ChrisLey
2010-07-17, 07:27
Okay,
First I know somethings about Computer, but I'm definity no expert, so I need your help
Yesterday I downloaded a hack for a game, (yeah I know that was stupid), it was an .exe
I tryed to run it, but nothing happened.
I kept my eye on the anti-virus to see if it detected something, it didn't,.
I eliminated the hack, a few minutes later, My anti-virus (ESET NOD32 Anti-Virus Buisness Edition) detected 4 Virus on my computer, whitch it automaticlly moved to quarantine.
Next I started suffering from lagspike of 2 seconds, every 6 seconds, which I didn't experience before.
I did a Full-System Check and It detected 2 more virus, which it automaticlly moved to quarantine, I still suffered the lagspike, so I decided to download Spybot S&D and I inmunize, and did a System Check, It detected Win32.Spynet.a, and then it closed itself, I opened Spybot again, and it detected and closed again itself,
I don't what's happening, but I want to remove it.
Help Please
*Few Notes
-Lagspike is completly gone
-I got a teatimer blacklist detection of Winlogon.exe, I told it to kill it
-When I start my computer I get a bunch of GoogleChrome errors for some reason
-When I turn off my computer I get a WinLogon.exe error
DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 23:21:43,85 on 16/07/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.34.3082.18.1983.1400 [GMT -5:00]
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\Archivos de programa\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
C:\archivos de programa\steam\steam.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Archivos de programa\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Documents and Settings\User\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Escritorio\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.hotmail.com/
uWindow Title = Windows Internet Explorer proporcionado por Windows uE
uDefault_Page_URL = hxxp://www.busca7.com
mDefault_Page_URL = hxxp://www.busca7.com
mStart Page = hxxp://www.busca7.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\archiv~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\archiv~1\micros~4\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\archivos de programa\java\jre1.6.0_01\bin\ssv.dll
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\user\configuración local\datos de programa\google\update\GoogleUpdate.exe" /c
uRun: [Center Agent] c:\archivos de programa\kworld multimedia\hypermediacenter\dtvr\Scheduled.exe
uRun: [dso32] c:\docume~1\user\config~1\temp\dsoqq.exe
uRun: [Steam] "c:\archivos de programa\steam\steam.exe" -silent
uRun: [HKCU] c:\windows\system32\winlog\Winlogon.exe
mRun: [egui] "c:\archivos de programa\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [QuickTime Task] "c:\archivos de programa\quicktime alternative\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\archivos de programa\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\archivos de programa\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\archivos de programa\archivos comunes\adobe\arm\1.0\AdobeARM.exe"
mRun: [ZSSnp211] c:\windows\ZSSnp211.exe
mRun: [Domino] c:\windows\Domino.exe
mRun: [PWRISOVM.EXE] c:\archivos de programa\poweriso\PWRISOVM.EXE
mRun: [HKLM] c:\windows\system32\winlog\Winlogon.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uExplorerRun: [Policies] c:\windows\system32\winlog\Winlogon.exe
mExplorerRun: [Policies] c:\windows\system32\winlog\Winlogon.exe
StartupFolder: c:\docume~1\user\menini~1\progra~1\inicio\erunta~1.lnk - c:\archivos de programa\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\user\menini~1\progra~1\inicio\rocket~1.lnk - c:\windows\bricopacks\vista inspirat 2\rocketdock\RocketDock.exe
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\actual~1.lnk - c:\archivos de programa\eset\minodlogin\MiNODLogin.exe
