Jump to content


Photo

Internet performance low


  • This topic is locked This topic is locked
17 replies to this topic

#1 TMA_Cool

TMA_Cool

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 26 April 2009 - 09:43 AM

Hello, well for the past two weeks my comp´s internet connection been kinda slow. I also been having problems with youtube, i click sign in and it doesnt load. It all started on the same day i used CCleaner, though it never happened before.

Thanks.

Edited by TMA_Cool, 26 April 2009 - 09:47 AM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,533 posts

Posted 28 April 2009 - 10:09 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 29 April 2009 - 08:11 AM

Hi,

Help us help you.

Please read this article and follow the protocol.
http://spywareinfofo...showtopic=23382
Then submit a fresh HijackThis log. It's the only way we can give you sound advice.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 TMA_Cool

TMA_Cool

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 29 April 2009 - 10:15 AM

Adaware and spybot found nothing.
TrojanHunter only 1 trojan but it didnt remove it because i need to buy it.
Heres the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13:51, on 29/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe
C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Archivos de programa\Windows Defender\MSASCui.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
C:\Archivos de programa\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\ARCHIV~1\SPEEDB~1\VideoAcceleratorService.exe
C:\ARCHIV~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Archivos de programa\Windows Live\Contacts\wlcomm.exe
C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
C:\Archivos de programa\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MBBalloon] C:\Archivos de programa\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Archivos de programa\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Archivos de programa\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [StartCCC] "C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Archivos de programa\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Archivos de programa\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co.../sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.7.109.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1203121018281
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1213217223171
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Freenet 0.7 darknet-8888 (freenet-darknet-8888) - Unknown owner - C:\Archivos de programa\Freenet\bin\wrapper-windows-x86-32.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9c06a529fa892) (gupdate1c9c06a529fa892) - Google Inc. - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARCHIV~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 9603 bytes

#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 30 April 2009 - 06:43 AM

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Nothing suspicious was found on your log.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Look at this tutorial if assistance is needed.
http://www.bleepingc...opic131299.html
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 TMA_Cool

