Potential Trojan

[Player742]

Hello, reposting my issue as requested.

I picked up the problem i believe about 3 months ago in a download which proved faulty. Unfortunately the user on the computer at the time didn't suspect a virus and unfortunately accidently unleashed it into this computer.

It took me a few days before i noticed it. When i tried to remove it, i found my normal antispyware and antivirus scans and cleans were only temporary. I then tried system restore. However, it would only let me restore to or after the date and time i suspect this harmful file was installed.

The harmful file on my computer redirected me (i have no experienced this issue since my reformat) away from search engine links. It also causes intense lag for peroids of up to 20 seconds during online games, every 40-60 seconds. Thus making playing most games impossible. It is this that was the tip off it was still on my computer after reformatting it.

A few days ago i now was able to reformat it. So i decided i would do that. However, after reinstalled a game i found the perioidic lag was still happened. To my horror i found the folder the file had been adding to before was filling up far to quickly for it to be me. This directory is; C:\Users\James\AppData\Local\Temp


Now i am beside myself with frustration and irritation and would greatly appreciate any help i can get. Thank you for your time and patience.





DDS (Ver_09-05-14.01) - NTFSx86
Run by James at 4:44:49.84 on 23/06/2009
Internet Explorer: 7.0.6000.16851
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2047.564 [GMT 1:00]

AV: The Shield Deluxe 2008 *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: The Shield Deluxe 2008 *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
C:\Program Files\Vuze\Azureus.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\James\AppData\Local\Temp\Temp1_gmer[1].zip\gmer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\James\Downloads\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [<NO NAME>]
mRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
mRun: [LiveMonitor] c:\program files\msi\live update 3\LMonitor.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVP] "c:\program files\pcsecurityshield\the shield deluxe 2008\avp.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dualco~1.lnk - c:\program files\msi\dualcorecenter\StartUpDualCoreCenter.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secure~1.lnk - c:\program files\msi\securedoc\Logon.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\pcsecurityshield\the shield deluxe 2008\scieplugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\pcsecu~1\theshi~1\r3hook.dll

============= SERVICES / DRIVERS ===============

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2007-1-25 20760]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-6-22 234888]