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\remote~1.lnk - c:\archivos de programa\kworld multimedia\tv tuner card utilities\HMCP3XCtl.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~4\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\archiv~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~4\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\archivos de programa\archivos comunes\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\archiv~1\spybot~1\SDHelper.dll
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\archiv~1\micros~4\office12\GR99D3~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\archiv~1\micros~4\office12\GRA8E1~1.DLL
mASetup: {XQ881J2H-07YA-WRBN-4P25-XN85W68VYEVT} - c:\windows\system32\winlog\Winlogon.exe
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath -
============= SERVICES / DRIVERS ===============
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-3-19 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-3-19 93848]
R2 ekrn;ESET Service;c:\archivos de programa\eset\eset nod32 antivirus\ekrn.exe [2009-3-19 731840]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2010-6-10 674048]
R3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [2010-6-15 480128]
R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [2010-6-15 1472000]
=============== Created Last 30 ================
2010-07-15 22:38:14 0 d-----w- c:\archivos de programa\Safer Networking
2010-07-15 22:05:21 0 d-----w- c:\docume~1\alluse~1\datosd~1\Spybot - Search & Destroy
2010-07-15 22:05:21 0 d-----w- c:\archivos de programa\Spybot - Search & Destroy
2010-07-15 21:55:47 117760 --sh--r- C:\biriprg.exe
2010-07-14 23:09:09 333288 ----a-w- c:\docume~1\user\datosd~1\SQLite3.dll
2010-07-13 15:08:45 116224 --sh--r- C:\i8gcgmg.exe
2010-07-12 17:50:14 116736 --sh--r- C:\r3x0k.exe
2010-07-10 03:32:51 0 d-----w- c:\docume~1\user\datosd~1\BitTorrent
2010-07-10 03:32:47 0 d-----w- c:\archivos de programa\BitTorrent
2010-07-09 14:17:10 116224 --sh--r- C:\ggb6w.exe
2010-07-06 15:16:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-06 15:09:51 117248 --sh--r- C:\x3xh.exe
2010-07-03 17:34:49 0 d-----w- c:\archivos de programa\PowerISO
2010-07-03 17:24:01 0 d-----w- c:\archivos de programa\Tansee iPod Transfer
2010-07-03 13:25:57 117248 --sh--r- C:\g6jk.exe
2010-07-03 03:41:10 0 d-----w- c:\archivos de programa\SystemRequirementsLab
2010-07-03 03:14:28 0 d-----w- c:\archivos de programa\Steam
2010-06-24 21:44:04 0 d-----w- c:\archivos de programa\Bandoo
2010-06-23 16:13:41 117248 --sh--r- C:\eyruu.exe
2010-06-19 21:33:48 0 d-----w- c:\docume~1\alluse~1\datosd~1\WinMaximizer
2010-06-18 15:19:05 117248 --sh--r- C:\09lf.exe
2010-06-18 03:47:40 3417 ----a-w- c:\windows\system32\wbem\Outlook_01cb0e990050f2a2.mof
2010-06-17 20:50:49 115712 --sh--r- C:\1gkbvsni.exe
==================== Find3M ====================
2010-07-17 04:21:22 701793 ---ha-w- c:\docume~1\user\datosd~1\logs.dat
2010-06-18 03:47:40 77520 ----a-w- c:\windows\system32\perfc00A.dat
2010-06-18 03:47:40 456588 ----a-w- c:\windows\system32\perfh00A.dat
2010-06-16 20:24:11 116224 --sh--r- C:\xcr.exe
2010-06-16 01:52:32 114688 --sh--r- C:\krwyrv0d.exe
2010-06-10 18:33:07 315392 ----a-w- c:\windows\HideWin.exe
2010-06-10 13:36:12 64695 ----a-w- c:\windows\BricoPackUninst.cmd
2010-06-10 13:36:12 5997 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-06-10 13:36:12 220160 ----a-w- c:\windows\system32\uxtheme.dll
2010-06-10 04:12:40 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-06-10 04:12:40 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-06-10 04:12:40 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-06-10 03:45:07 21900 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2005-09-20 12:44:14 354429 --sh--r- c:\windows\system32\winlog\Winlogon.exe
============= FINISH: 23:22:06,35 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 09/06/2010 10:50:00 p.m.
System Uptime: 16/07/2010 11:16:02 p.m. (0 hours ago)
Motherboard: MSI | | MS-7309
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | CPU 1 | 2712/200mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | CPU 1 | 2712/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 68 GiB total, 37,885 GiB free.