TMA_Cool

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 02 May 2009 - 07:22 PM

SDFix: Version 1.240
Run by Cristian on 02/05/2009 at 20:24

Microsoft Windows XP [Versi¢n 5.1.2600]
Running From: C:\Nueva carpeta\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-02 20:43:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:bb,56,30,33,42,37,45,2d,72,12,e5,fc,c6,cb,4b,8a,46,43,12,2c,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:dd,ed,a5,09,14,8b,3e,eb,d6,90,25,6b,c0,28,98,5a,fe,e6,e9,32,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3c,18,8a,d7,c7,f1,e9,5e,57,48,8a,76,56,3b,5d,dc,42,b5,a6,c4,47,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Archivos de programa\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:df,69,8f,2d,01,87,e5,77,72,8a,05,8f,86,5c,62,f9,91,7f,cd,04,60,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4c,91,2e,17,fd,3d,e1,5b,6c,6b,14,5a,50,e2,fa,33,42,..
"khjeh"=hex:ae,50,ba,be,25,41,02,f0,46,84,51,45,3d,e4,98,4a,fd,15,96,63,96,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2f,81,71,62,8a,e7,a3,e3,eb,e4,4e,47,72,c5,32,16,63,2e,30,15,27,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:bb,56,30,33,42,37,45,2d,72,12,e5,fc,c6,cb,4b,8a,46,43,12,2c,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:dd,ed,a5,09,14,8b,3e,eb,d6,90,25,6b,c0,28,98,5a,fe,e6,e9,32,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3c,18,8a,d7,c7,f1,e9,5e,57,48,8a,76,56,3b,5d,dc,42,b5,a6,c4,47,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Archivos de programa\\Microsoft Games\\Flight Simulator 9\\fs9.exe"="C:\\Archivos de programa\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Archivos de programa\\uTorrent\\uTorrent.exe"="C:\\Archivos de programa\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Archivos de programa\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Archivos de programa\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"C:\\Archivos de programa\\Xfire\\xfire.exe"="C:\\Archivos de programa\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Archivos de programa\\Paradox Interactive\\Doomsday\\Hoi2.exe"="C:\\Archivos de programa\\Paradox Interactive\\Doomsday\\Hoi2.exe:*:Enabled:Hearts of Iron 2"
"C:\\Archivos de programa\\Java\\jre1.5.0_16\\bin\\javaw.exe"="C:\\Archivos de programa\\Java\\jre1.5.0_16\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Archivos de programa\\Hamachi\\hamachi.exe"="C:\\Archivos de programa\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\Archivos de programa\\THQ\\Company of Heroes\\RelicCOH.exe"="C:\\Archivos de programa\\THQ\\Company of Heroes\\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts"
"C:\\Archivos de programa\\mIRC\\mirc.exe"="C:\\Archivos de programa\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Archivos de programa\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="C:\\Archivos de programa\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:BF2142"
"C:\\Archivos de programa\\Internet Explorer\\iexplore.exe"="C:\\Archivos de programa\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Archivos de programa\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.0.game"="C:\\Archivos de programa\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.0.game:*:Disabled:Command & ConquerT Red AlertT 3"
"C:\\Archivos de programa\\Steam\\Steam.exe"="C:\\Archivos de programa\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Archivos de programa\\Mozilla Firefox\\firefox.exe"="C:\\Archivos de programa\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Archivos de programa\\Steam\\steamapps\\common\\left 4 dead\\hl2.exe"="C:\\Archivos de programa\\Steam\\steamapps\\common\\left 4 dead\\hl2.exe:*:Enabled:hl2"
"C:\\Archivos de programa\\CCP\\EVE\\bin\\ExeFile.exe"="C:\\Archivos de programa\\CCP\\EVE\\bin\\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\\Documents and Settings\\Cristian\\Configuraci¢n local\\temp\\WZS1501.tmp\\Homeworld.exe"="C:\\Documents and Settings\\Cristian\\Configuraci¢n local\\temp\\WZS1501.tmp\\Homeworld.exe:*:Enabled:Homeworld"
"C:\\Archivos de programa\\Activision\\Star Trek - Armada\\Armada.exe"="C:\\Archivos de programa\\Activision\\Star Trek - Armada\\Armada.exe:*:Enabled:Star Trek: Armada"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Archivos de programa\\VRC\\VRC.exe"="C:\\Archivos de programa\\VRC\\VRC.exe:*:Enabled:VRC"
"C:\\Archivos de programa\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"="C:\\Archivos de programa\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"C:\\Archivos de programa\\CRS\\Battleground Europe\\WW2_sse2.exe"="C:\\Archivos de programa\\CRS\\Battleground Europe\\WW2_sse2.exe:*:Enabled:WW2"
"C:\\Archivos de programa\\wormsarm\\WA.exe"="C:\\Archivos de programa\\wormsarm\\WA.exe:*:Enabled:Worms Armageddon"
"C:\\Archivos de programa\\Strategy First\\Europa Universalis 2\\EU2.exe"="C:\\Archivos de programa\\Strategy First\\Europa Universalis 2\\EU2.exe:*:Enabled:Europa Universalis II"
"C:\\Archivos de programa\\Ubisoft\\IL-2 Sturmovik 1946\\il2fb.exe"="C:\\Archivos de programa\\Ubisoft\\IL-2 Sturmovik 1946\\il2fb.exe:*:Enabled:il2fb"
"C:\\Archivos de programa\\Europa Universalis 2\\EU2.exe"="C:\\Archivos de programa\\Europa Universalis 2\\EU2.exe:*:Enabled:Europa Universalis II"
"C:\\Archivos de programa\\Steam\\steamapps\\zarco782\\garrysmod\\hl2.exe"="C:\\Archivos de programa\\Steam\\steamapps\\zarco782\\garrysmod\\hl2.exe:*:Enabled:hl2"
"C:\\Documents and Settings\\Cristian\\Mis documentos\\Downloads\\Europa Universalis III\\Europa Universalis III\\eu3game.exe"="C:\\Documents and Settings\\Cristian\\Mis documentos\\Downloads\\Europa Universalis III\\Europa Universalis III\\eu3game.exe:*:Enabled:eu3game"
"C:\\Archivos de programa\\Electronic Arts\\Battlefield 2142\\FirstStrike.exe"="C:\\Archivos de programa\\Electronic Arts\\Battlefield 2142\\FirstStrike.exe:*:Enabled:FirstStrike"
"C:\\Archivos de programa\\DreaMule\\emule.exe"="C:\\Archivos de programa\\DreaMule\\emule.exe:*:Enabled:Dreamule"
"C:\\Documents and Settings\\Cristian\\Configuraci¢n local\\Datos de programa\\Dyyno Receiver\\DPPM.exe"="C:\\Documents and Settings\\Cristian\\Configuraci¢n local\\Datos de programa\\Dyyno Receiver\\DPPM.exe:*:Enabled:dppmmain Application"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Uso compartido de aplicaciones RTC"
"C:\\Archivos de programa\\Messenger\\msmsgs.exe"="C:\\Archivos de programa\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Archivos de programa\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"="C:\\Archivos de programa\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\\Games\\FreeSpace2Demo\\FS2Demo.exe"="C:\\Games\\FreeSpace2Demo\\FS2Demo.exe:*:Enabled:FreeSpace"
"C:\\Archivos de programa\\PaleStar\\DarkSpace\\.Cache\\DarkSpace\\LocalServer.exe"="C:\\Archivos de programa\\PaleStar\\DarkSpace\\.Cache\\DarkSpace\\LocalServer.exe:*:Enabled:LocalServer"
"C:\\Archivos de programa\\PaleStar\\DarkSpace\\.Cache\\DarkSpace\\Client.exe"="C:\\Archivos de programa\\PaleStar\\DarkSpace\\.Cache\\DarkSpace\\Client.exe:*:Enabled:Client"
"C:\\Archivos de programa\\PaleStar\\DarkSpace\\.Cache\\DarkSpace\\BugReport.exe"="C:\\Archivos de programa\\PaleStar\\DarkSpace\\.Cache\\DarkSpace\\BugReport.exe:*:Enabled:BugReport"
"C:\\Games\\FreeSpace2\\fs2_open_3_6_10.exe"="C:\\Games\\FreeSpace2\\fs2_open_3_6_10.exe:*:Enabled:FreeSpace"
"C:\\Games\\FreeSpace2\\fs2_open_3_6_9.exe"="C:\\Games\\FreeSpace2\\fs2_open_3_6_9.exe:*:Enabled:FreeSpace"
"C:\\Seven Kingdoms II\\7k2.exe"="C:\\Seven Kingdoms II\\7k2.exe:*:Enabled:7k2"
"C:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Archivos de programa\\SpeedBit Video Accelerator\\VideoAccelerator.exe"="C:\\Archivos de programa\\SpeedBit Video Accelerator\\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"C:\\Archivos de programa\\Doomsday\\Hoi2.exe"="C:\\Archivos de programa\\Doomsday\\Hoi2.exe:*:Enabled:Hearts of Iron 2"
"C:\\Archivos de programa\\Ares\\Ares.exe"="C:\\Archivos de programa\\Ares\\Ares.exe:*:Enabled:Ares.exe"
"C:\\Archivos de programa\\Widelands\\widelands.exe"="C:\\Archivos de programa\\Widelands\\widelands.exe:*:Enabled:Widelands - realtime strategy game"
"C:\\Archivos de programa\\Java\\jre6\\bin\\java.exe"="C:\\Archivos de programa\\Java\\jre6\\bin\\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"="C:\\Archivos de programa\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Archivos de programa\\iTunes\\iTunes.exe"="C:\\Archivos de programa\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Archivos de programa\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"="C:\\Archivos de programa\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

