1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Internet Speed has slowed down! + DCOM Server Shutdown issue

Discussion in 'Virus & Other Malware Removal' started by Ibn Saeed, Aug 27, 2010.

Thread Status:
Not open for further replies.
  1. Ibn Saeed

    Ibn Saeed Thread Starter

    Joined:
    Jun 20, 2006
    Messages:
    9
    Hello

    Today my internet speed had slowed down and i received a DCOM Server Process Launcher shutdown message.

    My connection gives me 970 KB/s but today i was only getting 150 KB/s.

    I called my ISP, they told me to run a few commands including "netstat -n" and they said that my computer was infected with malware

    And my computer has become quite slow.

    I tried running GMER, i got BSOD.


    ================
    HijackThis log
    ================


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:27:32 AM, on 8/28/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    D:\Program Files\Online Armor\OAcat.exe
    D:\Program Files\Online Armor\oasrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\ASTSRV.EXE
    D:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\dgdersvc.exe
    D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    D:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe
    D:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE
    D:\Program Files\Java\jre6\bin\jqs.exe
    D:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    D:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
    C:\WINDOWS\system32\NLSSRV32.EXE
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    D:\Program Files\Sandboxie\SbieSvc.exe
    d:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\Online Armor\OAui.exe
    D:\Program Files\Logitech\SetPointP\SetPoint.exe
    D:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
    D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    D:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Online Armor\OAhlp.exe
    D:\Program Files\GreedyTorrent\GTor.exe
    D:\Program Files\Codebox\BitMeter\BitMeter2.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    D:\Program Files\Logitech\SetPointG\SetPointII.exe
    D:\PROGRAM FILES\ATHAN\ATHAN.EXE
    D:\Program Files\Malwarebytes Anti-Malware\mbamgui.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    D:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.emirates.net.ae:8080
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - D:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FLASHF~1\IEFlash.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: NuSphere ToolBar - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - D:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll
    O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [@OnlineArmor GUI] "D:\Program Files\Online Armor\OAui.exe"
    O4 - HKLM\..\Run: [EvtMgr6] D:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    O4 - HKLM\..\Run: [TortoiseHgOverlayIconServer] D:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [Taskbar Shuffle] D:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [GreedyTorrent] "D:\Program Files\GreedyTorrent\GTor.exe" -tray
    O4 - Global Startup: Bitmeter2.lnk = D:\Program Files\Codebox\BitMeter\BitMeter2.exe
    O8 - Extra context menu item: + Offline &Explorer: Download the link - file://D:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm
    O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://D:\Program Files\Offline Explorer Enterprise\Add_AllO.htm
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: NuSphere PhpED :: Debug this page - res://D:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll/1000
    O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - D:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - D:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {38D6D77C-5EC1-4A4A-AFEB-85FE780CD61A} (FontDownloaderIE Class) - http://qurancomplex.com/downloads/FontDown.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1231520143203
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231521198390
    O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} (FontDown Class) - http://qurancomplex.com/Downloads/FontSmooth.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{08F63DA3-AC21-412E-93F1-81712533C6C3}: NameServer = 213.42.20.20,195.229.241.222
    O17 - HKLM\System\CS1\Services\Tcpip\..\{08F63DA3-AC21-412E-93F1-81712533C6C3}: NameServer = 213.42.20.20,195.229.241.222
    O17 - HKLM\System\CS2\Services\Tcpip\..\{08F63DA3-AC21-412E-93F1-81712533C6C3}: NameServer = 213.42.20.20,195.229.241.222
    O17 - HKLM\System\CS3\Services\Tcpip\..\{08F63DA3-AC21-412E-93F1-81712533C6C3}: NameServer = 213.42.20.20,195.229.241.222
    O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - D:\Program Files\Intuit\QuickBooks Enterprise Solutions 9.0\HelpAsyncPluggableProtocol.dll
    O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - D:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs:
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
    O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
    O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\WINDOWS\system32\dgdersvc.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
    O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
    O23 - Service: GFI Backup 2009 - Home Edition Attendant Service (GFIBckHAtt) - GFI Software Ltd. - D:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe
    O23 - Service: GFI Backup 2009 - Home Edition Scheduler Service (GFIBckHSched) - GFI Software Ltd. - D:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE
    O23 - Service: Google Update Service (gupdate1c98cc95639674c) (gupdate1c98cc95639674c) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - D:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - D:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
    O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Online Armor Helper Service (OAcat) - Emsi Software GmbH - D:\Program Files\Online Armor\OAcat.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: QuickBooksDB19 - Intuit, Inc. - D:\PROGRA~1\Intuit\QUICKB~1.0\QBDBMgrN.exe
    O23 - Service: QuickBooksDB20 - Intuit, Inc. - D:\PROGRA~1\Intuit\QUICKB~2\QBDBMgrN.exe
    O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - D:\Program Files\Sandboxie\SbieSvc.exe
    O23 - Service: ServiceLayer - Nokia. - d:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    O23 - Service: Online Armor (SvcOnlineArmor) - Emsi Software GmbH - D:\Program Files\Online Armor\oasrv.exe