=============== Created Last 30 ================

2009-06-22 03:24 <DIR> --d----- c:\windows\system32\directx
2009-06-22 01:45 105,395 a------- c:\windows\system32\drivers\klin.dat
2009-06-22 01:45 94,643 a------- c:\windows\system32\drivers\klick.dat
2009-06-22 01:44 <DIR> --d----- c:\programdata\PCSecurityShield
2009-06-22 01:44 <DIR> --d----- c:\progra~2\PCSecurityShield
2009-06-22 01:44 <DIR> --d----- c:\program files\PCSecurityShield
2009-06-22 01:44 2,300 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-06-22 01:44 2,793,760 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-06-22 01:38 <DIR> --d----- c:\programdata\Azureus
2009-06-22 01:38 <DIR> --d----- c:\progra~2\Azureus
2009-06-22 01:38 <DIR> --d----- c:\users\james\appdata\roaming\Azureus
2009-06-22 01:38 <DIR> --d----- c:\program files\AskBarDis
2009-06-22 01:36 <DIR> --d----- c:\program files\Vuze
2009-06-22 01:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-22 01:20 <DIR> --d----- c:\programdata\TEMP
2009-06-21 12:35 48 a---h--- c:\windows\system32\ezsidmv.dat
2009-06-21 12:30 <DIR> --d--r-- c:\program files\Skype
2009-06-21 12:30 <DIR> --d----- c:\programdata\Skype
2009-06-21 03:36 509,448 a------- c:\windows\system32\XAudio2_2.dll
2009-06-21 03:35 120,328 a------- c:\windows\dxsdkuninst.exe
2009-06-21 03:35 <DIR> --d----- c:\program files\Microsoft DirectX SDK (August 2008)
2009-06-21 03:10 1,233,408 a------- c:\windows\system32\lsasrv.dll
2009-06-21 03:10 72,704 a------- c:\windows\system32\secur32.dll
2009-06-21 03:10 7,680 a------- c:\windows\system32\lsass.exe
2009-06-21 03:10 25,600 a------- c:\windows\system32\amxread.dll
2009-06-21 03:10 14,848 a------- c:\windows\system32\apilogen.dll
2009-06-21 03:09 441,856 a------- c:\windows\system32\win32spl.dll
2009-06-21 03:09 37,376 a------- c:\windows\system32\printcom.dll
2009-06-21 03:09 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-06-21 03:09 14,848 a------- c:\windows\system32\wshrm.dll
2009-06-21 03:09 11,776 a------- c:\windows\system32\sbunattend.exe
2009-06-21 03:09 290,304 a------- c:\windows\system32\drivers\srv.sys
2009-06-21 03:09 83,968 a------- c:\windows\system32\dnsrslvr.dll
2009-06-21 03:09 24,576 a------- c:\windows\system32\dnscacheugc.exe
2009-06-21 03:08 269,824 a------- c:\windows\system32\schannel.dll
2009-06-21 00:41 <DIR> --d----- c:\users\james\logs
2009-06-21 00:17 <DIR> --d----- C:\Warhammer Online - Age of Reckoning
2009-06-21 00:07 356,352 a------- c:\windows\system32\nvuninst.exe
2009-06-21 00:07 356,352 a------- c:\windows\system32\nvudisp.exe
2009-06-21 00:07 6,335 a------- c:\windows\system32\nvdisp.nvu
2009-06-21 00:04 <DIR> --d----- c:\programdata\NVIDIA
2009-06-20 23:32 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-06-20 23:32 272,896 a------- c:\windows\system32\polstore.dll
2009-06-20 23:32 61,440 a------- c:\windows\system32\winipsec.dll
2009-06-20 23:32 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-06-20 23:30 1,244,672 a------- c:\windows\system32\mcmde.dll
2009-06-20 23:30 428,032 a------- c:\windows\system32\EncDec.dll
2009-06-20 23:30 292,352 a------- c:\windows\system32\psisdecd.dll
2009-06-20 23:30 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-20 23:30 177,152 a------- c:\windows\system32\mpg2splt.ax
2009-06-20 23:30 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-20 23:30 68,608 a------- c:\windows\system32\Mpeg2Data.ax
2009-06-20 23:30 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-06-20 23:29 205,824 a------- c:\windows\system32\msoeacct.dll
2009-06-20 23:29 87,040 a------- c:\windows\system32\msoert2.dll
2009-06-20 23:29 39,424 a------- c:\windows\system32\ACCTRES.dll
2009-06-20 23:27 2,028,032 a------- c:\windows\system32\win32k.sys
2009-06-20 23:27 376,320 a------- c:\windows\system32\winsrv.dll
2009-06-20 23:27 49,664 a------- c:\windows\system32\csrsrv.dll
2009-06-20 23:25 376,832 a------- c:\windows\system32\winhttp.dll
2009-06-20 23:24 297,472 a------- c:\windows\system32\gdi32.dll
2009-06-20 23:23 1,060,920 a------- c:\windows\system32\drivers\ntfs.sys
2009-06-20 23:23 41,984 a------- c:\windows\system32\drivers\monitor.sys
2009-06-20 23:22 211,456 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-06-20 23:22 374,456 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-06-20 23:21 500,736 a------- c:\windows\system32\msdtcprx.dll
2009-06-20 23:21 30,208 a------- c:\windows\system32\xolehlp.dll
