Internet has become extremely slow

**Echovald** · 16-11-2008

Basic facts about my computer:
2x 250 gigabyte hard drive
2.4 gHz
3 Gigabytes of RAM DDR2
Intel(R) Core(TM) 2 CPU

Basic facts about my internet connection:
8mbhps connection speed
50 gigabytes of downloads
Usually when I download from sites, the speed varies from 290-900kilobytes per second.

A few days ago my internet speed decreased suddenly to dial up speeds, after I was disconnected from a game that uses 'GameGuard', for 'Abnormal program activity'.

I called up to TPG and asked them about the problem, they confirmed that from their end, everything was running fine and that there should be no decrease in internet speed. I talked with the intern for lengthy time spans, and she ran tests on my internet connection, noting that there had been no change in the plan at all, however she made a point of the internet being abnormally slow.

As a result of that, I system restored my computer to a date 3 days earlier, then I went and brought 'Ad-Aware 2008', and 'Spyware Doctor 6', the tests had indicated that there were in fact viruses and trojans on my computer, of which I removed instantly. However, I noticed that the speeds still persisted, and it became evident that it was slower than before. I have no idea what is going on, with over 3 Anti Virus and Trojan programs performing scans, none of which detected any abnormal program function.

I performed a hijackthis test:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:30:07 PM, on 11/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\WINDOWS\system32\gearsec.exe
D:\Nexon\Mabinogi\npkcmsvc.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
D:\WINDOWS\RTHDCPL.EXE
D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
D:\WINDOWS\system32\RunDLL32.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
D:\Program Files\WinFast\WFDTV\DTVSchdl.exe
D:\Program Files\WinFast\WFDTV\WFWIZ.exe
D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\PSIService.exe
D:\Program Files\CyberLink\Shared Files\RichVideo.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\Explorer.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
D:\WINDOWS\RTHDCPL.EXE
D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
D:\WINDOWS\system32\RunDLL32.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\Canon\MyPrinter\BJMyPrt.exe
D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
D:\Program Files\WinFast\WFDTV\DTVSchdl.exe
D:\Program Files\WinFast\WFDTV\WFWIZ.exe
D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\system32\drivers\conime.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nTrayFw] D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WinFastDTV] D:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] D:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [NSLauncher] D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [Winlogons] D:\WINDOWS\Winlogons.exe
O4 - HKUS\S-1-5-21-436374069-1993962763-725345543-1006\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-21-436374069-1993962763-725345543-1006\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-436374069-1993962763-725345543-1006\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-436374069-1993962763-725345543-1006\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = D:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1178956648749
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DA422CF-5557-472E-8843-F354191EAB06}: NameServer = 210.15.254.240,0.0.0.0
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: gearsec - GEAR Software - D:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - D:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 14194 bytes

**Neal** · 16-11-2008

Welcome,

Download SDFIX and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

**Echovald** · 17-11-2008

The internet is a lot faster, though what is odd is it is still hovering around 2mbhps instead of around 6-7.6mbhps...

The report:

SDFix: Version 1.240
Run by Administrator on Mon 11/17/2008 at 05:36 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: D:\Documents and Settings\Administrator\Desktop\SDFix\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