    --
    End of file - 14646 bytes


    =================
    DDS Content
    =================



    DDS (Ver_10-03-17.01) - NTFSx86
    Run by IbnSaeed at 17:55:55.84 on Fri 08/27/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1790 [GMT 4:00]

    AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

    ============== Running Processes ===============

    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    D:\Program Files\Online Armor\OAcat.exe
    D:\Program Files\Online Armor\oasrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\ASTSRV.EXE
    D:\Program Files\Bonjour\mDNSResponder.exe
    svchost.exe
    C:\WINDOWS\system32\dgdersvc.exe
    D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    D:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe
    D:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE
    D:\Program Files\Java\jre6\bin\jqs.exe
    D:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    D:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
    C:\WINDOWS\system32\NLSSRV32.EXE
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    D:\Program Files\Sandboxie\SbieSvc.exe
    d:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\SearchIndexer.exe
    D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    D:\Program Files\Online Armor\oaui.exe
    D:\Program Files\Logitech\SetPointP\SetPoint.exe
    D:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
    D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Online Armor\OAhlp.exe
    D:\Program Files\GreedyTorrent\GTor.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    D:\Program Files\Logitech\SetPointG\SetPointII.exe
    D:\PROGRAM FILES\ATHAN\ATHAN.EXE
    D:\Program Files\Malwarebytes Anti-Malware\mbamgui.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    D:\Program Files\The Bat!\thebat.exe
    D:\Program Files\Steam\Steam.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    D:\Program Files\FreeCommander\FreeCommander.exe
    D:\Program Files\Prevx\prevx.exe
    D:\Program Files\Prevx\prevx.exe
    C:\Documents and Settings\IbnSaeed\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    G:\Downloads\dds.com
    C:\WINDOWS\system32\SearchProtocolHost.exe