2009-06-20 23:21 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-06-20 23:21 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-06-20 23:21 1,687,040 a------- c:\windows\system32\gameux.dll
2009-06-20 23:20 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-06-20 23:20 1,194,496 a------- c:\windows\system32\msxml3.dll
2009-06-20 23:20 2,048 a------- c:\windows\system32\msxml3r.dll
2009-06-20 23:19 414,208 a------- c:\windows\system32\msscp.dll
2009-06-20 23:18 356,864 a------- c:\windows\system32\MediaMetadataHandler.dll
2009-06-20 23:18 396,800 a------- c:\windows\system32\MPSSVC.dll
2009-06-20 23:18 392,192 a------- c:\windows\system32\FirewallAPI.dll
2009-06-20 23:18 63,488 a------- c:\windows\system32\drivers\mpsdrv.sys
2009-06-20 23:18 178,688 a------- c:\windows\system32\iphlpsvc.dll
2009-06-20 23:18 86,016 a------- c:\windows\system32\icfupgd.dll
2009-06-20 23:18 61,952 a------- c:\windows\system32\cmifw.dll
2009-06-20 23:18 23,040 a------- c:\windows\system32\drivers\tunnel.sys
2009-06-20 23:18 16,896 a------- c:\windows\system32\wfapigp.dll
2009-06-20 23:18 15,360 a------- c:\windows\system32\drivers\TUNMP.SYS
2009-06-20 23:17 2,048 a------- c:\windows\system32\tzres.dll
2009-06-20 23:16 8,147,968 a------- c:\windows\system32\wmploc.DLL
2009-06-20 23:16 7,680 a------- c:\windows\system32\spwmp.dll
2009-06-20 23:16 4,096 a------- c:\windows\system32\dxmasf.dll
2009-06-20 23:16 4,096 a------- c:\windows\system32\msdxm.ocx
2009-06-20 23:14 696,832 a------- c:\windows\system32\localspl.dll
2009-06-20 23:12 109,624 a------- c:\windows\system32\drivers\ataport.sys
2009-06-20 23:12 45,112 a------- c:\windows\system32\drivers\pciidex.sys
2009-06-20 23:12 21,560 a------- c:\windows\system32\drivers\atapi.sys
2009-06-20 23:12 15,928 a------- c:\windows\system32\drivers\pciide.sys
2009-06-20 23:12 211,000 a------- c:\windows\system32\drivers\volsnap.sys
2009-06-20 23:12 154,624 a------- c:\windows\system32\drivers\nwifi.sys
2009-06-20 23:12 104,448 a------- c:\windows\system32\DWWIN.EXE
2009-06-20 23:11 2,923,520 a------- c:\windows\explorer.exe
2009-06-20 23:09 803,328 a------- c:\windows\system32\drivers\tcpip.sys
2009-06-20 23:09 216,632 a------- c:\windows\system32\drivers\netio.sys
2009-06-20 23:09 167,424 a------- c:\windows\system32\tcpipcfg.dll
2009-06-20 23:09 24,064 a------- c:\windows\system32\netcfg.exe
2009-06-20 23:09 22,016 a------- c:\windows\system32\netiougc.exe
2009-06-20 23:06 1,585,664 a------- c:\windows\system32\setupapi.dll
2009-06-20 23:04 549,888 a------- c:\windows\system32\rpcss.dll
2009-06-20 23:04 3,503,584 a------- c:\windows\system32\ntkrnlpa.exe
2009-06-20 23:04 3,469,280 a------- c:\windows\system32\ntoskrnl.exe
2009-06-20 23:04 654,336 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-06-20 23:04 247,296 a------- c:\windows\system32\wbem\WmiPrvSE.exe
2009-06-20 23:04 130,560 a------- c:\windows\system32\wbem\WmiDcPrv.dll
2009-06-20 23:04 24,576 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-06-20 23:04 614,912 a------- c:\windows\system32\wbem\fastprox.dll
2009-06-20 23:04 501,760 a------- c:\windows\system32\wbem\WmiPrvSD.dll
2009-06-20 23:04 158,720 a------- c:\windows\system32\sdohlp.dll
2009-06-20 23:04 97,280 a------- c:\windows\system32\iasrecst.dll
2009-06-20 23:04 53,248 a------- c:\windows\system32\iasads.dll
2009-06-20 23:04 37,888 a------- c:\windows\system32\iasdatastore.dll
2009-06-20 23:03 9,728 a------- c:\windows\system32\LAPRXY.DLL
2009-06-20 23:03 223,232 a------- c:\windows\system32\WMASF.DLL
2009-06-20 23:03 2,048 a------- c:\windows\system32\asferror.dll
2009-06-20 22:57 19,136,512 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-06-20 22:57 196,608 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-06-20 22:57 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-06-20 22:56 96,760 a------- c:\windows\system32\dfshim.dll
2009-06-20 22:56 41,984 a------- c:\windows\system32\netfxperf.dll
2009-06-20 22:56 282,112 a------- c:\windows\system32\mscoree.dll
2009-06-20 22:56 158,720 a------- c:\windows\system32\mscorier.dll
2009-06-20 22:56 83,968 a------- c:\windows\system32\mscories.dll
2009-06-20 22:52 2,855,424 a------- c:\windows\system32\mf.dll
2009-06-20 22:52 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-06-20 22:52 98,816 a------- c:\windows\system32\mfps.dll
2009-06-20 22:52 94,720 a------- c:\windows\system32\logagent.exe
