Hello

I noticed that my internet connection was slow today.

My connection gives me 970 KB/s but today i was only getting 150 KB/s.

I called my ISP, they told me to run a few commands including "netstat -n" and they said that my computer was infected with malware

Here are the details of my DDS contents:

============
DDS Content:
=============



DDS (Ver_10-03-17.01) - NTFSx86
Run by IbnSaeed at 17:55:55.84 on Fri 08/27/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1790 [GMT 4:00]

AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\Program Files\Online Armor\OAcat.exe
D:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ASTSRV.EXE
D:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\system32\dgdersvc.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\FsUsbExService.Exe
D:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe
D:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
D:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
D:\Program Files\Sandboxie\SbieSvc.exe
d:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
D:\Program Files\Online Armor\oaui.exe
D:\Program Files\Logitech\SetPointP\SetPoint.exe
D:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Online Armor\OAhlp.exe
D:\Program Files\GreedyTorrent\GTor.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
D:\Program Files\Logitech\SetPointG\SetPointII.exe
D:\PROGRAM FILES\ATHAN\ATHAN.EXE
D:\Program Files\Malwarebytes Anti-Malware\mbamgui.exe
C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Program Files\The Bat!\thebat.exe
D:\Program Files\Steam\Steam.exe
C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Program Files\FreeCommander\FreeCommander.exe
D:\Program Files\Prevx\prevx.exe
D:\Program Files\Prevx\prevx.exe
C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
G:\Downloads\dds.com
C:\WINDOWS\system32\SearchProtocolHost.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page =
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = proxy1.emirates.net.ae:8080
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - d:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - d:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - d:\progra~1\flashf~1\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: NuSphere ToolBar: {0f62d223-9206-4ea3-9ea8-d0f3c7c82aca} - d:\program files\nusphere\phped\NuSphereIEBar.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - d:\program files\orbitdownloader\GrabPro.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Taskbar Shuffle] d:\program files\taskbar shuffle\taskbarshuffle.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [KiesTrayAgent]
uRun: [GreedyTorrent] "d:\program files\greedytorrent\GTor.exe" -tray
mRun: [WinPatrol] d:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [@OnlineArmor GUI] "d:\program files\online armor\oaui.exe"
mRun: [EvtMgr6] d:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [TortoiseHgOverlayIconServer] d:\program files\tortoisehg\TortoiseHgOverlayServer.exe
mRun: [egui] "d:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bitmet~1.lnk - d:\program files\codebox\bitmeter\BitMeter2.exe
IE: &Download by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/204
IE: + Offline &Explorer: Download the link - file://d:\program files\offline explorer enterprise\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://d:\program files\offline explorer enterprise\Add_AllO.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: NuSphere PhpED :: Debug this page - d:\program files\nusphere\phped\NuSphereIEBar.dll/1000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - d:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - d:\program files\winhttrack\WinHTTrackIEBar.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {38D6D77C-5EC1-4A4A-AFEB-85FE780CD61A} - hxxp://qurancomplex.com/downloads/FontDown.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231520143203
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231521198390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} - hxxp://qurancomplex.com/Downloads/FontSmooth.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: {08F63DA3-AC21-412E-93F1-81712533C6C3} = 213.42.20.20,195.229.241.222
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - d:\program files\intuit\quickbooks enterprise solutions 9.0\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - d:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - c:\program files\common files\intuit\intu-res.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - c:\windows\system32\wowctl2.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - d:\progra~1\online~1\oaevent.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - d:\program files\windows desktop search\MSNLNamespaceMgr.dll
IFEO: taskmgr.exe - "d:\process explorer\PROCEXP.EXE"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ibnsaeed\applic~1\mozilla\firefox\profiles\q78nfaba.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\ibnsaeed\application data\mozilla\firefox\profiles\q78nfaba.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\ibnsaeed\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: d:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - plugin: d:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\mozilla firefox3\plugins\npww.dll
FF - plugin: d:\program files\opera 10 preview\program\plugins\nppl3260.dll
FF - plugin: d:\program files\opera 10 preview\program\plugins\npqtplugin.dll
FF - plugin: d:\program files\opera 10 preview\program\plugins\npqtplugin2.dll
FF - plugin: d:\program files\opera 10 preview\program\plugins\npqtplugin3.dll
FF - plugin: d:\program files\opera 10 preview\program\plugins\npqtplugin4.dll
FF - plugin: d:\program files\opera 10 preview\program\plugins\npqtplugin5.dll
FF - plugin: d:\program files\opera 10 preview\program\plugins\npqtplugin6.dll
FF - plugin: d:\program files\opera 10 preview\program\plugins\npqtplugin7.dll
FF - plugin: d:\program files\opera 10 preview\program\plugins\nprjplug.dll
FF - plugin: d:\program files\opera 10 preview\program\plugins\nprpjplug.dll
FF - plugin: d:\program files\opera 10 preview\program\plugins\NPSWF32.dll
FF - plugin: d:\program files\qt lite\plugins\npqtplugin.dll
FF - plugin: d:\program files\qt lite\plugins\npqtplugin2.dll
FF - plugin: d:\program files\qt lite\plugins\npqtplugin3.dll
FF - plugin: d:\program files\qt lite\plugins\npqtplugin4.dll
FF - plugin: d:\program files\qt lite\plugins\npqtplugin5.dll
FF - plugin: d:\program files\qt lite\plugins\npqtplugin6.dll