Remaining Files :



Files with Hidden Attributes :

Mon 13 Apr 2009 9,934,392 A..H. --- "C:\Archivos de programa\Google\Picasa3\setup.exe"
Wed 23 Apr 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 15 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 24 Aug 2008 826,880 ...H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\~WRL0005.tmp"
Sun 24 Aug 2008 897,024 ...H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\~WRL2669.tmp"
Sat 21 Apr 2007 30,720 A..H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\Pen drive\Edificio Conesa\~WRL0664.tmp"
Sat 21 Apr 2007 32,768 A..H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\Pen drive\Edificio Conesa\~WRL0840.tmp"
Tue 17 Apr 2007 30,720 A..H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\Pen drive\Edificio Conesa\~WRL2565.tmp"
Sat 21 Apr 2007 56,320 A..H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\Pen drive\Edificio Conesa\EC\~WRL0490.tmp"
Sat 21 Apr 2007 61,440 A..H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\Pen drive\Edificio Conesa\EC\~WRL1587.tmp"
Sat 21 Apr 2007 88,576 A..H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\Pen drive\Edificio Conesa\EC\~WRL2851.tmp"
Fri 3 Mar 2006 31,232 A..H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\Pen drive\2\Escritos Varios\C.V\~WRL3136.tmp"
Thu 13 Jan 2005 36,864 A..H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\Pen drive\2\IGJ\RG 2004\~WRL1943.tmp"
Thu 5 Mar 2009 76,800 A..H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\Pen drive\Lending Project\EG\Condiciones de Uso\~WRL0005.tmp"
Fri 6 Mar 2009 81,920 A..H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\Pen drive\Lending Project\EG\Condiciones de Uso\~WRL0200.tmp"
Fri 6 Mar 2009 82,432 A..H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\Pen drive\Lending Project\EG\Condiciones de Uso\~WRL0294.tmp"
Fri 6 Mar 2009 81,408 A..H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\Pen drive\Lending Project\EG\Condiciones de Uso\~WRL0346.tmp"
Fri 6 Mar 2009 77,824 A..H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\Pen drive\Lending Project\EG\Condiciones de Uso\~WRL0892.tmp"
Fri 6 Mar 2009 79,872 A..H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\Pen drive\Lending Project\EG\Condiciones de Uso\~WRL0987.tmp"
Fri 6 Mar 2009 77,824 A..H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\Pen drive\Lending Project\EG\Condiciones de Uso\~WRL1128.tmp"
Fri 6 Mar 2009 78,336 A..H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\Pen drive\Lending Project\EG\Condiciones de Uso\~WRL1316.tmp"
Fri 6 Mar 2009 79,872 A..H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\Pen drive\Lending Project\EG\Condiciones de Uso\~WRL1406.tmp"
Fri 6 Mar 2009 81,408 A..H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\Pen drive\Lending Project\EG\Condiciones de Uso\~WRL2329.tmp"
Fri 6 Mar 2009 77,824 A..H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\Pen drive\Lending Project\EG\Condiciones de Uso\~WRL2765.tmp"
Fri 6 Mar 2009 82,432 A..H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\Pen drive\Lending Project\EG\Condiciones de Uso\~WRL2959.tmp"
Fri 6 Mar 2009 78,336 A..H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\Pen drive\Lending Project\EG\Condiciones de Uso\~WRL3284.tmp"
Fri 6 Mar 2009 78,848 A..H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\Pen drive\Lending Project\EG\Condiciones de Uso\~WRL3340.tmp"
Fri 6 Mar 2009 78,336 A..H. --- "C:\Documents and Settings\Cristian\Mis documentos\Sebastian\Pen drive\Lending Project\EG\Condiciones de Uso\~WRL3352.tmp"