D: is FIXED (NTFS) - 165 GiB total, 162,026 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP43: 11/07/2010 12:39:43 p.m. - Punto de control del sistema
RP44: 11/07/2010 12:57:46 p.m. - Punto de control del sistema
RP45: 12/07/2010 07:58:33 p.m. - Punto de control del sistema
RP46: 14/07/2010 12:00:52 p.m. - Punto de control del sistema
RP47: 15/07/2010 04:20:15 p.m. - Punto de control del sistema
RP48: 16/07/2010 08:07:53 p.m. - Punto de control del sistema
==== Installed Programs ======================
Actualización para Windows XP (KB898461)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3 - Español
AMD Processor Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares 3.1.5.3033
Audiosurf
BitTorrent
Bonjour
Chinese (Simplified) Language Support
Chinese (Traditional) Language Support
Compresor WinRAR
Counter-Strike: Condition Zero
Counter-Strike: Source
CyberLink PowerDVD 9
Dream Aquarium
ERUNT 1.1j
ESET Antivirus License Finder (MiNODLogin)
ESET NOD32 Antivirus
GameHouse Super Games AIO®
Garry's Mod
Google Chrome
Herramienta de carga de Windows Live
High Definition Audio Driver Package - KB888111
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HyperMediaCenter
iTunes
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 3.01 Full
Korean Language Support
KWorld TV Tuner Card Utilities
KWorld TV713X BDA Driver
L&H Power Translator Pro 7.0
Matemáticas de Microsoft
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - ESN
Microsoft Age of Empires II
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Global IME for Chinese (Simplified)
Microsoft Global IME for Chinese (Traditional)
Microsoft Global IME for Chinese (Traditional) ChangJie
Microsoft Global IME for Korean
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (Spanish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office Groove MUI (Spanish) 2007
Microsoft Office InfoPath MUI (Spanish) 2007
Microsoft Office OneNote MUI (Spanish) 2007
Microsoft Office Outlook MUI (Spanish) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Publisher MUI (Spanish) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (Spanish) 12
Microsoft Student con Encarta Premium 2009
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.3)
MSVCRT
MSXML 6.0 Parser
Need for Speed™ Most Wanted
Nero 7.10.1.0
NVIDIA Drivers
Pack Vista Inspirat 2 1.0
Paquete de idioma de Microsoft .NET Framework 2.0 - ESN
Picasa 3
PopCap Deluxe Games
PowerISO
QuickTime
QuickTime Alternative 1.80
Realtek High Definition Audio Driver
Reproductor de Windows Media 11
RunAlyzer
Segoe UI
Shockwave Player
Spybot - Search & Destroy
Steam
Synergy
System Requirements Lab
Tansee iPod Transfer v3.8
VideoLAN VLC media player 0.8.6d
WebFldrs XP
Winamp (remove only)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Asistente para el inicio de sesión
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
ZSMC USB PC Camera (ZS0211)
==== Event Viewer Messages From Past Week ========
11/07/2010 12:39:15 p.m., error: sr [1] - El filtro de Restaurar sistema encontró el error inesperado "0xC0000043" mientras procesaba el archivo "ggb6w.exe" en el volumen "HarddiskVolume2". Se ha detenido la supervisión del volumen.
==== End Of File ===========================
First I know somethings about Computer, but I'm definity no expert, so I need your help
Yesterday I downloaded a hack for a game, (yeah I know that was stupid), it was an .exe
I tryed to run it, but nothing happened.
I kept my eye on the anti-virus to see if it detected something, it didn't,.
I eliminated the hack, a few minutes later, My anti-virus (ESET NOD32 Anti-Virus Buisness Edition) detected 4 Virus on my computer, whitch it automaticlly moved to quarantine.
Next I started suffering from lagspike of 2 seconds, every 6 seconds, which I didn't experience before.
I did a Full-System Check and It detected 2 more virus, which it automaticlly moved to quarantine, I still suffered the lagspike, so I decided to download Spybot S&D and I inmunize, and did a System Check, It detected Win32.Spynet.a, and then it closed itself, I opened Spybot again, and it detected and closed again itself,
I don't what's happening, but I want to remove it.