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uStart Page =
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = proxy1.emirates.net.ae:8080
    uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - d:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - d:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - d:\progra~1\flashf~1\IEFlash.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: NuSphere ToolBar: {0f62d223-9206-4ea3-9ea8-d0f3c7c82aca} - d:\program files\nusphere\phped\NuSphereIEBar.dll
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - d:\program files\orbitdownloader\GrabPro.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [Taskbar Shuffle] d:\program files\taskbar shuffle\taskbarshuffle.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [KiesTrayAgent]
    uRun: [GreedyTorrent] "d:\program files\greedytorrent\GTor.exe" -tray
    mRun: [WinPatrol] d:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
    mRun: [@OnlineArmor GUI] "d:\program files\online armor\oaui.exe"
    mRun: [EvtMgr6] d:\program files\logitech\setpointp\SetPoint.exe /launchGaming
    mRun: [TortoiseHgOverlayIconServer] d:\program files\tortoisehg\TortoiseHgOverlayServer.exe
    mRun: [egui] "d:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bitmet~1.lnk - d:\program files\codebox\bitmeter\BitMeter2.exe
    IE: &Download by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/204
    IE: + Offline &Explorer: Download the link - file://d:\program files\offline explorer enterprise\Add_UrlO.htm
    IE: + Offline E&xplorer: Download the current page - file://d:\program files\offline explorer enterprise\Add_AllO.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Do&wnload selected by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: NuSphere PhpED :: Debug this page - d:\program files\nusphere\phped\NuSphereIEBar.dll/1000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - d:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - d:\program files\winhttrack\WinHTTrackIEBar.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {38D6D77C-5EC1-4A4A-AFEB-85FE780CD61A} - hxxp://qurancomplex.com/downloads/FontDown.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231520143203
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231521198390
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} - hxxp://qurancomplex.com/Downloads/FontSmooth.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    TCP: {08F63DA3-AC21-412E-93F1-81712533C6C3} = 213.42.20.20,195.229.241.222
    Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - d:\program files\intuit\quickbooks enterprise solutions 9.0\HelpAsyncPluggableProtocol.dll
    Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - d:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
    Handler: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - c:\program files\common files\intuit\intu-res.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - c:\windows\system32\wowctl2.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - d:\progra~1\online~1\oaevent.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - d:\program files\windows desktop search\MSNLNamespaceMgr.dll
    IFEO: taskmgr.exe - "d:\process explorer\PROCEXP.EXE"
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\ibnsaeed\applic~1\mozilla\firefox\profiles\q78nfaba.default\
    FF - prefs.js: network.proxy.http - localhost
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\documents and settings\ibnsaeed\application data\mozilla\firefox\profiles\q78nfaba.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
    FF - plugin: c:\documents and settings\ibnsaeed\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: d:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
    FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: d:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: d:\program files\mozilla firefox3\plugins\npww.dll
    FF - plugin: d:\program files\opera 10 preview\program\plugins\nppl3260.dll
    FF - plugin: d:\program files\opera 10 preview\program\plugins\npqtplugin.dll
    FF - plugin: d:\program files\opera 10 preview\program\plugins\npqtplugin2.dll
    FF - plugin: d:\program files\opera 10 preview\program\plugins\npqtplugin3.dll
    FF - plugin: d:\program files\opera 10 preview\program\plugins\npqtplugin4.dll
    FF - plugin: d:\program files\opera 10 preview\program\plugins\npqtplugin5.dll
    FF - plugin: d:\program files\opera 10 preview\program\plugins\npqtplugin6.dll
    FF - plugin: d:\program files\opera 10 preview\program\plugins\npqtplugin7.dll
    FF - plugin: d:\program files\opera 10 preview\program\plugins\nprjplug.dll
    FF - plugin: d:\program files\opera 10 preview\program\plugins\nprpjplug.dll
    FF - plugin: d:\program files\opera 10 preview\program\plugins\NPSWF32.dll
    FF - plugin: d:\program files\qt lite\plugins\npqtplugin.dll
    FF - plugin: d:\program files\qt lite\plugins\npqtplugin2.dll
    FF - plugin: d:\program files\qt lite\plugins\npqtplugin3.dll
    FF - plugin: d:\program files\qt lite\plugins\npqtplugin4.dll
    FF - plugin: d:\program files\qt lite\plugins\npqtplugin5.dll
    FF - plugin: d:\program files\qt lite\plugins\npqtplugin6.dll
    FF - plugin: d:\program files\qt lite\plugins\npqtplugin7.dll
    FF - plugin: d:\program files\real\netscape6\nppl3260.dll
    FF - plugin: d:\program files\real\netscape6\nprjplug.dll
    FF - plugin: d:\program files\real\netscape6\nprpjplug.dll
    FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox3\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    d:\program files\mozilla firefox3\greprefs\all.js - pref("ui.use_native_colors", true);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("network.proxy.type", 5);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("network.buffer.cache.count", 24);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("svg.smil.enabled", false);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("browser.formfill.debug", false);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("accelerometer.enabled", true);
    d:\program files\mozilla firefox3\greprefs\all.js - pref("html5.enable", false);
    d:\program files\mozilla firefox3\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    d:\program files\mozilla firefox3\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    d:\program files\mozilla firefox3\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    d:\program files\mozilla firefox3\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    d:\program files\mozilla firefox3\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    d:\program files\mozilla firefox3\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    d:\program files\mozilla firefox3\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    d:\program files\mozilla firefox3\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    d:\program files\mozilla firefox3\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-8-27 30320]
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-3-24 115008]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-3-24 95896]
    R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-6-9 236104]
    R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-6-9 22600]
    R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-6-9 28232]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2002-8-29 14336]
    R2 CSIScanner;CSIScanner;d:\program files\prevx\prevx.exe [2010-8-27 6394368]
    R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2009-12-22 95568]
    R2 ekrn;ESET Service;d:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-8-12 810144]
    R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-6-17 217088]
    R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;d:\progra~1\gfi\gfibac~1\GFIHInst.exe [2009-12-11 858480]
    R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;d:\progra~1\gfi\gfibac~1\GFIHSC~1.EXE [2009-12-11 2324848]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-16 10448]
    R2 MBAMService;MBAMService;d:\program files\malwarebytes anti-malware\mbamservice.exe [2009-10-23 304464]
    R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;d:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2010-6-24 196928]
    R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]
    R2 OAcat;Online Armor Helper Service;d:\program files\online armor\oacat.exe [2010-6-9 1283400]
    R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-8-27 69736]
    R2 StarWindServiceAE;StarWind AE Service;d:\program files\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2009-12-24 370688]
    R2 SvcOnlineArmor;Online Armor;d:\program files\online armor\oasrv.exe [2010-6-9 3364680]
    R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2009-12-22 18136]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-6-17 36640]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-10-23 20952]
    R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-8-27 24400]
    R3 SbieDrv;SbieDrv;d:\program files\sandboxie\SbieDrv.sys [2010-8-9 123112]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c98cc95639674c;Google Update Service (gupdate1c98cc95639674c);d:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104]
    S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\common files\bcl technologies\easypdf 5\bepldr.exe [2007-2-21 151552]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
    S3 GEST Service;GEST Service for program management.;c:\program files\gigabyte\gest\GSvr.exe [2009-1-9 47624]
    S3 PciCon;PciCon;\??\f:\pcicon.sys --> f:\PciCon.sys [?]
    S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2009-10-20 38976]
    S3 PSSDKLBF;PSSDKLBF;c:\windows\system32\drivers\pssdklbf.sys [2009-10-20 53312]
    S3 QuickBooksDB19;QuickBooksDB19;d:\progra~1\intuit\quickb~1.0\qbdbmgrn.exe -hvquickbooksdb19 --> d:\progra~1\intuit\quickb~1.0\QBDBMgrN.exe -hvQuickBooksDB19 [?]
    S3 QuickBooksDB20;QuickBooksDB20;d:\progra~1\intuit\quickb~2\qbdbmgrn.exe -hvquickbooksdb20 --> d:\progra~1\intuit\quickb~2\QBDBMgrN.exe -hvQuickBooksDB20 [?]
    S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-6-17 98432]
    S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-6-17 14848]
    S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-6-17 123648]
    S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [2010-6-17 100224]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-8-29 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]