Finished!





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:39, on 02/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Google\Update\GoogleUpdate.exe
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe
C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Archivos de programa\Windows Defender\MSASCui.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\ARCHIV~1\SPEEDB~1\VideoAcceleratorService.exe
C:\ARCHIV~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Windows Live\Contacts\wlcomm.exe
C:\Archivos de programa\Xfire\xfire.exe
C:\Archivos de programa\Google\Update\GoogleUpdate.exe
C:\HJT\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MBBalloon] C:\Archivos de programa\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Archivos de programa\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Archivos de programa\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [StartCCC] "C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co.../sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.7.109.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1203121018281
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1213217223171
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Freenet 0.7 darknet-8888 (freenet-darknet-8888) - Unknown owner - C:\Archivos de programa\Freenet\bin\wrapper-windows-x86-32.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9c06a529fa892) (gupdate1c9c06a529fa892) - Google Inc. - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARCHIV~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 10091 bytes

#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 03 May 2009 - 08:31 AM

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 TMA_Cool

TMA_Cool

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 15 May 2009 - 04:04 PM

ComboFix 09-05-15.01 - Cristian 15/05/2009 18:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.54.3082.18.2047.1498 [GMT -3:00]
Running from: c:\documents and settings\Cristian\Escritorio\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090515-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2009-04-15 to 2009-05-15 )))))))))))))))))))))))))))))))
.

2009-05-13 03:19 . 2009-05-13 03:22 -------- d-----w c:\archivos de programa\Spybot - Search & Destroy
2009-05-13 03:19 . 2009-05-13 03:22 -------- d-----w c:\documents and settings\All Users\Datos de programa\Spybot - Search & Destroy
2009-05-13 03:07 . 2003-03-18 20:20 1060864 ----a-w c:\windows\system32\MFC71.dll
2009-05-13 03:07 . 2009-05-13 03:07 -------- d-----w c:\archivos de programa\Alwil Software
2009-05-12 20:58 . 2009-05-13 03:27 -------- d-----w c:\archivos de programa\Unlocker
2009-05-12 20:39 . 2002-01-05 17:37 344064 ----a-w c:\windows\system32\msvcr70.dll
2009-05-09 18:47 . 2009-05-09 21:35 -------- d-----w c:\documents and settings\Cristian\Datos de programa\WinFF
2009-05-04 21:34 . 2009-05-04 21:34 -------- d-----w c:\archivos de programa\Maxis
2009-05-04 21:00 . 2009-05-04 21:00 -------- d-----w c:\documents and settings\All Users\Datos de programa\DAEMON Tools Lite
2009-05-04 21:00 . 2009-05-04 21:00 -------- d-----w c:\archivos de programa\DAEMON Tools Toolbar
2009-05-02 23:23 . 2009-05-02 23:23 579584 -c--a-w c:\windows\system32\dllcache\user32.dll
2009-05-02 23:17 . 2009-05-02 23:18 -------- d-----w c:\windows\ERUNT
2009-05-01 22:01 . 2008-04-17 15:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-01 22:01 . 2009-03-19 19:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-01 22:01 . 2009-05-01 22:01 -------- d-----w c:\archivos de programa\iPod
2009-05-01 22:01 . 2009-05-01 22:01 -------- d-----w c:\documents and settings\All Users\Datos de programa\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-01 22:01 . 2009-05-02 19:26 -------- d-----w c:\archivos de programa\iTunes
2009-05-01 22:01 . 2009-05-01 22:01 -------- d-----w c:\archivos de programa\Bonjour
2009-05-01 22:00 . 2009-05-01 22:00 -------- d-----w c:\documents and settings\All Users\Datos de programa\Apple Computer
2009-05-01 21:59 . 2009-05-01 21:59 -------- d-----w c:\archivos de programa\Apple Software Update
2009-05-01 21:59 . 2009-03-26 18:23 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-05-01 21:59 . 2009-03-26 18:23 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-05-01 21:58 . 2009-05-01 21:58 -------- d-----w c:\archivos de programa\Archivos comunes\Apple
2009-05-01 01:43 . 2009-05-11 03:06 -------- d-----w c:\documents and settings\Cristian\Datos de programa\DivX
2009-05-01 01:42 . 2009-01-27 01:35 120056 ------w c:\windows\system32\pxcpyi64.exe
2009-05-01 01:42 . 2009-01-27 01:35 118520 ------w c:\windows\system32\pxinsi64.exe
2009-05-01 01:42 . 2009-01-27 01:35 129784 ------w c:\windows\system32\pxafs.dll
2009-05-01 01:42 . 2009-05-01 01:42 -------- d-----w c:\archivos de programa\Archivos comunes\DivX Shared
2009-04-30 17:54 . 2009-04-30 17:54 -------- d-----w C:\Nueva carpeta
2009-04-30 17:14 . 2009-04-30 17:14 1529241 ----a-w C:\SDFix.exe
2009-04-29 21:19 . 2009-04-29 21:19 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-04-29 17:42 . 2009-05-04 21:01 -------- d-----w c:\documents and settings\Cristian\Datos de programa\DAEMON Tools Lite
2009-04-29 16:11 . 2009-04-29 16:11 -------- d-----w c:\documents and settings\Cristian\Datos de programa\TrojanHunter
2009-04-29 15:46 . 2009-05-02 15:03 -------- d-----w c:\archivos de programa\TrojanHunter 5.0
2009-04-29 15:35 . 2009-05-03 01:21 -------- d-----w C:\HJT
2009-04-29 03:14 . 2009-04-29 13:29 -------- d-----w c:\archivos de programa\GRETECH
2009-04-18 15:46 . 2009-04-21 01:29 -------- d-----w c:\archivos de programa\Widelands

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-15 20:39 . 2008-02-22 03:53 137992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-15 20:38 . 2008-02-22 03:53 201816 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-15 16:57 . 2008-02-19 20:16 -------- d-----w c:\archivos de programa\Xfire
2009-05-13 03:27 . 2009-02-15 00:18 -------- d-----w c:\archivos de programa\ESET
2009-05-12 16:50 . 2008-08-09 00:00 -------- d-----w c:\archivos de programa\Malwarebytes' Anti-Malware
2009-05-12 16:41 . 2008-08-18 23:58 -------- d-----w c:\archivos de programa\SpywareBlaster
2009-05-11 22:13 . 2009-05-11 22:13 3072 ----a-w c:\windows\tmp3DA.tmp
2009-05-05 13:47 . 2008-04-25 17:45 -------- d-----w c:\archivos de programa\SpeedBit Video Accelerator
2009-05-04 21:34 . 2008-03-02 21:49 737 ----a-w c:\windows\eReg.dat
2009-05-04 21:00 . 2008-10-09 20:12 -------- d-----w c:\archivos de programa\DAEMON Tools Lite
2009-05-02 23:34 . 2001-08-24 10:00 79260 ----a-w c:\windows\system32\perfc00A.dat
2009-05-02 23:34 . 2001-08-24 10:00 463278 ----a-w c:\windows\system32\perfh00A.dat
2009-05-02 15:03 . 2008-10-11 16:25 -------- d-----w c:\archivos de programa\TuneUp Utilities 2008
2009-05-01 22:00 . 2008-06-16 19:53 -------- d-----w c:\archivos de programa\QuickTime
2009-05-01 01:42 . 2008-03-28 03:30 -------- d-----w c:\archivos de programa\DivX
2009-04-29 17:43 . 2008-02-16 02:37 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-26 16:42 . 2008-08-01 23:49 -------- d-----w c:\archivos de programa\Paradox Interactive
2009-04-26 16:38 . 2009-02-03 02:50 -------- d-----w c:\archivos de programa\PokerStars.NET
2009-04-18 21:12 . 2008-02-16 22:11 -------- d-----w c:\archivos de programa\Google
2009-04-11 03:42 . 2008-04-23 21:00 2560 ----a-w c:\windows\_MSRSTRT.EXE
2009-04-10 17:19 . 2008-11-30 16:21 5632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2009-04-08 19:57 . 2009-04-08 19:44 -------- d-----w c:\archivos de programa\Doomsday
2009-04-06 18:32 . 2008-08-09 00:00 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 18:32 . 2008-08-09 00:00 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-02 13:33 . 2008-02-15 22:27 -------- d--h--w c:\archivos de programa\InstallShield Installation Information
2009-04-01 20:07 . 2008-02-18 11:41 -------- d-----w c:\archivos de programa\THQ
2009-04-01 01:31 . 2008-03-04 05:22 -------- d-----w c:\archivos de programa\Java
2009-03-29 22:58 . 2009-03-29 22:58 43520 ----a-w c:\windows\system32\CmdLineExt03.dll
2009-03-29 18:27 . 2008-10-13 01:55 21840 ----atw c:\windows\system32\SIntfNT.dll
2009-03-29 18:27 . 2008-10-13 01:55 17212 ----atw c:\windows\system32\SIntf32.dll
2009-03-29 18:27 . 2008-10-13 01:55 12067 ----atw c:\windows\system32\SIntf16.dll
2009-03-27 15:09 . 2009-03-27 14:22 -------- d-----w c:\archivos de programa\Arma
2009-03-18 01:28 . 2009-03-18 01:28 -------- d-----w c:\archivos de programa\Microsoft
2009-03-18 01:28 . 2009-03-18 01:28 -------- d-----w c:\archivos de programa\Windows Live SkyDrive
2009-03-18 01:27 . 2008-02-18 23:44 -------- d-----w c:\archivos de programa\Windows Live
2009-03-17 23:04 . 2009-03-17 23:04 -------- d-----w c:\archivos de programa\Archivos comunes\Windows Live
2009-03-09 08:19 . 2008-11-24 02:28 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:20 . 2004-08-19 18:42 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-05 18:29 . 2009-02-05 23:53 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-03 00:06 . 2004-08-19 18:42 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 21:30 . 2009-03-02 21:30 4608 ----a-w c:\windows\system32\w95inf32.dll
2009-03-02 21:30 . 2009-03-02 21:30 2272 ----a-w c:\windows\system32\w95inf16.dll
2009-02-25 18:55 . 2008-05-07 20:32 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-02-25 18:55 . 2008-05-07 20:32 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-02-20 17:09 . 2004-08-19 18:42 78336 ----a-w c:\windows\system32\ieencode.dll
2008-04-16 03:57 . 2008-04-16 03:57 61 --sh--w c:\windows\cnerolf.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\archivos de programa\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\archivos de programa\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SpeedBitVideoAccelerator"="c:\archivos de programa\SpeedBit Video Accelerator\VideoAccelerator.exe" [2009-05-05 2823784]
"SpybotSD TeaTimer"="c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\archivos de programa\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"MBBalloon"="c:\archivos de programa\HOTALBUMMyBOX\MBBalloon.exe" [2007-02-09 789120]
"HP Component Manager"="c:\archivos de programa\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Ad-Watch"="c:\archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-23 516440]
"StartCCC"="c:\archivos de programa\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-04 61440]
"SunJavaUpdateSched"="c:\archivos de programa\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\archivos de programa\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"avast!"="c:\archiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-04-10 16861184]

c:\documents and settings\Cristian\Men£ Inicio\Programas\Inicio\
Adobe Gamma.lnk - c:\archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
DSLMON.lnk - c:\archivos de programa\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe [2008-5-3 946278]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Picasa Media Detector"=c:\archivos de programa\Picasa2\PicasaMediaDetector.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Archivos de programa\\Xfire\\xfire.exe"=
"c:\\Archivos de programa\\Paradox Interactive\\Doomsday\\Hoi2.exe"=
"c:\\Archivos de programa\\Java\\jre1.5.0_16\\bin\\javaw.exe"=
"c:\\Archivos de programa\\Hamachi\\hamachi.exe"=
"c:\\Archivos de programa\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Archivos de programa\\mIRC\\mirc.exe"=
"c:\\Archivos de programa\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Archivos de programa\\Steam\\Steam.exe"=
"c:\\Archivos de programa\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Archivos de programa\\VRC\\VRC.exe"=
"c:\\Archivos de programa\\Electronic Arts\\Battlefield 2142\\FirstStrike.exe"=
"c:\\Documents and Settings\\Cristian\\Configuración local\\Datos de programa\\Dyyno Receiver\\DPPM.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"c:\\Games\\FreeSpace2\\fs2_open_3_6_10.exe"=
"c:\\Games\\FreeSpace2\\fs2_open_3_6_9.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Doomsday\\Hoi2.exe"=
"c:\\Archivos de programa\\Ares\\Ares.exe"=
"c:\\Archivos de programa\\Java\\jre6\\bin\\java.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\iTunes\\iTunes.exe"=
"c:\\Archivos de programa\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"c:\\Archivos de programa\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [05/02/2009 15:27 64160]
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [02/04/2008 21:05 15172]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13/05/2009 00:08 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/05/2009 00:08 20560]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\archiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\archiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R2 WinDefend;Windows Defender;c:\archivos de programa\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [21/02/2008 16:56 36864]
R3 P1001VID;Creative WebCam (WDM);c:\windows\system32\drivers\P1001Vid.sys [03/03/2008 02:12 311684]
S2 freenet-darknet-8888;Freenet 0.7 darknet-8888;"c:\archivos de programa\Freenet\bin\wrapper-windows-x86-32.exe" -s "c:\archivos de programa\Freenet\wrapper.conf" --> c:\archivos de programa\Freenet\bin\wrapper-windows-x86-32.exe [?]
S2 gupdate1c9c06a529fa892;Google Update Service (gupdate1c9c06a529fa892);c:\archivos de programa\Google\Update\GoogleUpdate.exe [18/04/2009 18:12 133104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\archivos de programa\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 18:34 953168]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11a77d6e-de76-11dc-87b7-806d6172696f}]
\Shell\AutoRun\command - D:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\archivos de programa\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:09]

2009-05-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\archivos de programa\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 19:28]

2009-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2009-05-15 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-04-18 21:12]

2009-05-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\archivos de programa\Windows Defender\MpCmdRun.exe [2006-11-03 21:20]

2009-05-15 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 19:04]

2009-05-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 19:04]

2009-05-15 c:\windows\Tasks\User_Feed_Synchronization-{26114001-2B39-4FC7-932F-F177120A7107}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 21:36]

2009-05-15 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-13 01:18]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-UnlockerAssistant - c:\archivos de programa\Unlocker\UnlockerAssistant.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.ar/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\archiv~1\SPEEDB~1\sblsp.dll
FF - ProfilePath - c:\documents and settings\Cristian\Datos de programa\Mozilla\Firefox\Profiles\d190z417.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ar/
FF - prefs.js: keyword.URL - hxxp://ar.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=
FF - plugin: c:\archivos de programa\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\archivos de programa\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Cristian\Datos de programa\Mozilla\Firefox\Profiles\d190z417.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-15 18:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(912)
c:\archiv~1\SPEEDB~1\sblsp.dll
c:\archivos de programa\SpeedBit Video Accelerator\ConfigDB.dll
c:\archivos de programa\SpeedBit Video Accelerator\Accelerator.dll
c:\archivos de programa\SpeedBit Video Accelerator\CommPipe.dll
c:\archivos de programa\SpeedBit Video Accelerator\Collector.dll
c:\archivos de programa\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(2980)
c:\archiv~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-15 18:59
ComboFix-quarantined-files.txt 2009-05-15 21:59

Pre-Run: 70.046.314.496 bytes libres
Post-Run: 70.167.257.088 bytes libres

260 --- E O F --- 2009-05-15 00:25

#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 16 May 2009 - 08:26 AM

Your log is clean.

Delete these files in bold.
c:\windows\tmp3DA.tmp
c:\windows\_MSRSTRT.EXE

Do you know what this AutoRun.exe does in your D: drive?

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11a77d6e-de76-11dc-87b7-806d6172696f}]
\Shell\AutoRun\command - D:\AutoRun.exe

Take a look at this page created by miekiemoes, one of the Global Moderators here, on slow systems, and some things you can try to do to try to improve it:
http://users.telenet...owcomputer.html

Keep me posted.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 TMA_Cool

TMA_Cool

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 16 May 2009 - 10:32 AM

The autorun.exe i guess its the game cd i go in the D drive. Thanks for helping me with this.

I still got the youtube problem though, i can log in but not directly. I have to link my gmail account to the youtube page and then it logs in. I have no problem on my other computer, which is on the same network.

#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 17 May 2009 - 08:07 AM

Clean your Temporary Internet files and your cookies.
Let me know if the problem persists.

Download: CCleaner (freeware)
http://www.majorgeek...wnload4191.html
Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run CCleaner click the Windows [tab]
The following should be selected by default, if not, please select:
Posted Image
Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Then click Run Cleaner (bottom right) then Exit
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#12 TMA_Cool

TMA_Cool

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 17 May 2009 - 10:01 AM

Still persist, actually CCleaner is what started the problem. I did a run of it some weeks ago, and problems started.

#13 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 17 May 2009 - 12:01 PM

Do you have a good System Restore point prior to you running Ccleaner. That may help restore it and I will pick it up from there with a fresh HijackThis log from the restore date.


Good tutorials.
http://128.175.24.25...storepoints.htm

http://www.microsoft...ew_03may19.mspx
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#14 TMA_Cool

TMA_Cool

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 18 May 2009 - 11:39 AM

Nope, two days ago i deleted past system restore following guide you posted on how to improve computer speed. Shame i didnt think about restoring before. Any other ideas?
Thanks.

#15 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 19 May 2009 - 08:04 AM

I have never seen Ccleaner cause a problem.
This could only happen if you have some important operating files in a Temp folder.
That being the case your Operaring system would not work. Since we are talking about a 3rd party programs we will have to investigate further.

Download catchme.exe to your desktop.
http://www.gmer.net/catchme.php
This tool is from GMER.

Double click the catchme.exe to run it

Open the catchme.log with Notepad and post the results back here.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#16 TMA_Cool

TMA_Cool

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 20 May 2009 - 10:05 AM

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 12:09:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Archivos de programa\DAEMON Tools Lite\"
"h0"=dword:00000001
"hdf12"=hex:f5,11,15,29,d0,43,22,42,c7,2c,60,c8,bc,41,18,6a,16,3d,18,13,25,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,5f,e1,de,79,62,9e,7f,01,7b,98,95,54,e1,c7,ba,09,81,..
"hdf12"=hex:2c,da,6c,c2,50,58,1e,25,c2,24,c5,22,ff,12,28,51,40,71,36,37,eb,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:1f,7b,d5,f5,fa,3a,60,93,1d,bc,f1,33,52,a2,b2,ac,61,7d,3d,5e,7d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:bb,56,30,33,42,37,45,2d,72,12,e5,fc,c6,cb,4b,8a,46,43,12,2c,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:dd,ed,a5,09,14,8b,3e,eb,d6,90,25,6b,c0,28,98,5a,fe,e6,e9,32,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3c,18,8a,d7,c7,f1,e9,5e,57,48,8a,76,56,3b,5d,dc,42,b5,a6,c4,47,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Archivos de programa\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:df,69,8f,2d,01,87,e5,77,72,8a,05,8f,86,5c,62,f9,91,7f,cd,04,60,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4c,91,2e,17,fd,3d,e1,5b,6c,6b,14,5a,50,e2,fa,33,42,..
"khjeh"=hex:ae,50,ba,be,25,41,02,f0,46,84,51,45,3d,e4,98,4a,fd,15,96,63,96,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2f,81,71,62,8a,e7,a3,e3,eb,e4,4e,47,72,c5,32,16,63,2e,30,15,27,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Archivos de programa\DAEMON Tools Lite\"
"h0"=dword:00000001
"hdf12"=hex:f5,11,15,29,d0,43,22,42,c7,2c,60,c8,bc,41,18,6a,16,3d,18,13,25,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,5f,e1,de,79,62,9e,7f,01,7b,98,95,54,e1,c7,ba,09,81,..
"hdf12"=hex:2c,da,6c,c2,50,58,1e,25,c2,24,c5,22,ff,12,28,51,40,71,36,37,eb,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:1f,7b,d5,f5,fa,3a,60,93,1d,bc,f1,33,52,a2,b2,ac,61,7d,3d,5e,7d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:bb,56,30,33,42,37,45,2d,72,12,e5,fc,c6,cb,4b,8a,46,43,12,2c,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:dd,ed,a5,09,14,8b,3e,eb,d6,90,25,6b,c0,28,98,5a,fe,e6,e9,32,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3c,18,8a,d7,c7,f1,e9,5e,57,48,8a,76,56,3b,5d,dc,42,b5,a6,c4,47,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

#17 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 20 May 2009 - 12:18 PM

Nothing suspicious was found on all your logs.

Try this.

How to Reset Internet Explorer Settings (RIES)
I.E. 7 and 8 on xp and vista.
http://support.microsoft.com/kb/923737

Also Google this string youtube does not load it may give you some clues.
Maybe your Flash is not up to par or has been damaged, not sure.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#18 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 03 June 2009 - 06:58 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




Member of UNITE
Support SpywareInfo Forum - click the button