Help Please
*Few Notes
-Lagspike is completly gone
-I got a teatimer blacklist detection of Winlogon.exe, I told it to kill it
-When I start my computer I get a bunch of GoogleChrome errors for some reason
-When I turn off my computer I get a WinLogon.exe error
DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 23:21:43,85 on 16/07/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.34.3082.18.1983.1400 [GMT -5:00]
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\Archivos de programa\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
C:\archivos de programa\steam\steam.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Archivos de programa\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Documents and Settings\User\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Escritorio\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.hotmail.com/
uWindow Title = Windows Internet Explorer proporcionado por Windows uE
uDefault_Page_URL = hxxp://www.busca7.com
mDefault_Page_URL = hxxp://www.busca7.com
mStart Page = hxxp://www.busca7.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\archiv~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\archiv~1\micros~4\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\archivos de programa\java\jre1.6.0_01\bin\ssv.dll
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\user\configuración local\datos de programa\google\update\GoogleUpdate.exe" /c
uRun: [Center Agent] c:\archivos de programa\kworld multimedia\hypermediacenter\dtvr\Scheduled.exe
uRun: [dso32] c:\docume~1\user\config~1\temp\dsoqq.exe
uRun: [Steam] "c:\archivos de programa\steam\steam.exe" -silent
uRun: [HKCU] c:\windows\system32\winlog\Winlogon.exe
mRun: [egui] "c:\archivos de programa\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [QuickTime Task] "c:\archivos de programa\quicktime alternative\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\archivos de programa\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\archivos de programa\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\archivos de programa\archivos comunes\adobe\arm\1.0\AdobeARM.exe"
mRun: [ZSSnp211] c:\windows\ZSSnp211.exe
mRun: [Domino] c:\windows\Domino.exe
mRun: [PWRISOVM.EXE] c:\archivos de programa\poweriso\PWRISOVM.EXE
mRun: [HKLM] c:\windows\system32\winlog\Winlogon.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uExplorerRun: [Policies] c:\windows\system32\winlog\Winlogon.exe
mExplorerRun: [Policies] c:\windows\system32\winlog\Winlogon.exe
StartupFolder: c:\docume~1\user\menini~1\progra~1\inicio\erunta~1.lnk - c:\archivos de programa\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\user\menini~1\progra~1\inicio\rocket~1.lnk - c:\windows\bricopacks\vista inspirat 2\rocketdock\RocketDock.exe
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\actual~1.lnk - c:\archivos de programa\eset\minodlogin\MiNODLogin.exe
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\remote~1.lnk - c:\archivos de programa\kworld multimedia\tv tuner card utilities\HMCP3XCtl.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~4\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\archiv~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~4\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\archivos de programa\archivos comunes\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\archiv~1\spybot~1\SDHelper.dll
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\archiv~1\micros~4\office12\GR99D3~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\archiv~1\micros~4\office12\GRA8E1~1.DLL
mASetup: {XQ881J2H-07YA-WRBN-4P25-XN85W68VYEVT} - c:\windows\system32\winlog\Winlogon.exe
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath -
============= SERVICES / DRIVERS ===============
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-3-19 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-3-19 93848]
R2 ekrn;ESET Service;c:\archivos de programa\eset\eset nod32 antivirus\ekrn.exe [2009-3-19 731840]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2010-6-10 674048]
R3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [2010-6-15 480128]
R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [2010-6-15 1472000]
=============== Created Last 30 ================
2010-07-15 22:38:14 0 d-----w- c:\archivos de programa\Safer Networking
2010-07-15 22:05:21 0 d-----w- c:\docume~1\alluse~1\datosd~1\Spybot - Search & Destroy
2010-07-15 22:05:21 0 d-----w- c:\archivos de programa\Spybot - Search & Destroy
2010-07-15 21:55:47 117760 --sh--r- C:\biriprg.exe
2010-07-14 23:09:09 333288 ----a-w- c:\docume~1\user\datosd~1\SQLite3.dll
2010-07-13 15:08:45 116224 --sh--r- C:\i8gcgmg.exe
2010-07-12 17:50:14 116736 --sh--r- C:\r3x0k.exe
2010-07-10 03:32:51 0 d-----w- c:\docume~1\user\datosd~1\BitTorrent
2010-07-10 03:32:47 0 d-----w- c:\archivos de programa\BitTorrent
2010-07-09 14:17:10 116224 --sh--r- C:\ggb6w.exe
2010-07-06 15:16:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-06 15:09:51 117248 --sh--r- C:\x3xh.exe
2010-07-03 17:34:49 0 d-----w- c:\archivos de programa\PowerISO
2010-07-03 17:24:01 0 d-----w- c:\archivos de programa\Tansee iPod Transfer
2010-07-03 13:25:57 117248 --sh--r- C:\g6jk.exe
2010-07-03 03:41:10 0 d-----w- c:\archivos de programa\SystemRequirementsLab
2010-07-03 03:14:28 0 d-----w- c:\archivos de programa\Steam
2010-06-24 21:44:04 0 d-----w- c:\archivos de programa\Bandoo
2010-06-23 16:13:41 117248 --sh--r- C:\eyruu.exe
2010-06-19 21:33:48 0 d-----w- c:\docume~1\alluse~1\datosd~1\WinMaximizer
2010-06-18 15:19:05 117248 --sh--r- C:\09lf.exe
2010-06-18 03:47:40 3417 ----a-w- c:\windows\system32\wbem\Outlook_01cb0e990050f2a2.mof
2010-06-17 20:50:49 115712 --sh--r- C:\1gkbvsni.exe
==================== Find3M ====================
2010-07-17 04:21:22 701793 ---ha-w- c:\docume~1\user\datosd~1\logs.dat
2010-06-18 03:47:40 77520 ----a-w- c:\windows\system32\perfc00A.dat
2010-06-18 03:47:40 456588 ----a-w- c:\windows\system32\perfh00A.dat
2010-06-16 20:24:11 116224 --sh--r- C:\xcr.exe
2010-06-16 01:52:32 114688 --sh--r- C:\krwyrv0d.exe
2010-06-10 18:33:07 315392 ----a-w- c:\windows\HideWin.exe
2010-06-10 13:36:12 64695 ----a-w- c:\windows\BricoPackUninst.cmd
2010-06-10 13:36:12 5997 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-06-10 13:36:12 220160 ----a-w- c:\windows\system32\uxtheme.dll
2010-06-10 04:12:40 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-06-10 04:12:40 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-06-10 04:12:40 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-06-10 03:45:07 21900 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2005-09-20 12:44:14 354429 --sh--r- c:\windows\system32\winlog\Winlogon.exe
============= FINISH: 23:22:06,35 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 09/06/2010 10:50:00 p.m.
System Uptime: 16/07/2010 11:16:02 p.m. (0 hours ago)
Motherboard: MSI | | MS-7309
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | CPU 1 | 2712/200mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | CPU 1 | 2712/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 68 GiB total, 37,885 GiB free.
D: is FIXED (NTFS) - 165 GiB total, 162,026 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP43: 11/07/2010 12:39:43 p.m. - Punto de control del sistema
RP44: 11/07/2010 12:57:46 p.m. - Punto de control del sistema
RP45: 12/07/2010 07:58:33 p.m. - Punto de control del sistema
RP46: 14/07/2010 12:00:52 p.m. - Punto de control del sistema
RP47: 15/07/2010 04:20:15 p.m. - Punto de control del sistema
RP48: 16/07/2010 08:07:53 p.m. - Punto de control del sistema
==== Installed Programs ======================
Actualización para Windows XP (KB898461)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3 - Español
AMD Processor Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares 3.1.5.3033
Audiosurf
BitTorrent
Bonjour
Chinese (Simplified) Language Support
Chinese (Traditional) Language Support
Compresor WinRAR
Counter-Strike: Condition Zero
Counter-Strike: Source
CyberLink PowerDVD 9
Dream Aquarium
ERUNT 1.1j
ESET Antivirus License Finder (MiNODLogin)
ESET NOD32 Antivirus
GameHouse Super Games AIO®
Garry's Mod
Google Chrome
Herramienta de carga de Windows Live
High Definition Audio Driver Package - KB888111
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HyperMediaCenter
iTunes
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 3.01 Full
Korean Language Support
KWorld TV Tuner Card Utilities
KWorld TV713X BDA Driver
L&H Power Translator Pro 7.0
Matemáticas de Microsoft
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - ESN
Microsoft Age of Empires II
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Global IME for Chinese (Simplified)
Microsoft Global IME for Chinese (Traditional)
Microsoft Global IME for Chinese (Traditional) ChangJie
Microsoft Global IME for Korean
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (Spanish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office Groove MUI (Spanish) 2007
Microsoft Office InfoPath MUI (Spanish) 2007
Microsoft Office OneNote MUI (Spanish) 2007
Microsoft Office Outlook MUI (Spanish) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Publisher MUI (Spanish) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (Spanish) 12
Microsoft Student con Encarta Premium 2009
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.3)
MSVCRT
MSXML 6.0 Parser
Need for Speed™ Most Wanted
Nero 7.10.1.0
NVIDIA Drivers
Pack Vista Inspirat 2 1.0
Paquete de idioma de Microsoft .NET Framework 2.0 - ESN
Picasa 3
PopCap Deluxe Games
PowerISO
QuickTime
QuickTime Alternative 1.80
Realtek High Definition Audio Driver
Reproductor de Windows Media 11
RunAlyzer
Segoe UI
Shockwave Player
Spybot - Search & Destroy
Steam
Synergy
System Requirements Lab
Tansee iPod Transfer v3.8
VideoLAN VLC media player 0.8.6d
WebFldrs XP
Winamp (remove only)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Asistente para el inicio de sesión
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
ZSMC USB PC Camera (ZS0211)
==== Event Viewer Messages From Past Week ========
11/07/2010 12:39:15 p.m., error: sr [1] - El filtro de Restaurar sistema encontró el error inesperado "0xC0000043" mientras procesaba el archivo "ggb6w.exe" en el volumen "HarddiskVolume2". Se ha detenido la supervisión del volumen.
==== End Of File ===========================