D:\autorun.inf - Deleted
D:\DOCUME~1\LONGNG~1\LOCALS~1\Temp\tmpA.tmp - Deleted
D:\DOCUME~1\LONGNG~1\LOCALS~1\Temp\tmpB.tmp - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 17:53:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s ptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:16,cc,5f,52,64,e3,ce,b5,12,15,fa,6c,9c ,a3,82,4f,fb,2c,26,aa,df,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:dd,96,24,25,b4,08,55,bb,21,cf,26,ea,f6 ,02,6a,66,e1,dd,a3,22,d4,..
"p0"="D:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4b,12,bb,24,60,4b,a6,7f,c7,71 ,22,33,8d,ae,1d,ea,5d,..
"khjeh"=hex:a5,b3,4f,a4,f1,7a,bd,45,d3,84,48,0c,ea ,3f,da,7c,cc,22,bd,a3,e1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf40]
"khjeh"=hex:90,2b,b3,58,87,c5,d5,a5,1a,7f,01,bf,3e ,98,cc,f7,0e,4d,cf,db,67,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:16,cc,5f,52,64,e3,ce,b5,12,15,fa,6c,9c ,a3,82,4f,fb,2c,26,aa,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:dd,96,24,25,b4,08,55,bb,21,cf,26,ea,f6 ,02,6a,66,e1,dd,a3,22,d4,..
"p0"="D:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001]
"a0"=hex:20,01,00,00,4b,12,bb,24,60,4b,a6,7f,c7,71 ,22,33,8d,ae,1d,ea,5d,..
"khjeh"=hex:a5,b3,4f,a4,f1,7a,bd,45,d3,84,48,0c,ea ,3f,da,7c,cc,22,bd,a3,e1,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf40]
"khjeh"=hex:90,2b,b3,58,87,c5,d5,a5,1a,7f,01,bf,3e ,98,cc,f7,0e,4d,cf,db,67,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:16,cc,5f,52,64,e3,ce,b5,12,15,fa,6c,9c ,a3,82,4f,fb,2c,26,aa,df,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:dd,96,24,25,b4,08,55,bb,21,cf,26,ea,f6 ,02,6a,66,e1,dd,a3,22,d4,..
"p0"="D:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4b,12,bb,24,60,4b,a6,7f,c7,71 ,22,33,8d,ae,1d,ea,5d,..
"khjeh"=hex:a5,b3,4f,a4,f1,7a,bd,45,d3,84,48,0c,ea ,3f,da,7c,cc,22,bd,a3,e1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf40]
"khjeh"=hex:90,2b,b3,58,87,c5,d5,a5,1a,7f,01,bf,3e ,98,cc,f7,0e,4d,cf,db,67,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\s ptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:16,cc,5f,52,64,e3,ce,b5,12,15,fa,6c,9c ,a3,82,4f,fb,2c,26,aa,df,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:dd,96,24,25,b4,08,55,bb,21,cf,26,ea,f6 ,02,6a,66,e1,dd,a3,22,d4,..
"p0"="D:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4b,12,bb,24,60,4b,a6,7f,c7,71 ,22,33,8d,ae,1d,ea,5d,..
"khjeh"=hex:a5,b3,4f,a4,f1,7a,bd,45,d3,84,48,0c,ea ,3f,da,7c,cc,22,bd,a3,e1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf40]
"khjeh"=hex:90,2b,b3,58,87,c5,d5,a5,1a,7f,01,bf,3e ,98,cc,f7,0e,4d,cf,db,67,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Messenger\\msmsgs.exe"="D:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\Program Files\\Softnyx\\Rakion\\Bin\\rakion.bin"="D:\\Prog ram Files\\Softnyx\\Rakion\\Bin\\rakion.bin:*:Enabled: rakion"
"D:\\Program Files\\Morpheus\\Morpheus.exe"="D:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
"D:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="D:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"D:\\Program Files\\BitTorrent\\bittorrent.exe"="D:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTor rent"
"D:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"="D:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Nexon\\MapleStory\\MapleStory.exe"="D:\\Nexon \\MapleStory\\MapleStory.exe:*:Enabled:MapleStory"
"D:\\Nexon\\MapleStory\\Patcher.exe"="D:\\Nexon\\M apleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"D:\\Nexon\\MapleStory\\NewPatcher.exe"="D:\\Nexon \\MapleStory\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"D:\\Program Files\\Microsoft Games\\MechWarrior Vengeance\\mw4x\\MW4x.exe"="D:\\Program Files\\Microsoft Games\\MechWarrior Vengeance\\mw4x\\MW4x.exe:*:Enabled:MechWarrior IV"
"D:\\Program Files\\Microsoft Games\\MechWarrior Vengeance\\MW4.ICD"="D:\\Program Files\\Microsoft Games\\MechWarrior Vengeance\\MW4.ICD:*:Enabled:MechWarrior IV"
"D:\\WINDOWS\\system32\\dplaysvr.exe"="D:\\WINDOWS \\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"D:\\Nexon\\KartRider\\NMService.exe"="D:\\Nexon\\ KartRider\\NMService.exe:*:Enabled:Nexon Messenger Core"
"D:\\Program Files\\Softnyx\\WolfTeam\\Wolfteam.bin"="D:\\Progr am Files\\Softnyx\\WolfTeam\\Wolfteam.bin:*:Enabled:W olfTeam"
"D:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"="D:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0"
"D:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="D:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avgine t"
"D:\\Nexon\\KartRider\\KartRider.exe"="D:\\Nexon\\ KartRider\\KartRider.exe:*:Enabled:KartRider"
"D:\\Program Files\\uTorrent\\uTorrent.exe"="D:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\Internet Explorer\\iexplore.exe"="D:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"D:\\Program Files\\Softnyx\\Rakion\\NyxLauncher.exe"="D:\\Prog ram Files\\Softnyx\\Rakion\\NyxLauncher.exe:*:Enabled: NyxLauncher"
"D:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="D:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgam svr.exe"
"D:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="D:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.ex e"
"D:\\Program Files\\DNA\\btdna.exe"="D:\\Program Files\\DNA\\btdna.exe:*:Enabled