2009-06-20 22:52 52,736 a------- c:\windows\system32\rrinstaller.exe
2009-06-20 22:52 24,576 a------- c:\windows\system32\mfpmp.exe
2009-06-20 22:52 2,048 a------- c:\windows\system32\mferror.dll
2009-06-20 22:52 101,888 a------- c:\windows\system32\drivers\mrxsmb.sys
2009-06-20 22:52 84,992 a------- c:\windows\system32\drivers\srvnet.sys
2009-06-20 22:52 58,368 a------- c:\windows\system32\drivers\mrxsmb20.sys
2009-06-20 22:52 130,048 a------- c:\windows\system32\drivers\srv2.sys
2009-06-20 22:51 737,792 a------- c:\windows\system32\inetcomm.dll
2009-06-20 22:51 84,480 a------- c:\windows\system32\INETRES.dll
2009-06-20 22:51 1,645,568 a------- c:\windows\system32\connect.dll
2009-06-20 22:51 152,576 a------- c:\windows\system32\imagehlp.dll
2009-06-20 22:51 12,800 a------- c:\windows\system32\drivers\fs_rec.sys
2009-06-20 22:51 5,120 a------- c:\windows\system32\wmi.dll
2009-06-20 22:50 788,992 a------- c:\windows\system32\rpcrt4.dll
2009-06-20 22:50 1,327,104 a------- c:\windows\system32\quartz.dll
2009-06-20 22:50 974,336 a------- c:\windows\system32\crypt32.dll
2009-06-20 22:50 99,840 a------- c:\windows\system32\poqexec.exe
2009-06-20 22:48 1,341,440 a------- c:\windows\system32\msxml6.dll
2009-06-20 22:48 2,048 a------- c:\windows\system32\msxml6r.dll
2009-06-20 22:48 750,080 a------- c:\windows\system32\qmgr.dll
2009-06-20 22:34 315,392 a------- c:\windows\HideWin.exe
2009-06-20 22:11 <DIR> --dsh--- c:\users\james\appdata\roaming\.#
2009-06-20 21:41 1,060,864 a------- c:\windows\MFC71.dll
2009-06-20 21:41 499,712 a------- c:\windows\msvcp71.dll
2009-06-20 21:41 421,888 a------- c:\windows\nvsulib.dll
2009-06-20 21:41 348,160 a------- c:\windows\msvcr71.dll
2009-06-20 21:41 53,248 a------- c:\windows\Nvgpio.dll
2009-06-20 21:41 45,056 a------- c:\windows\NTuneGpu.dll
2009-06-20 21:41 18,216 a------- c:\windows\nvoclk64.sys
2009-06-20 21:36 190,976 a------- c:\windows\system32\fdco1ins.dll
2009-06-20 21:36 190,976 a------- c:\windows\system32\fdco1.dll
2009-06-20 21:36 58,112 a------- c:\windows\system32\drivers\NVENETFD.sys
2009-06-20 21:31 <DIR> --d----- c:\programdata\Adobe
2009-06-20 21:29 <DIR> --d----- c:\windows\Cache
2009-06-20 21:28 18,359 a------- c:\windows\system32\Ntaccess.sys
2009-06-20 21:28 13,368 a------- c:\windows\system32\FlashVxd.vxd
2009-06-20 21:28 6,702 a------- c:\windows\system32\drivers\FlashSys.sys
2009-06-20 21:28 45,056 a------- c:\windows\system32\SUSBKey.dll
2009-06-20 21:28 45,056 a------- c:\windows\system32\ginamsi.dll
2009-06-20 21:27 <DIR> --d----- c:\program files\MSI
2009-06-20 21:27 327,168 a------- c:\windows\IsUninst.exe
2009-06-20 21:23 <DIR> --d----- c:\program files\NVIDIA Corporation
2009-06-20 21:22 <DIR> --dsh--- c:\windows\Installer
2009-06-20 21:06 289,792 a------- c:\windows\system32\idecoiins.dll
2009-06-20 21:06 289,792 a------- c:\windows\system32\idecoi.dll
2009-06-20 21:06 100,736 a------- c:\windows\system32\drivers\nvata.sys
2009-06-20 21:06 35,840 a------- c:\windows\system32\NVCOI.DLL
2009-06-20 21:05 1,548 a----r-- c:\windows\system32\drivers\nvphy.bin
2009-06-20 21:04 895,360 a------- c:\windows\system32\drivers\nvnrm.sys
2009-06-20 21:04 261,632 a------- c:\windows\system32\drivers\nvsnpu.sys
2009-06-20 21:04 110,592 a------- c:\windows\system32\drivers\nvtcp.sys
2009-06-20 21:04 35,840 a------- c:\windows\system32\nvconrm.dll
2009-06-20 21:04 19,968 a------- c:\windows\system32\drivers\nvnetbus.sys
2009-06-20 21:04 8,704 a------- c:\windows\system32\bdco1ins.dll
2009-06-20 21:04 8,704 a------- c:\windows\system32\bdco1.dll
2009-06-20 20:57 <DIR> --d----- c:\windows\system32\RTCOM
2009-06-20 20:50 100,648 a------- c:\windows\system32\drivers\nvstor32.sys
2009-06-20 20:49 358,912 a------- c:\windows\system32\nvraiins.dll
2009-06-20 20:49 358,912 a------- c:\windows\system32\nvraidco.dll
2009-06-20 20:49 3,903 a------- c:\windows\system32\nvnrm.nvu
2009-06-20 20:47 1,032,104 a------- c:\windows\system32\drivers\nvmfdx32.sys
2009-06-20 20:47 1,864 a----r-- c:\windows\system32\nvsmb.nvu
2009-06-20 20:47 356,352 a------- c:\windows\system32\nvusmb.exe
2009-06-20 20:43 <DIR> --d----- c:\users\James
2009-06-20 20:42 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-06-20 20:42 83,456 a------- c:\windows\system32\wudriver.dll
2009-06-20 20:41 162,064 a------- c:\windows\system32\wuwebv.dll
2009-06-20 20:41 31,232 a------- c:\windows\system32\wuapp.exe