FF - plugin: d:\program files\qt lite\plugins\npqtplugin7.dll
FF - plugin: d:\program files\real\netscape6\nppl3260.dll
FF - plugin: d:\program files\real\netscape6\nprjplug.dll
FF - plugin: d:\program files\real\netscape6\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox3\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
d:\program files\mozilla firefox3\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\mozilla firefox3\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\mozilla firefox3\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\mozilla firefox3\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\mozilla firefox3\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\mozilla firefox3\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\mozilla firefox3\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\program files\mozilla firefox3\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\program files\mozilla firefox3\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\program files\mozilla firefox3\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\program files\mozilla firefox3\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\mozilla firefox3\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\program files\mozilla firefox3\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\program files\mozilla firefox3\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\program files\mozilla firefox3\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\mozilla firefox3\greprefs\all.js - pref("network.proxy.type", 5);
d:\program files\mozilla firefox3\greprefs\all.js - pref("network.buffer.cache.count", 24);
d:\program files\mozilla firefox3\greprefs\all.js - pref("network.buffer.cache.size", 4096);
d:\program files\mozilla firefox3\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\program files\mozilla firefox3\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\mozilla firefox3\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\mozilla firefox3\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\mozilla firefox3\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\mozilla firefox3\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\mozilla firefox3\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\mozilla firefox3\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\mozilla firefox3\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\mozilla firefox3\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\mozilla firefox3\greprefs\all.js - pref("accelerometer.enabled", true);
d:\program files\mozilla firefox3\greprefs\all.js - pref("html5.enable", false);
d:\program files\mozilla firefox3\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\mozilla firefox3\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\mozilla firefox3\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\mozilla firefox3\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\mozilla firefox3\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\program files\mozilla firefox3\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\mozilla firefox3\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\mozilla firefox3\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-8-27 30320]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-3-24 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-3-24 95896]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-6-9 236104]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-6-9 22600]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-6-9 28232]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2002-8-29 14336]
R2 CSIScanner;CSIScanner;d:\program files\prevx\prevx.exe [2010-8-27 6394368]
R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2009-12-22 95568]
R2 ekrn;ESET Service;d:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-8-12 810144]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-6-17 217088]
R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;d:\progra~1\gfi\gfibac~1\GFIHInst.exe [2009-12-11 858480]
R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;d:\progra~1\gfi\gfibac~1\GFIHSC~1.EXE [2009-12-11 2324848]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-16 10448]
R2 MBAMService;MBAMService;d:\program files\malwarebytes anti-malware\mbamservice.exe [2009-10-23 304464]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;d:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2010-6-24 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]
R2 OAcat;Online Armor Helper Service;d:\program files\online armor\oacat.exe [2010-6-9 1283400]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-8-27 69736]
R2 StarWindServiceAE;StarWind AE Service;d:\program files\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2009-12-24 370688]
R2 SvcOnlineArmor;Online Armor;d:\program files\online armor\oasrv.exe [2010-6-9 3364680]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2009-12-22 18136]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-6-17 36640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-10-23 20952]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-8-27 24400]
R3 SbieDrv;SbieDrv;d:\program files\sandboxie\SbieDrv.sys [2010-8-9 123112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c98cc95639674c;Google Update Service (gupdate1c98cc95639674c);d:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\common files\bcl technologies\easypdf 5\bepldr.exe [2007-2-21 151552]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S3 GEST Service;GEST Service for program management.;c:\program files\gigabyte\gest\GSvr.exe [2009-1-9 47624]
S3 PciCon;PciCon;\??\f:\pcicon.sys --> f:\PciCon.sys [?]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2009-10-20 38976]
S3 PSSDKLBF;PSSDKLBF;c:\windows\system32\drivers\pssdklbf.sys [2009-10-20 53312]
S3 QuickBooksDB19;QuickBooksDB19;d:\progra~1\intuit\quickb~1.0\qbdbmgrn.exe -hvquickbooksdb19 --> d:\progra~1\intuit\quickb~1.0\QBDBMgrN.exe -hvQuickBooksDB19 [?]
S3 QuickBooksDB20;QuickBooksDB20;d:\progra~1\intuit\quickb~2\qbdbmgrn.exe -hvquickbooksdb20 --> d:\progra~1\intuit\quickb~2\QBDBMgrN.exe -hvQuickBooksDB20 [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-6-17 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-6-17 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-6-17 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [2010-6-17 100224]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-8-29 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]