NA"
"D:\\Program Files\\TianCity\\PopKart\\M01\\Patcher.exe"="D:\\P rogram Files\\TianCity\\PopKart\\M01\\Patcher.exe:*:Enabl ed:Nexon Patcher"
"D:\\Program Files\\TianCity\\PopKart\\M01\\NMService.exe"="D:\ \Program Files\\TianCity\\PopKart\\M01\\NMService.exe:*:Ena bled:Nexon Messenger Core"
"D:\\Program Files\\AVG\\AVG8\\avgupd.exe"="D:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"="D:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - D:\DOCUME~1\LONGNG~1\Desktop\SDFix\SDFix\backups\b ackups.zip

Files with Hidden Attributes :

Fri 14 Sep 2007 168 ..SHR --- "D:\WINDOWS\system32\B7F1E37339.sys"
Sun 6 Jan 2008 6,580 A.SH. --- "D:\WINDOWS\system32\KGyGaAvL.sys"
Sun 13 May 2007 4,348 A.SH. --- "D:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 13 May 2007 401 ..SH. --- "D:\Documents and Settings\All Users\DRM\DRMv11.bak"
Sun 20 May 2007 401 ..SH. --- "D:\Documents and Settings\All Users\DRM\DRMv16.bak"
Thu 15 Feb 2007 308,832 A..H. --- "D:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe"
Mon 19 Dec 2005 61,440 A..H. --- "D:\Program Files\Canon\MP Navigator EX 1.0\uinstrsc.dll"
Sat 1 Mar 2008 0 A.SH. --- "D:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 23 Oct 2007 3,350,528 A..H. --- "D:\Documents and Settings\Administrator\Application Data\U3\temp\Launchpad Removal.exe"
Sun 13 May 2007 4,348 ...H. --- "D:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv1key.bak"
Thu 18 Oct 2007 782 A..H. --- "D:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv1lic.bak"
Fri 18 May 2007 9,855 A.SH. --- "D:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv2key.bak"
Sun 13 May 2007 4,348 A..H. --- "D:\Documents and Settings\Administrator\My Documents\My Pictures\My Music\License Backup\drmv1key.bak"
Fri 1 Jun 2007 782 A..H. --- "D:\Documents and Settings\Administrator\My Documents\My Pictures\My Music\License Backup\drmv1lic.bak"
Fri 18 May 2007 9,855 A.SH. --- "D:\Documents and Settings\Administrator\My Documents\My Pictures\My Music\License Backup\drmv2key.bak"

Finished!
================================================== =

HiJackLog:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:10:09 PM, on 11/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\WINDOWS\system32\gearsec.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\PSIService.exe
D:\Program Files\CyberLink\Shared Files\RichVideo.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
D:\WINDOWS\RTHDCPL.EXE
D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
D:\WINDOWS\system32\RunDLL32.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\Canon\MyPrinter\BJMyPrt.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
D:\Program Files\WinFast\WFDTV\DTVSchdl.exe
D:\Program Files\WinFast\WFDTV\WFWIZ.exe
D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2AAYDBRP\HiJackThis[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nTrayFw] D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WinFastDTV] D:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] D:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [NSLauncher] D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = D:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1178956648749
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DA422CF-5557-472E-8843-F354191EAB06}: NameServer = 210.15.254.240,0.0.0.0
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: gearsec - GEAR Software - D:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 12407 bytes
================================================== =

**Echovald** · 17-11-2008

UPDATE (sorry for the double post, the internet was lagging)
Despite both scans removing the trojans as well as the other anti virus programs deleting the remainder of the trojans after a rescan, the speed is still hovering around 300kbhps, instead of 7.5mbhps.

I also ran some tests on my modem, and the modem/bytes seem to be receiving some very large amounts, as though I am constantly downloading something. DO you think something is intentionally clogging up the internet gateway?
TPG said everything was fine on their end.

**Neal** · 19-11-2008

To clean your temp folder, recycle bin, etc..please download this free tool:

CCleaner

Don't install any Toolbars, or other programs, should it ask you!Just uncheck the option of installing the Yahoo toolbar.
It will put a shortcut on your Desktop.

Uncheck cookies

Before first use:
Select Options then Advanced.
UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

Click on CCleaner to start it. Then click "Run Cleaner", just use the windows tab up front by default.

Then Reboot (Exit)

* Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and zLaunch Malwarebytes Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Internet has become extremely slow

Internet has become extremely slow

Similar Threads

Internet on laptop fine. Extremely slow on ps3. Anyone know why?

Help! My internet has become extremely slow and other problems....

Help! My internet has become extremely slow and other problems...

Please help with extremely slow computer...