==================== Find3M ====================

2009-06-22 01:44 86,016 a------- c:\windows\inf\infstrng.dat
2009-06-22 01:44 86,016 a------- c:\windows\inf\infstor.dat
2009-06-22 01:44 51,200 a------- c:\windows\inf\infpub.dat
2009-06-21 03:10 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-06-21 00:03 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-21 00:02 174 a--sh--- c:\program files\desktop.ini
2009-06-20 23:28 704,000 a------- c:\windows\system32\PhotoScreensaver.scr
2009-06-20 23:28 356,352 a------- c:\windows\system32\wbem\wbemcomn.dll
2009-06-20 23:28 258,232 a------- c:\windows\system32\drivers\acpi.sys
2009-06-20 23:28 24,064 a------- c:\windows\system32\wtsapi32.dll
2009-06-20 23:28 542,720 a------- c:\windows\system32\sysmain.dll
2009-06-20 23:28 502,784 a------- c:\windows\system32\wlansvc.dll
2009-06-20 23:28 297,984 a------- c:\windows\system32\wlansec.dll
2009-06-20 23:28 290,816 a------- c:\windows\system32\wlanmsm.dll
2009-06-20 23:28 67,584 a------- c:\windows\system32\wlanhlp.dll
2009-06-20 23:28 47,104 a------- c:\windows\system32\wlanapi.dll
2009-06-20 23:28 194,560 a------- c:\windows\system32\WebClnt.dll
2009-06-20 23:28 110,080 a------- c:\windows\system32\drivers\mrxdav.sys
2009-06-20 23:21 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-06-20 23:21 2,144,256 a------- c:\windows\apppatch\AcGenral.dll
2009-06-20 23:21 537,600 a------- c:\windows\apppatch\AcLayers.dll
2009-06-20 23:21 449,536 a------- c:\windows\apppatch\AcSpecfc.dll
2009-06-20 23:21 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-06-20 23:06 944,184 a------- c:\windows\system32\winload.exe
2009-06-20 22:49 827,392 a------- c:\windows\system32\wininet.dll
2009-06-20 22:49 72,704 a------- c:\windows\system32\admparse.dll
2009-06-20 22:49 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-06-20 22:49 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-20 22:49 48,128 a------- c:\windows\system32\mshtmler.dll
2009-06-20 22:49 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-06-20 22:49 56,320 a------- c:\windows\system32\iesetup.dll
2009-06-20 22:49 633,856 a------- c:\windows\system32\user32.dll
2009-06-20 22:35 319,456 a------- c:\windows\DIFxAPI.dll
2009-03-28 00:03 1,560,576 a------- c:\windows\system32\nvcuda.dll
2009-03-28 00:03 1,347,584 a------- c:\windows\system32\nvsvsr.dll
2009-03-28 00:03 1,277,952 a------- c:\windows\system32\nvsvs.dll
2009-03-28 00:03 1,108,512 a------- c:\windows\system32\nvCplUIR.dll
2009-03-28 00:03 958,464 a------- c:\windows\system32\nvsvcr.dll
2009-03-28 00:03 801,312 a------- c:\windows\system32\nvCplUI.exe
2009-03-28 00:03 401,408 a------- c:\windows\system32\nvcuvid.dll
2009-03-28 00:03 207,392 a------- c:\windows\system32\nvvsvc.exe
2009-03-28 00:03 139,264 a------- c:\windows\system32\nvcod141.dll
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 4:45:59.56 ===============