============== File Associations ===============

.scr=AutoCADScriptFile
.txt=

=============== Created Last 30 ================

2010-08-27 13:50:36 68120 ----a-w- c:\windows\system32\PxSecure.dll
2010-08-27 13:50:35 69736 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-08-27 13:50:35 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-08-27 13:50:34 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-08-27 13:50:33 0 d-----w- d:\program files\Prevx
2010-08-27 13:50:19 0 d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
2010-08-27 13:50:08 51 ----a-w- c:\windows\wininit.ini
2010-08-27 10:10:20 0 d-----w- d:\program files\Orbitdownloader
2010-08-27 10:01:00 9046 ----a-w- c:\windows\system32\nvinfo.pb
2010-08-25 02:57:23 0 d-----w- d:\program files\TortoiseHg
2010-08-25 02:51:31 163696 ----a-w- c:\windows\GFIBckHUnwise.EXE
2010-08-18 11:58:23 0 d-----w- d:\program files\NetBeans 6.9.1
2010-08-18 11:00:26 0 d-----w- d:\program files\ActiveState Komodo Edit 6
2010-08-16 01:32:39 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-08-16 01:32:27 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-08-16 01:31:47 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-08-15 20:58:12 0 d-----w- c:\docume~1\ibnsaeed\applic~1\Logishrd
2010-08-12 18:29:48 2772992 ----a-w- c:\windows\system32\GPhotos.scr
2010-08-09 13:03:28 545 ----a-w- c:\windows\UC.PIF
2010-08-09 13:03:28 545 ----a-w- c:\windows\RAR.PIF
2010-08-09 13:03:28 545 ----a-w- c:\windows\PKZIP.PIF
2010-08-09 13:03:28 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-08-09 13:03:28 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-08-09 13:03:28 545 ----a-w- c:\windows\LHA.PIF
2010-08-09 13:03:28 545 ----a-w- c:\windows\ARJ.PIF
2010-08-09 13:03:28 0 d-----w- d:\program files\Total Commander
2010-08-09 13:03:28 0 d-----w- c:\docume~1\ibnsaeed\applic~1\GHISLER
2010-08-07 00:27:04 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-07 00:26:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-08-07 00:26:09 0 d-----w- d:\program files\Hitman Pro 3.5
2010-07-31 11:22:39 0 d-----w- d:\program files\Disney Interactive Studios
2010-07-31 11:19:57 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-07-31 10:25:10 0 d-----w- c:\docume~1\ibnsaeed\applic~1\bizarre creations
2010-07-31 08:27:17 0 d-----w- d:\program files\Activision
2010-07-30 21:17:21 0 d-----w- c:\documents and settings\ibnsaeed\humyo.store
2010-07-30 02:13:13 0 d-----w- c:\docume~1\alluse~1\applic~1\boost_interprocess
2010-07-30 02:06:16 0 d-----w- c:\documents and settings\ibnsaeed\.thinupload
2010-07-29 20:03:13 0 d-----w- d:\program files\Steam
2010-07-29 09:20:42 0 d-----w- d:\program files\Paltalk Messenger
2010-07-29 09:20:42 0 d-----w- c:\windows\PaltalkScene

==================== Find3M ====================

2010-08-27 10:16:19 98304 ----a-w- c:\windows\DUMP45c3.tmp
2010-08-22 13:48:03 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdw.DAT
2010-08-22 13:47:42 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2010-08-04 07:50:36 140752 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-08-03 09:28:36 95896 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-08-02 14:23:20 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-02 14:05:25 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-31 11:20:19 138056 ----a-w- c:\docume~1\ibnsaeed\applic~1\PnkBstrK.sys
2010-07-31 11:19:58 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-07-31 07:57:52 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-29 09:31:26 115008 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-07-27 01:20:04 5642 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-07-27 01:20:02 8 --sh--r- c:\docume~1\alluse~1\applic~1\B0F9275DD3.sys
2010-07-26 18:04:41 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-07-15 09:27:09 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-07-15 09:27:09 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-07-12 14:31:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-12 14:31:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-10 21:39:41 216576 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-07-10 16:46:19 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-07 08:25:58 22600 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-07-07 08:25:42 28232 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-07-07 08:25:38 236104 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-07-02 21:17:38 98304 ----a-w- c:\windows\DUMP3f89.tmp
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-25 01:47:56 15600 ----a-w- c:\windows\gdrv.sys
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 07:06:54 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-06-24 07:06:52 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-22 20:45:04 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-02 00:55:30 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 00:55:30 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 00:55:30 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-03 07:10:06 2439 ----a-w- d:\program files\INSTALL.LOG
2010-04-23 19:33:19 2851 ----a-w- d:\program files\cdroms.cfg
2010-04-23 19:32:04 102400 ----a-w- d:\program files\HXAudioDeviceHook.dll
2010-04-23 19:32:00 50 ----a-w- d:\program files\strs23.dat
2010-04-23 19:32:00 13 ----a-w- d:\program files\strs26.dat
2010-04-23 19:32:00 1030 ----a-w- d:\program files\autoplaylist.dat

============= FINISH: 17:59:02.23 ===============


Attach file is attached.

hi,

Your log is a few days old. If you still need help simply post back.

hi,

Your log is a few days old. If you still need help simply post back.