    ============== File Associations ===============

    .scr=AutoCADScriptFile
    .txt=

    =============== Created Last 30 ================

    2010-08-27 13:50:36 68120 ----a-w- c:\windows\system32\PxSecure.dll
    2010-08-27 13:50:35 69736 ----a-w- c:\windows\system32\drivers\pxrts.sys
    2010-08-27 13:50:35 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
    2010-08-27 13:50:34 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
    2010-08-27 13:50:33 0 d-----w- d:\program files\Prevx
    2010-08-27 13:50:19 0 d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
    2010-08-27 13:50:08 51 ----a-w- c:\windows\wininit.ini
    2010-08-27 10:10:20 0 d-----w- d:\program files\Orbitdownloader
    2010-08-27 10:01:00 9046 ----a-w- c:\windows\system32\nvinfo.pb
    2010-08-25 02:57:23 0 d-----w- d:\program files\TortoiseHg
    2010-08-25 02:51:31 163696 ----a-w- c:\windows\GFIBckHUnwise.EXE
    2010-08-18 11:58:23 0 d-----w- d:\program files\NetBeans 6.9.1
    2010-08-18 11:00:26 0 d-----w- d:\program files\ActiveState Komodo Edit 6
    2010-08-16 01:32:39 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
    2010-08-16 01:32:27 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2010-08-16 01:31:47 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
    2010-08-15 20:58:12 0 d-----w- c:\docume~1\ibnsaeed\applic~1\Logishrd
    2010-08-12 18:29:48 2772992 ----a-w- c:\windows\system32\GPhotos.scr
    2010-08-09 13:03:28 545 ----a-w- c:\windows\UC.PIF
    2010-08-09 13:03:28 545 ----a-w- c:\windows\RAR.PIF
    2010-08-09 13:03:28 545 ----a-w- c:\windows\PKZIP.PIF
    2010-08-09 13:03:28 545 ----a-w- c:\windows\PKUNZIP.PIF
    2010-08-09 13:03:28 545 ----a-w- c:\windows\NOCLOSE.PIF
    2010-08-09 13:03:28 545 ----a-w- c:\windows\LHA.PIF
    2010-08-09 13:03:28 545 ----a-w- c:\windows\ARJ.PIF
    2010-08-09 13:03:28 0 d-----w- d:\program files\Total Commander
    2010-08-09 13:03:28 0 d-----w- c:\docume~1\ibnsaeed\applic~1\GHISLER
    2010-08-07 00:27:04 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-08-07 00:26:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
    2010-08-07 00:26:09 0 d-----w- d:\program files\Hitman Pro 3.5
    2010-07-31 11:22:39 0 d-----w- d:\program files\Disney Interactive Studios
    2010-07-31 11:19:57 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
    2010-07-31 10:25:10 0 d-----w- c:\docume~1\ibnsaeed\applic~1\bizarre creations
    2010-07-31 08:27:17 0 d-----w- d:\program files\Activision
    2010-07-30 21:17:21 0 d-----w- c:\documents and settings\ibnsaeed\humyo.store
    2010-07-30 02:13:13 0 d-----w- c:\docume~1\alluse~1\applic~1\boost_interprocess
    2010-07-30 02:06:16 0 d-----w- c:\documents and settings\ibnsaeed\.thinupload
    2010-07-29 20:03:13 0 d-----w- d:\program files\Steam
    2010-07-29 09:20:42 0 d-----w- d:\program files\Paltalk Messenger
    2010-07-29 09:20:42 0 d-----w- c:\windows\PaltalkScene