[Player742]

Alright it's been 3 days. Bump

[Player742]

Another 72 hours have passed.

[TheBruce1]

Hello

Apologises for the delay getting to your log. The helpers here are all volunteers and we have been very busy lately. If you are still having malware problems, follow instructions below.


Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear.

Please DO NOT Attach logs to your posts unless you are advised to do so.

=========

Quote:

This directory is; C:\Users\James\AppData\Local\Temp

This is a temporary directory and is most likely used by the game you are playing, temp files are used by many applications and they generally remove those files when they are no longer being used.
http://en.wikipedia.org/wiki/Temporary_folder

==========

Click Start> Control Panel>Programs>Program and Features and uninstall the following programs:

Ask Toolbar<---See Here for more information
Ad-Aware 2007<---Out of date, it is now called Ad-Aware Free - Anniversary Edition
Browser Address Error Redirector<---Pre-loaded on Dell/HP machines. This application redirects 404 errors within IE to a customised Google page for the manufacturer.
Apart from being Crapware (unwanted) it could also be a security risk as it's an IE Browser Helper Opject.
LiveUpdate 3.2 (Symantec Corporation)<---As you no longer have Symantec/Norton products installed, best to remove
Viewpoint Media Player<---Viewpoint is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

Additional Information Here
Win-Touch.com<---See Here for more information

========

Quote:

AV: The Shield Deluxe 2008 *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: The Shield Deluxe 2008 *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

It seems you have The Shield Deluxe 2008 for your protection, there are many debates around this company, they were once listed on the rogue antispyware list.
http://www.siteadvisor.com/sites/pcsecurityshield.com
http://www.mywot.com/en/scorecard/pcsecurityshield.com

I can recommend some good free alternatives if you wish to pursue that avenue.

========

JAVA OUTDATED


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
• Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 14. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
• Click the "Download" button to the right.
• Select the Windows platform from the dropdown menu.
• Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

=========

Download ATF-Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you have Firefox installed:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you have Opera installed:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

==========

ESET Online Scanner
Go here to run an online scannner from ESET.

• Note: You will need to use Internet explorer for this scan
• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
• Copy and paste that log as a reply to this topic and also let me know how things are now.

=======
Logs Required
C:\Program Files\Eset\Eset Online Scanner\log.txt

An update on how your system is running.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

[Player742]

I have done as much of what you asked as i can however some of those programs i could not find to remove.

My problem remains, the scans appears to have found nothing.

[TheBruce1]

Quote:

A few days ago i now was able to reformat it. So i decided i would do that. However, after reinstalled a game i found the perioidic lag was still happened.

My guess is the problem lies with the game(s) you are playing.

Your issues do not appear to be malware related. As our focus in this section is malware removal, you would be better served discussing your issues in the Gaming Forum. Please let them know you've been cleared by the Virus/Trojan/Spyware Help section.

[TheBruce1]

As this topic is resolved, this thread is closed.