Yes, i still need help.

hi,


ISP, they told me to run a few...."netstat -n" and they said that my computer was infected with malware

[sarcasm on]
diagnosis by phone, they couldnt fix it by phone?
[/sarcasm off]


greedytorrent
a competent tracker will know you are using this

We will get a download to start with:

Please download Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

hi,



[sarcasm on]
diagnosis by phone, they couldnt fix it by phone?
[/sarcasm off]


a competent tracker will know you are using this

We will get a download to start with:

Please download Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

I already have Anti malware bytes and its Paid full version. I did run a full scan, i will run it again and post the details.

Ok I missed it in the log. Update, scan and lets see if Malwarebytes can dig up anything,
Is that proxy your using required by your ISP? Bouncing through a proxy can slow you down.

Ok I missed it in the log. Update, scan and lets see if Malwarebytes can dig up anything,
Is that proxy your using required by your ISP? Bouncing through a proxy can slow you down.

Yes, proxy is required by ISP.

I just ran Malwarebytes, it crashed in between, i had to restart the computer.

But i have ran Emsisoft anti-malware (Full Version Legit), cleaned some trojans.

Then i ran Super AntiSpyware (Paid Full Version Legit), it did catch alot of tracking cookies only.

Then i ran Hitman Pro (Trial Version), and it caught one Malware " harfdeletefont.exe" , it is sitting in my C:/windows.

Then i ran NOD32 Antivirus (Paid Full Version), and it caught nothing.

Then i ran Spybot, it caught nothing besides a couple of harmless tracking cookies.


So you can see, i have been busy.

hi,

Looks like you also have Prevx. I dont see any malware in the log. If all those other apps are coming up clean then I would say your computer is clean. You ran 6 apps. Your ISP will always assume the problem is you, not them.
Have things improved any?

hi,

Looks like you also have Prevx. I dont see any malware in the log. If all those other apps are coming up clean then I would say your computer is clean. You ran 6 apps. Your ISP will always assume the problem is you, not them.
Have things improved any?

I only ran a trial version of Prevx, but it did catch HarfDeleteFont as malware, but it did not allowed removal of it as it required full version. So i uninstalled it.

Here is the log from MW

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4532

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/3/2010 1:03:31 PM
mbam-log-2010-09-03 (13-03-31).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|)
Objects scanned: 938226
Time elapsed: 3 hour(s), 27 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
G:\System Volume Information\_restore{06C32333-02C6-4A4B-8954-D319F6BB0476}\RP1297\A0281155.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

hi,

Looks like you also have Prevx. I dont see any malware in the log. If all those other apps are coming up clean then I would say your computer is clean. You ran 6 apps. Your ISP will always assume the problem is you, not them.
Have things improved any?

My ISP said to run netstat -n, and asked me how many entries did i get.

I got a lot, and then the operator said that you should have less than 6 entries, so it means your computer has a malware and i should contact my computer technician.

Now, i tested my speed at www.speedtest.net, my connection is 8 Mbps, but now its showing the max at 4 Mbps.

So i think there is still an issue, moreover, Emsisoft Antimalware has blocked a lot of outgoing sites.

Here is the scan report of Emsisoft Anti Malware:

Emsisoft Anti-Malware - Version 5.0
IDS log

Date PID Source Event Behavior/Infection
9/3/2010 1:07:34 PM 4896 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule www.fileburst.com
9/3/2010 5:25:22 AM 2148 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule www.jdoqocy.com
9/3/2010 5:18:11 AM 2148 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule www.torrentdownloads.net
9/3/2010 5:18:11 AM 2148 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule www.freedownloadmanager.org
9/3/2010 5:17:22 AM 2696 C:\DOCUMENTS AND SETTINGS\IBNSAEED\APPLICATION DATA\CBS INTERACTIVE\CNET TECHTRACKER\TECHTRACKER.EXE Terminated by User Behavior.TrojanDownloader
9/3/2010 5:16:15 AM 2696 C:\DOCUMENTS AND SETTINGS\IBNSAEED\APPLICATION DATA\CBS INTERACTIVE\CNET TECHTRACKER\TECHTRACKER.EXE Allowed by User Behavior.Spyware
9/3/2010 5:16:12 AM 2696 C:\DOCUMENTS AND SETTINGS\IBNSAEED\APPLICATION DATA\CBS INTERACTIVE\CNET TECHTRACKER\TECHTRACKER.EXE Allowed by User Behavior.BrowsersettingsChange
9/3/2010 5:14:55 AM 2800 D:\PROGRAM FILES\CODEBOX\BITMETER\BITMETER2.EXE Allowed by Rule Behavior.Spyware
9/3/2010 5:14:52 AM 2800 D:\PROGRAM FILES\CODEBOX\BITMETER\BITMETER2.EXE Allowed by Rule Behavior.TrojanDownloader
9/2/2010 10:16:05 PM 5268 D:\Program Files\Safari\Safari.exe Blocked by Rule www.tkqlhce.com
9/2/2010 10:14:55 PM 5268 D:\Program Files\Safari\Safari.exe Blocked by Rule rmd.atdmt.com
9/2/2010 10:13:09 PM 4700 D:\PROGRAM FILES\WOOPRA\WOOPRA.EXE Allowed by Rule Behavior.Spyware
9/2/2010 10:13:07 PM 4700 D:\PROGRAM FILES\WOOPRA\WOOPRA.EXE Allowed by Rule Behavior.TrojanDownloader
9/2/2010 5:47:38 PM 980 D:\PROGRAM FILES\CODEBOX\BITMETER\BITMETER2.EXE Allowed by Rule Behavior.Spyware
9/2/2010 5:47:37 PM 980 D:\PROGRAM FILES\CODEBOX\BITMETER\BITMETER2.EXE Allowed by Rule Behavior.TrojanDownloader
9/2/2010 3:09:57 PM 3816 D:\Program Files\Mozilla Firefox3\firefox.exe Blocked by Rule extratorrent.com
9/2/2010 3:08:31 PM 2180 D:\PROGRAM FILES\CODEBOX\BITMETER\BITMETER2.EXE Allowed by Rule Behavior.Spyware
9/2/2010 3:08:31 PM 2180 D:\PROGRAM FILES\CODEBOX\BITMETER\BITMETER2.EXE Allowed by Rule Behavior.TrojanDownloader
9/2/2010 2:00:53 PM 4108 D:\PROGRAM FILES\PIXELNOVEL\TIMELINE\UPDATER\TIMELINEUPDATER.EXE Blocked by Rule Behavior.Spyware
9/2/2010 2:00:52 PM 4108 D:\PROGRAM FILES\PIXELNOVEL\TIMELINE\UPDATER\TIMELINEUPDATER.EXE Allowed by Rule Behavior.TrojanDownloader
9/2/2010 1:16:05 PM 1228 D:\PROGRAM FILES\GREEDYTORRENT\GTOR.EXE Allowed by Rule Behavior.Spyware
9/2/2010 1:16:05 PM 1228 D:\PROGRAM FILES\GREEDYTORRENT\GTOR.EXE Allowed by Rule Behavior.TrojanDownloader
9/2/2010 1:14:18 PM 2936 D:\Program Files\Woopra\Woopra.exe Blocked by Rule mysearch.com
9/2/2010 1:12:04 PM 4456 D:\Program Files\Opera 10 Preview\opera.exe Blocked by Rule www.imeem.com
9/2/2010 1:05:52 PM 5672 D:\Program Files\Mozilla Firefox3\firefox.exe Blocked by Rule www.mooladays.com
9/2/2010 1:05:37 PM 5672 D:\Program Files\Mozilla Firefox3\firefox.exe Blocked by Rule clickboothlnk.com
9/2/2010 12:29:13 PM 4456 D:\Program Files\Opera 10 Preview\opera.exe Blocked by Rule rmd.atdmt.com
9/2/2010 5:40:17 AM 4456 D:\Program Files\Opera 10 Preview\opera.exe Blocked by Rule ping.chartbeat.net
9/2/2010 5:40:17 AM 4456 D:\Program Files\Opera 10 Preview\opera.exe Blocked by Rule static.chartbeat.com
9/2/2010 5:40:13 AM 4456 D:\Program Files\Opera 10 Preview\opera.exe Blocked by Rule secure-us.imrworldwide.com
9/2/2010 5:40:10 AM 4456 D:\Program Files\Opera 10 Preview\opera.exe Blocked by Rule altfarm.mediaplex.com
9/2/2010 5:26:22 AM 3380 D:\PROGRAM FILES\PIXELNOVEL\TIMELINE\UPDATER\TIMELINEUPDATER.EXE Blocked by Rule Behavior.Spyware
9/2/2010 5:26:21 AM 3380 D:\PROGRAM FILES\PIXELNOVEL\TIMELINE\UPDATER\TIMELINEUPDATER.EXE Allowed by Rule Behavior.TrojanDownloader
9/2/2010 5:19:25 AM 5672 D:\Program Files\Mozilla Firefox3\firefox.exe Blocked by Rule extratorrent.com
9/2/2010 5:18:05 AM 2936 D:\PROGRAM FILES\WOOPRA\WOOPRA.EXE Allowed by User Behavior.Spyware
9/2/2010 5:16:13 AM 4892 G:\DOWNLOADS\WOOPRA_WINDOWS_1_4.EXE Allowed by User Behavior.CodeInjector
9/2/2010 12:22:28 AM 5512 D:\Program Files\Opera 10 Preview\opera.exe Blocked by Rule f.chtah.com
9/1/2010 7:29:08 PM 5744 D:\Program Files\Opera 10 Preview\opera.exe Blocked by Rule static.chartbeat.com
9/1/2010 7:29:04 PM 5744 D:\Program Files\Opera 10 Preview\opera.exe Blocked by Rule rmd.atdmt.com
9/1/2010 7:28:59 PM 5744 D:\Program Files\Opera 10 Preview\opera.exe Blocked by Rule altfarm.mediaplex.com
9/1/2010 6:04:23 PM 5672 D:\Program Files\Mozilla Firefox3\firefox.exe Blocked by Rule www.antispyware.com
9/1/2010 6:04:19 PM 5672 D:\Program Files\Mozilla Firefox3\firefox.exe Blocked by Rule secure-us.imrworldwide.com
9/1/2010 6:03:44 PM 5672 D:\Program Files\Mozilla Firefox3\firefox.exe Blocked by Rule www.kvaz.com
9/1/2010 3:53:31 PM 5672 D:\Program Files\Mozilla Firefox3\firefox.exe Blocked by Rule extratorrent.com
9/1/2010 3:46:04 PM 2416 D:\PROGRAM FILES\CODEBOX\BITMETER\BITMETER2.EXE Allowed by User Behavior.TrojanDownloader
9/1/2010 2:10:05 PM 1448 D:\PROGRAM FILES\PIXELNOVEL\TIMELINE\UPDATER\TIMELINEUPDATER.EXE Blocked by User Behavior.Spyware
9/1/2010 2:09:06 PM 1448 D:\PROGRAM FILES\PIXELNOVEL\TIMELINE\UPDATER\TIMELINEUPDATER.EXE Allowed by User Behavior.TrojanDownloader
9/1/2010 1:41:17 PM 4812 D:\PROGRAM FILES\XTREMETUNER\XTREMETUNER.EXE Allowed by User Behavior.ServiceInstallation
9/1/2010 1:39:37 PM 1672 D:\PROGRAM FILES\KEEPASS PASSWORD SAFE 2\KEEPASS.EXE Allowed by Rule Behavior.RemoteControl
9/1/2010 1:23:22 PM 5620 D:\Program Files\Mozilla Firefox3\firefox.exe Blocked by Rule extratorrent.com
9/1/2010 5:21:11 AM 4892 D:\Program Files\Mozilla Firefox3\firefox.exe Blocked by Rule www.jurgita.com
9/1/2010 12:06:13 AM 4892 D:\Program Files\Mozilla Firefox3\firefox.exe Blocked by Rule static.chartbeat.com
8/31/2010 5:05:17 PM 2140 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule www.freefind.com
8/31/2010 5:28:45 AM 4328 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule c.moreover.com
8/30/2010 10:33:36 PM 5544 D:\Program Files\Mozilla Firefox 4.0 Beta 4\firefox.exe Blocked by Rule extratorrent.com
8/30/2010 7:34:00 PM 4040 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule www.imrworldwide.com
8/30/2010 7:33:46 PM 4040 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule secure-jp.imrworldwide.com
8/30/2010 7:33:46 PM 4040 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule imrworldwide.com
8/30/2010 7:32:25 PM 4040 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule kvaz.com
8/30/2010 7:29:15 PM 4040 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule www.kvaz.com
8/30/2010 7:29:14 PM 4040 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule softarchive.net
8/30/2010 6:13:07 PM 2380 D:\Program Files\Opera 10 Preview\opera.exe Blocked by Rule secure-us.imrworldwide.com
8/30/2010 6:13:07 PM 2380 D:\Program Files\Opera 10 Preview\opera.exe Blocked by Rule rmd.atdmt.com
8/30/2010 5:58:02 PM 2380 D:\Program Files\Opera 10 Preview\opera.exe Blocked by Rule static.chartbeat.com
8/30/2010 5:38:54 PM 2380 D:\Program Files\Opera 10 Preview\opera.exe Blocked by Rule f.chtah.com
8/30/2010 5:16:34 PM 5888 D:\PROGRAM FILES\KEEPASS PASSWORD SAFE 2\KEEPASS.EXE Allowed by Rule Behavior.RemoteControl
8/30/2010 5:07:54 PM 4132 D:\Program Files\Opera 10 Preview\opera.exe Blocked by Rule static.chartbeat.com
8/30/2010 5:07:48 PM 4132 D:\Program Files\Opera 10 Preview\opera.exe Blocked by Rule secure-us.imrworldwide.com
8/30/2010 5:07:48 PM 4132 D:\Program Files\Opera 10 Preview\opera.exe Blocked by Rule rmd.atdmt.com
8/30/2010 5:07:43 PM 4132 D:\Program Files\Opera 10 Preview\opera.exe Blocked by Rule altfarm.mediaplex.com
8/30/2010 3:15:46 PM 0 D:\SYSTEM VOLUME INFORMATION\_RESTORE{06C32333-02C6-4A4B-8954-D319F6BB0476}\RP1309\A0286769.EXE Quarantined by User Riskware.PSWTool.Win32.PdfCracker!IK
8/30/2010 3:15:45 PM 0 D:\SYSTEM VOLUME INFORMATION\_RESTORE{06C32333-02C6-4A4B-8954-D319F6BB0476}\RP1309\A0286762.EXE Quarantined by User Riskware.PSWTool.Win32.PdfCracker!IK
8/30/2010 6:06:58 AM 5620 D:\Program Files\Mozilla Firefox3\firefox.exe Blocked by Rule www.jurgita.com
8/30/2010 5:41:18 AM 568 D:\PROGRAM FILES\KEEPASS PASSWORD SAFE 2\KEEPASS.EXE Allowed by Rule Behavior.RemoteControl
8/30/2010 5:08:45 AM 5520 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule wdownload.weatherbug.com
8/30/2010 5:08:41 AM 5520 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule upromise.com
8/30/2010 5:08:31 AM 5520 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule www.scanforfree.com
8/30/2010 4:12:22 AM 5520 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule remove-malware.net
8/30/2010 3:35:55 AM 5620 D:\Program Files\Mozilla Firefox3\firefox.exe Blocked by Rule extratorrent.com
8/30/2010 3:17:10 AM 5620 D:\Program Files\Mozilla Firefox3\firefox.exe Blocked by Rule static.chartbeat.com
8/30/2010 3:04:15 AM 5620 D:\Program Files\Mozilla Firefox3\firefox.exe Blocked by Rule ping.chartbeat.net
8/29/2010 5:30:49 PM 4344 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule send.onenetworkdirect.net
8/29/2010 4:43:22 PM 1484 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule imrworldwide.com
8/29/2010 4:33:26 PM 1484 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule load.exelator.com
8/29/2010 4:33:16 PM 1484 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule by.optimost.com
8/29/2010 3:35:48 PM 2720 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule www.liveinternet.ru
8/29/2010 3:17:24 PM 4140 D:\Program Files\Mozilla Firefox 4.0 Beta 4\firefox.exe Blocked by Rule www.sofotex.com
8/29/2010 2:03:02 PM 2720 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule www.autotrader.com
8/29/2010 1:56:34 PM 2720 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule www.entrepreneur.com
8/29/2010 1:45:25 PM 2720 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule removal-tool.blogspot.com
8/29/2010 1:45:25 PM 2720 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule perso0.free.fr
8/29/2010 1:26:55 PM 2720 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule secure-us.imrworldwide.com
8/29/2010 1:26:46 PM 2720 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule www.keywordspy.com
8/29/2010 1:26:46 PM 2720 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule 100hot.com
8/29/2010 1:16:19 PM 2720 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule www.tkqlhce.com
8/29/2010 1:16:18 PM 2720 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule www.kqzyfj.com
8/29/2010 1:16:18 PM 2720 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule www.jdoqocy.com
8/29/2010 1:16:17 PM 2720 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule www.awltovhc.com
8/29/2010 1:16:17 PM 2720 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule www.ftjcfx.com
8/29/2010 1:15:26 PM 2720 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule www.torrenthound.com
8/29/2010 12:47:42 PM 0 D:\SYSTEM VOLUME INFORMATION\_RESTORE{06C32333-02C6-4A4B-8954-D319F6BB0476}\RP1297\A0281154.EXE Quarantined by User HackTool.Win32.Ke!IK
8/29/2010 6:14:32 AM 3576 D:\PROGRAM FILES\KEEPASS PASSWORD SAFE 2\KEEPASS.EXE Allowed by User Behavior.RemoteControl
8/29/2010 6:09:54 AM 2840 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\{85C726A3-72A8-4199-9F59-131D37365211}\LIVEZILLA_3.1.8.4_FULL.EXE Allowed by User Behavior.AutorunCreation
8/29/2010 6:02:12 AM 1956 C:\32788R22FWJFW\PEV.EXE Allowed by Rule Behavior.SystemPolicies
8/29/2010 6:02:12 AM 1608 C:\32788R22FWJFW\PEV.EXE Allowed by Rule Behavior.SystemPolicies
8/29/2010 6:02:12 AM 5232 C:\32788R22FWJFW\PEV.EXE Allowed by User Behavior.SystemPolicies
8/29/2010 6:01:01 AM 1956 C:\32788R22FWJFW\PEV.EXE Allowed by Rule Behavior.AutorunCreation
8/29/2010 6:01:00 AM 1608 C:\32788R22FWJFW\PEV.EXE Allowed by Rule Behavior.AutorunCreation
8/29/2010 6:01:00 AM 5232 C:\32788R22FWJFW\PEV.EXE Allowed by User Behavior.AutorunCreation
8/29/2010 5:55:12 AM 3216 C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Blocked by Rule secure-uk.imrworldwide.com