    ==================== Find3M ====================

    2010-08-27 10:16:19 98304 ----a-w- c:\windows\DUMP45c3.tmp
    2010-08-22 13:48:03 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdw.DAT
    2010-08-22 13:47:42 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
    2010-08-04 07:50:36 140752 ----a-w- c:\windows\system32\drivers\eamon.sys
    2010-08-03 09:28:36 95896 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
    2010-08-02 14:23:20 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-08-02 14:05:25 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-07-31 11:20:19 138056 ----a-w- c:\docume~1\ibnsaeed\applic~1\PnkBstrK.sys
    2010-07-31 11:19:58 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
    2010-07-31 07:57:52 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-07-29 09:31:26 115008 ----a-w- c:\windows\system32\drivers\ehdrv.sys
    2010-07-27 01:20:04 5642 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
    2010-07-27 01:20:02 8 --sh--r- c:\docume~1\alluse~1\applic~1\B0F9275DD3.sys
    2010-07-26 18:04:41 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
    2010-07-15 09:27:09 445016 ----a-w- c:\windows\system32\wrap_oal.dll
    2010-07-15 09:27:09 109144 ----a-w- c:\windows\system32\OpenAL32.dll
    2010-07-12 14:31:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-07-12 14:31:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-07-10 21:39:41 216576 ----a-w- c:\windows\system32\SpoonUninstall.exe
    2010-07-10 16:46:19 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-07-07 08:25:58 22600 ----a-w- c:\windows\system32\drivers\OAmon.sys
    2010-07-07 08:25:42 28232 ----a-w- c:\windows\system32\drivers\OAnet.sys
    2010-07-07 08:25:38 236104 ----a-w- c:\windows\system32\drivers\OADriver.sys
    2010-07-02 21:17:38 98304 ----a-w- c:\windows\DUMP3f89.tmp
    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-25 01:47:56 15600 ----a-w- c:\windows\gdrv.sys
    2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 07:06:54 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
    2010-06-24 07:06:52 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-22 20:45:04 794408 ----a-w- c:\windows\system32\pbsvc.exe
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-02 00:55:30 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
    2010-06-02 00:55:30 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
    2010-06-02 00:55:30 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
    2010-05-03 07:10:06 2439 ----a-w- d:\program files\INSTALL.LOG
    2010-04-23 19:33:19 2851 ----a-w- d:\program files\cdroms.cfg
    2010-04-23 19:32:04 102400 ----a-w- d:\program files\HXAudioDeviceHook.dll
    2010-04-23 19:32:00 50 ----a-w- d:\program files\strs23.dat
    2010-04-23 19:32:00 13 ----a-w- d:\program files\strs26.dat
    2010-04-23 19:32:00 1030 ----a-w- d:\program files\autoplaylist.dat

    ============= FINISH: 17:59:02.23 ===============
     

    Attached Files:

  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    33,391
    Hiya :)

    Sorry for the lateness in a reply, but these forums are very busy :(

    Are you still having this problem? If so, can you rescan with the DDS and HijackThis and post the fresh logs :)

    Regards

    eddie
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/946204

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice