15:12 531 a------- c:\windows\eReg.dat
2009-08-14 15:12 <DIR> --d----- c:\program files\Maxis
2009-08-14 14:28 <DIR> --d----- c:\windows\pss
2009-08-13 17:57 <DIR> --d----- c:\program files\Project64 1.6
2009-08-12 01:21 <DIR> --d----- c:\programdata\FLEXnet
2009-08-12 00:23 <DIR> --d----- c:\users\shindou\appdata\roaming\TortoiseSVN
2009-08-12 00:11 <DIR> --d----- c:\program files\Unlocker
2009-08-12 00:05 <DIR> --d----- c:\programdata\Saitek
2009-08-12 00:05 <DIR> --d----- c:\progra~2\Saitek
2009-08-12 00:05 <DIR> --d----- c:\program files\Saitek
2009-08-11 23:41 1,081,616 a------- c:\windows\system32\mscomctl.OCX
2009-08-11 23:41 152,848 a------- c:\windows\system32\comdlg32.OCX
2009-08-11 23:41 <DIR> --d----- c:\users\shindou\appdata\roaming\Convivea
2009-08-11 23:41 <DIR> --d----- c:\program files\Bit Che
2009-08-11 22:01 8,252 a------- c:\windows\system32\SaiD075C.pr0
2009-08-11 22:00 <DIR> --d----- C:\sw3dg
2009-08-11 21:41 <DIR> --d----- c:\program files\HyperLobbyPro3
2009-08-11 13:46 <DIR> --d----- c:\users\shindou\appdata\roaming\TeamViewer
2009-08-11 13:46 <DIR> --d----- c:\program files\TeamViewer
2009-08-11 13:46 <DIR> --d----- c:\users\shindou\temp
2009-08-10 13:53 37 a------- c:\users\shindou\jagex_runescape_preferences.dat
2009-08-10 13:52 <DIR> --d----- c:\windows\.jagex_cache_32
2009-08-10 04:15 441,560 a------- c:\windows\system32\perfh001.dat
2009-08-10 04:15 285,290 a------- c:\windows\system32\perfi001.dat
2009-08-10 04:15 80,356 a------- c:\windows\system32\perfc001.dat
2009-08-10 04:15 41,018 a------- c:\windows\system32\perfd001.dat
2009-08-10 04:14 <DIR> --d----- c:\windows\fr-FR
2009-08-10 04:14 <DIR> --d----- c:\windows\ar-SA
2009-08-10 04:14 <DIR> --d----- c:\windows\system32\fr
2009-08-10 04:14 <DIR> --d----- c:\windows\system32\drivers\fr-FR
2009-08-10 04:14 <DIR> --d----- c:\windows\system32\drivers\ar-SA
2009-08-10 04:14 <DIR> --d----- c:\windows\system32\ar
2009-08-10 04:14 <DIR> --d----- c:\windows\system32\040C
2009-08-10 04:13 <DIR> --d----- c:\windows\system32\wbem\fr-FR
2009-08-10 04:13 <DIR> --d----- c:\windows\system32\wbem\ar-SA
2009-08-10 03:57 332,666 a------- c:\windows\system32\perfi019.dat
2009-08-10 03:57 655,610 a------- c:\windows\system32\perfh019.dat
2009-08-10 03:57 127,628 a------- c:\windows\system32\perfc019.dat
2009-08-10 03:57 38,684 a------- c:\windows\system32\perfd019.dat
2009-08-10 03:56 <DIR> --d----- c:\windows\system32\0419
2009-08-10 03:56 <DIR> --d----- c:\windows\system32\drivers\ru-RU
2009-08-10 03:56 <DIR> --d----- c:\windows\system32\ru
2009-08-10 03:56 <DIR> --d----- c:\windows\system32\wbem\ru-RU
2009-08-10 03:56 <DIR> --d----- c:\windows\ru-RU
2009-08-09 23:46 <DIR> --d----- c:\windows\East India Company v1.01 Update
2009-08-09 23:41 <DIR> --d----- c:\users\shindou\appdata\roaming\Participatory Culture Foundation
2009-08-09 23:40 <DIR> --d----- c:\program files\Participatory Culture Foundation
2009-08-07 20:08 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-08-07 20:08 <DIR> --d----- c:\program files\Hamachi
2009-08-07 19:51 15,308,424 a------- c:\windows\system32\xlive.dll
2009-08-07 19:51 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-08-07 19:51 178,430 a------- c:\windows\system32\xlive.dll.cat
2009-08-06 16:01 3,194,176 a------- c:\windows\system32\GameMon.des
2009-08-06 16:01 5,174 a------- c:\windows\system32\nppt9x.vxd
2009-08-06 16:01 4,682 a------- c:\windows\system32\npptNT2.sys
2009-08-06 16:01 <DIR> --d----- c:\program files\common files\INCA Shared
2009-08-06 15:55 <DIR> --d----- C:\ijji
2009-08-06 15:55 <DIR> --d----- c:\programdata\ijjigame
2009-08-06 15:55 <DIR> --d----- c:\progra~2\ijjigame
2009-08-06 15:51 710,064 a------- c:\windows\system32\ijjiSetup.exe
2009-08-06 15:51 157,152 a------- c:\windows\system32\PubPlugin.dll
2009-08-06 15:51 58,800 a------- c:\windows\system32\ijjiProcessRestarter.exe
2009-08-06 15:51 58,800 a------- c:\windows\system32\ijjiPlugin2.dll
2009-08-06 15:51 <DIR> --d----- c:\program files\NHN USA
2009-08-06 15:07 370,488 a------- c:\windows\system32\prfh0404.dat
2009-08-06 15:07 116,540 a------- c:\windows\system32\prfi0404.dat
2009-08-06 15:07 103,046 a------- c:\windows\system32\prfc0404.dat
2009-08-06 15:07 30,674 a------- c:\windows\system32\prfd0404.dat
2009-08-06 15:07 <DIR> --d----- c:\windows\zh-TW
2009-08-06 15:07 <DIR> --d----- c:\windows\system32\zh-CHT
2009-08-06 15:06 <DIR> --d----- c:\windows\system32\drivers\zh-TW
2009-08-06 15:06 <DIR> --d----- c:\windows\system32\drivers\zh-HK
2009-08-06 15:06 <DIR> --d----- c:\windows\system32\wbem\zh-TW
2009-08-06 15:06 <DIR> --d----- c:\windows\system32\0C04
2009-08-06 14:54 397,586 a------- c:\windows\system32\perfh012.dat
2009-08-06 14:54 155,890 a------- c:\windows\system32\perfi012.dat
2009-08-06 14:54 102,976 a------- c:\windows\system32\perfc012.dat
2009-08-06 14:54 30,674 a------- c:\windows\system32\perfd012.dat
2009-08-06 14:53 <DIR> --d----- c:\windows\ko-KR
2009-08-06 14:53 <DIR> --d----- c:\windows\system32\0412
2009-08-06 14:53 <DIR> --d----- c:\windows\system32\drivers\ko-KR
2009-08-06 14:53 <DIR> --d----- c:\windows\system32\ko
2009-08-06 14:53 <DIR> --d----- c:\windows\system32\wbem\ko-KR
2009-08-06 14:41 361,922 a------- c:\windows\system32\prfh0804.dat
2009-08-06 14:41 109,926 a------- c:\windows\system32\prfi0804.dat
2009-08-06 14:41 103,040 a------- c:\windows\system32\prfc0804.dat
2009-08-06 14:41 30,674 a------- c:\windows\system32\prfd0804.dat
2009-08-06 14:41 <DIR> --d----- c:\windows\system32\zh-CHS
2009-08-06 14:41 <DIR> --d----- c:\windows\system32\drivers\zh-CN
2009-08-06 14:41 <DIR> --d----- c:\windows\system32\wbem\zh-CN
2009-08-06 14:41 <DIR> --d----- c:\windows\system32\0804
2009-08-06 14:40 <DIR> --d----- c:\windows\zh-CN
2009-08-06 14:29 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-08-06 13:51 <DIR> --d----- c:\programdata\Viewpoint
2009-08-06 13:51 <DIR> --d----- c:\progra~2\Viewpoint
2009-08-06 13:51 <DIR> --d----- c:\programdata\acccore
2009-08-06 13:51 <DIR> --d----- c:\progra~2\acccore
2009-08-06 13:51 <DIR> --d----- c:\programdata\AOL OCP
2009-08-06 13:51 <DIR> --d----- c:\programdata\AOL
2009-08-06 13:51 <DIR> --d----- c:\program files\common files\AOL
2009-08-06 13:50 <DIR> --d----- c:\program files\AIM6
2009-08-06 13:50 365 a---h--- C:\IPH.PH
2009-08-05 22:39 <DIR> --d----- c:\program files\HuxleyTheDystopia
2009-08-05 19:48 <DIR> --d----- c:\programdata\LogiShrd
2009-08-05 17:55 <DIR> --d----- c:\program files\Download Manager

==================== Find3M ====================

2009-09-03 16:39 384,386 a------- c:\windows\system32\perfh011.dat
2009-09-03 16:39 103,208 a------- c:\windows\system32\perfc011.dat
2009-09-03 16:26 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-08-31 00:20 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-31 00:20 51,200 a------- c:\windows\inf\infpub.dat
2009-08-31 00:19 86,016 a------- c:\windows\inf\infstor.dat
2009-08-28 19:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 19:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 19:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 19:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-10 04:13 285,290 a------- c:\windows\inf\perflib\0401\perfi.dat
2009-08-10 04:13 285,290 a------- c:\windows\inf\perflib\0401\perfh.dat
2009-08-10 04:13 41,018 a------- c:\windows\inf\perflib\0401\perfd.dat
2009-08-10 04:13 41,018 a------- c:\windows\inf\perflib\0401\perfc.dat
2009-08-10 03:56 332,666 a------- c:\windows\inf\perflib\0419\perfi.dat
2009-08-10 03:56 332,666 a------- c:\windows\inf\perflib\0419\perfh.dat
2009-08-10 03:56 38,684 a------- c:\windows\inf\perflib\0419\perfd.dat
2009-08-10 03:56 38,684 a------- c:\windows\inf\perflib\0419\perfc.dat
2009-08-06 15:06 116,540 a------- c:\windows\inf\perflib\0404\perfi.dat
2009-08-06 15:06 116,540 a------- c:\windows\inf\perflib\0404\perfh.dat
2009-08-06 15:06 30,674 a------- c:\windows\inf\perflib\0404\perfd.dat
2009-08-06 15:06 30,674 a------- c:\windows\inf\perflib\0404\perfc.dat
2009-08-06 14:54 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-06 14:53 155,890 a------- c:\windows\inf\perflib\0412\perfi.dat
2009-08-06 14:53 155,890 a------- c:\windows\inf\perflib\0412\perfh.dat
2009-08-06 14:53 30,674 a------- c:\windows\inf\perflib\0412\perfd.dat
2009-08-06 14:53 30,674 a------- c:\windows\inf\perflib\0412\perfc.dat
2009-08-06 14:40 109,926 a------- c:\windows\inf\perflib\0804\perfi.dat
2009-08-06 14:40 109,926 a------- c:\windows\inf\perflib\0804\perfh.dat
2009-08-06 14:40 30,674 a------- c:\windows\inf\perflib\0804\perfd.dat
2009-08-06 14:40 30,674 a------- c:\windows\inf\perflib\0804\perfc.dat
2009-08-01 23:07 139,030 a------- c:\windows\system32\perfi011.dat
2009-08-01 23:07 139,030 a------- c:\windows\inf\perflib\0411\perfi.dat
2009-08-01 23:07 139,030 a------- c:\windows\inf\perflib\0411\perfh.dat
2009-08-01 23:07 30,674 a------- c:\windows\system32\perfd011.dat
2009-08-01 23:07 30,674 a------- c:\windows\inf\perflib\0411\perfd.dat
2009-08-01 23:07 30,674 a------- c:\windows\inf\perflib\0411\perfc.dat
2009-08-01 11:38 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-07-31 23:49 0 a---h--- c:\windows\system32\drivers\Msft_User_lgSSBW_01_00_00.Wdf
2009-07-31 23:49 0 a---h--- c:\windows\system32\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
2009-07-31 23:15 319,456 a------- c:\windows\DIFxAPI.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-21 14:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 14:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 14:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 13:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-20 19:22 1,226,272 a------- c:\windows\system32\RtkPgExt.dll
2009-07-20 19:22 52,256 a------- c:\windows\system32\RtkCoInst.dll
2009-07-20 19:21 2,898,464 a------- c:\windows\system32\RtkAPO.dll
2009-07-20 19:21 326,176 a------- c:\windows\system32\RtkApoApi.dll
2009-07-20 19:15 2,664,032 a------- c:\windows\system32\drivers\RTKVHDA.sys
2009-07-17 06:54 71,680 a------- c:\windows\system32\atl.dll
2009-07-15 05:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-15 05:39 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-15 05:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-15 05:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 11:54 10,854,400 a------- c:\windows\system32\nvoglv32.dll
2009-07-14 11:54 9,557,216 a------- c:\windows\system32\drivers\nvlddmkm.sys
2009-07-14 11:54 7,565,824 a------- c:\windows\system32\nvd3dum.dll
2009-07-14 11:54 3,287,040 a------- c:\windows\system32\nvwgf2um.dll
2009-07-14 11:54 2,169,376 a------- c:\windows\system32\nvcuvid.dll
2009-07-14 11:54 1,983,488 a------- c:\windows\system32\nvcuda.dll
2009-07-14 11:54 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-07-14 11:54 1,044,992 a------- c:\windows\system32\nvapi.dll
2009-07-14 11:54 485,920 a------- c:\windows\system32\nvudisp.exe
2009-07-14 11:54 151,552 a------- c:\windows\system32\nvcod157.dll
2009-07-14 11:54 151,552 a------- c:\windows\system32\nvcod.dll
2009-07-14 11:54 4,224 a------- c:\windows\system32\drivers\nvBridge.kmd
2009-07-10 07:01 485,920 a------- c:\windows\system32\nvuninst.exe
2009-07-09 12:16 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-07-09 12:16 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-06-29 12:16 160,256 a------- c:\windows\system32\FMAPO.dll
2009-06-24 10:43 831,488 a------- c:\windows\RtlExUpd.dll
2009-06-15 07:54 175,104 a------- c:\windows\system32\wdigest.dll
2009-06-15 07:53 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 07:53 72,704 a------- c:\windows\system32\secur32.dll
2009-06-15 07:53 270,848 a------- c:\windows\system32\schannel.dll
2009-06-15 07:53 218,624 a------- c:\windows\system32\msv1_0.dll
2009-06-15 07:52 1,259,008 a------- c:\windows\system32\lsasrv.dll
2009-06-15 07:52 23,552 a------- c:\windows\system32\lpk.dll
2009-06-15 07:52 499,712 a------- c:\windows\system32\kerberos.dll
2009-06-15 07:52 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 07:51 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 05:48 9,728 a------- c:\windows\system32\lsass.exe
2009-06-15 05:42 289,792 a------- c:\windows\system32\atmfd.dll
2009-06-10 04:42 160,256 a------- c:\windows\system32\wkssvc.dll
2009-06-10 04:38 91,136 a------- c:\windows\system32\avifil32.dll
2008-01-20 19:41 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 1:11:18.36 ===============

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:38 AM

Posted 04 September 2009 - 04:48 PM

You're all set, shindou. We just need a clean up now...

Good stuff! :thumbup2:

Let's do some housekeeping

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Delete ComboFix and Clean Up
Click Start > Run and type combofix /u click OK (Note the space between combofix and /u)
Posted Image
Please advise if this step is missed for any reason as it performs some important actions.


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

I recommend that you download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  • Double-click the Downloaded installer and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.
    • Click "Hosts" in the menu
    • Click "Manage Updates" in the submenu
    • Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      Posted Image
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Here's some advice on how you can keep your PC clean

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Tutorials on using these programs can be found below:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer


That's it shindou, happy surfing!

Cheers,


m0le
Posted Image
m0le is a proud member of UNITE

#14 Shindou

Shindou
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 04 September 2009 - 08:50 PM

Thanks for the help, that SAS seems a tad annoying, Ad-Aware offers more features for free, but I dislike most any of those, because every time I've had anything to supposedly protect me, it has done nothing but interfere with the normal operation of my computer by scanning/updating when I told it not to, so if I have a problem, I will get them, I get and run such things about once a month, because while I recolonize the usefulness of them, I REFUSE to let something interfere or ask me if it's okay to run a game or connect to a new server, if they made some sort of anti-whateverware that didn't assualt you when you tried to play a game or download something from a new website, then I'd keep that.

What did CF do to fix whatever was screwing me up by the way?

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:38 AM

Posted 05 September 2009 - 05:38 AM

What did CF do to fix whatever was screwing me up by the way?


Combofix removed the Recycler Virus file. See here for Recycler information.

This was the offending entry:

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013


The maker of Combofix doesn't want any details to be discussed on how it actually works though.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users