One more thing, when i keep my computer logged in for long, it becomes unresponsive , especially the internet, the email checking stop working, i am not able to browse etc.

So i really think that my computer is still infected.

So far,the only solution i see is complete format and reinstallation of Windows XP.

hi,


then the operator said that you should have less than 6 entries

It would depend on how many active connections you have, just opening a few web pages or tabs will get you more than 6. Heres mine;

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:1284 127.0.0.1:1285 ESTABLISHED
TCP 127.0.0.1:1285 127.0.0.1:1284 ESTABLISHED
TCP 127.0.0.1:1288 127.0.0.1:1289 ESTABLISHED
TCP 127.0.0.1:1289 127.0.0.1:1288 ESTABLISHED
TCP 127.0.0.1:5152 127.0.0.1:1286 CLOSE_WAIT
TCP 127.0.0.1:8080 127.0.0.1:2507 TIME_WAIT
TCP 127.0.0.1:8080 127.0.0.1:2509 TIME_WAIT
TCP 127.0.0.1:8080 127.0.0.1:2510 TIME_WAIT
TCP 127.0.0.1:8080 127.0.0.1:2511 TIME_WAIT
TCP 127.0.0.1:8080 127.0.0.1:2512 TIME_WAIT
TCP 127.0.0.1:8080 127.0.0.1:2513 TIME_WAIT
TCP 127.0.0.1:8080 127.0.0.1:2514 TIME_WAIT
TCP 127.0.0.1:8080 127.0.0.1:2521 TIME_WAIT
TCP 192.168.1.102:2533 65.172.31.160:80 TIME_WAIT
TCP 192.168.1.102:2534 65.172.31.160:80 TIME_WAIT
TCP 192.168.1.102:2535 65.172.31.160:80 TIME_WAIT
TCP 192.168.1.102:2536 65.172.31.160:80 TIME_WAIT
TCP 192.168.1.102:2537 65.172.31.160:80 TIME_WAIT
TCP 192.168.1.102:2538 65.172.31.160:80 TIME_WAIT
TCP 192.168.1.102:2540 65.172.31.160:80 TIME_WAIT
TCP 192.168.1.102:2541 184.50.228.111:443 ESTABLISHED
TCP 192.168.1.102:2542 184.50.228.111:443 ESTABLISHED
TCP 192.168.1.102:2543 184.50.228.111:443 ESTABLISHED
TCP 192.168.1.102:2544 184.50.228.111:443 ESTABLISHED
TCP 192.168.1.102:2545 66.235.138.44:80 TIME_WAIT
TCP 192.168.1.102:2546 65.55.17.25:80 TIME_WAIT
TCP 192.168.1.102:2548 207.46.140.46:80 TIME_WAIT
TCP 192.168.1.102:2549 65.55.18.18:80 TIME_WAIT
TCP 192.168.1.102:2551 65.55.253.21:80 TIME_WAIT
TCP 192.168.1.102:2552 65.172.31.160:80 TIME_WAIT
TCP 192.168.1.102:2553 65.55.15.244:80 TIME_WAIT
TCP 192.168.1.102:2554 65.55.15.241:80 ESTABLISHED
TCP 192.168.1.102:2555 65.55.15.244:80 ESTABLISHED
TCP 192.168.1.102:2556 65.55.15.244:80 ESTABLISHED
TCP 192.168.1.102:2559 207.46.148.31:80 TIME_WAIT
TCP 192.168.1.102:2560 74.125.159.148:80 ESTABLISHED
TCP 192.168.1.102:2561 65.55.149.121:80 ESTABLISHED
TCP 192.168.1.102:2562 65.172.31.160:80 ESTABLISHED
TCP 192.168.1.102:2563 65.55.17.25:80 ESTABLISHED


my connection is 8 Mbps, but now its showing the max at 4 Mbps.

You will never reach your ISP's advertised speed. If you do you are very lucky.
ISP's promote theoretical speeds (under ideal conditions). To get a good idea you could run the speed tests to servers both near and far from you at different times of the day. This will give you a better idea. The speeds you get will vary alot.

Iam not sure what that Emsisoft app is blocking, looks like its guessing about something then allows you to decide? It all looks harmless to me.


i see is complete format and reinstallation of Windows XP.
If thats what you want to do.