TheTechGuide Forum

General Category => Tech Clinic => Topic started by: Brenneka on June 06, 2009, 06:51:26 AM

Title: Concerned, need help
Post by: Brenneka on June 06, 2009, 06:51:26 AM

Hi there,

This is my second time visiting you here, obviously looking for some help with my PC. Last time you helped me in a very quick and efficient manner so I decided to come back here and search for help once again with my PC.

Lately, my PC has been underperforming badly in terms of speed. I do not use any kind of anti-viruses, I try to avoid them as they have only caused me problem in the past, and I allow myself to not use them as my only activities using the PC are browsing a few certainly-trusted sites (only) and playing an online FPS game.

I am concerned by this underperformace and I would like to do general scans and checks that are needed in order to clean up the PC. I am here to ask you what should I do, what programs do I need to download and run so my PC will run as smooth as it did before lately?


Thanks in advance, any help will be well appreciated!

Title: Concerned, need help
Post by: guestolo on June 06, 2009, 10:13:42 AM

Download and Save to your desktop
[color=\"#FF0000\"]OTS.exe[/color] (http://\"http://oldtimer.geekstogo.com/OTS.exe\") by OldTimer

Right click on OTS.exe and choose to "Run as Administrator"
Under Additional Scans click the button labelled "Extras"
Also, put a tick beside>> Reg - Disabled MS Config Items
So now all the following will be ticked

Reg - Disabled MS Config Items
Reg - File Associations
Reg - Protocol Filters
Reg - Protocol Handlers
Reg - Security Center Settings
Reg - Winsock2 Catalogs
Reg - Uninstall List
Evnt - EventViewer Logs (Last 10 Errors)

Afterwards: Click the button [color=\"#0000FF\"]Run Scan[/color]

Let this scan finish, when done, it will open a log
Can you copy and paste that log back here please
A copy of the log will also be on your desktop>>OTS.txt

NOTE: IF you do get an error posting this log, or it won't post, please Upload it in a reply
Simply using the Browse..>> UPLOAD buttons on the bottom right of the reply box

Title: Concerned, need help
Post by: Brenneka on June 06, 2009, 10:41:04 AM

OTS.txt is attached.OTS logfile created on: 06/06/2009 18:36:03 - Run 1OTS by OldTimer - Version 3.0.3.0     Folder = C:\Documents and Settings\עדן\My Documents\DownloadsWindows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.11)Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy 511.48 Mb Total Physical Memory | 281.99 Mb Available Physical Memory | 55.13% Memory free1.22 Gb Paging File | 0.98 Gb Available in Paging File | 80.16% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 111.78 Gb Total Space | 18.19 Gb Free Space | 16.27% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: TAP-7409E23BDDCurrent User Name: עדןLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userWhitelist: OnFile Age = 30 Days [Processes - Safe List]chrome.exe -> C:\Documents and Settings\עדן\Local Settings\Application Data\Google\Chrome\Application\chrome.exe -> [2009/05/07 21:33:21 | 00,766,960 | ---- | M] (Google Inc.)chrome.exe -> C:\Documents and Settings\עדן\Local Settings\Application Data\Google\Chrome\Application\chrome.exe -> [2009/05/07 21:33:21 | 00,766,960 | ---- | M] (Google Inc.)daemon.exe -> C:\Program Files\DAEMON Tools\daemon.exe -> [2007/12/29 15:05:17 | 00,486,856 | ---- | M] (DT Soft Ltd)explorer.exe -> C:\WINDOWS\Explorer.EXE -> [2007/06/13 16:21:34 | 01,201,664 | ---- | M] (Microsoft Corporation)googleupdate.exe -> C:\Documents and Settings\עדן\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> [2008/12/16 20:33:22 | 00,133,104 | ---- | M] (Google Inc.)mirc.exe -> C:\Program Files\mIRC\mirc.exe -> [2007/11/01 22:57:24 | 02,756,096 | ---- | M] (mIRC Co. Ltd.)nmbgmonitor.exe -> C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe -> [2006/08/22 10:52:02 | 00,094,208 | ---- | M] (Nero AG)nvsvc32.exe -> C:\WINDOWS\System32\nvsvc32.exe -> [2004/09/30 08:35:00 | 00,127,043 | ---- | M] (NVIDIA Corporation)ots.exe -> C:\Documents and Settings\עדן\My Documents\Downloads\OTS.exe -> [2009/06/06 18:33:47 | 00,505,344 | ---- | M] (OldTimer Tools)soundman.exe -> C:\WINDOWS\SOUNDMAN.EXE -> [2004/09/16 15:39:44 | 00,069,632 | R--- | M] (Realtek Semiconductor Corp.)wscntfy.exe -> C:\WINDOWS\System32\wscntfy.exe -> [2004/08/27 15:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List](Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2008/03/13 14:13:57 | 00,072,704 | ---- | M] (Adobe Systems)(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -> [2007/10/09 13:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation)(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2004/08/27 15:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation)(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2007/10/11 10:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation)(NBService) NBService [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -> [2006/08/08 22:15:50 | 00,208,896 | ---- | M] (Nero AG)(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2007/10/11 10:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation)(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\nvsvc32.exe -> [2004/09/30 08:35:00 | 00,127,043 | ---- | M] (NVIDIA Corporation)(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\WMPNetwk.exe -> [2006/12/01 13:06:10 | 00,908,800 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List](ADILOADER) General Purpose USB Driver (adildr.sys) [Kernel | Auto | Stopped] -> C:\WINDOWS\System32\Drivers\adildr.sys -> [2002/10/11 11:19:00 | 00,046,551 | ---- | M] (Analog Deivces)(adiusbaw) USB ADSL WAN Adapter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\adiusbaw.sys -> [2002/12/18 19:13:34 | 00,122,121 | ---- | M] (Analog Devices Inc.)(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\ALCXWDM.SYS -> [2004/09/21 14:53:18 | 02,278,784 | R--- | M] (Realtek Semiconductor Corp.)(DumaNT) NVIDIA Stereo Helper Service [Kernel | System | Running] -> C:\WINDOWS\System32\DRIVERS\dumant.sys -> [2002/11/18 15:29:26 | 00,399,700 | ---- | M] (NVIDIA Corporation)(EL90X) 3Com EtherLink XL 90X Adapter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\el90xnd5.sys -> [2001/09/18 15:26:38 | 00,153,631 | ---- | M] (3Com Corporation)(gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\gameenum.sys -> [2004/08/04 00:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation)(NEOFLTR_600_12507) Juniper Networks TDI Filter Driver (NEOFLTR_600_12507) [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\NEOFLTR_600_12507.SYS -> [2007/12/28 06:23:10 | 00,064,160 | ---- | M] (Juniper Networks)(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -> [2004/09/30 08:35:00 | 02,743,840 | ---- | M] (NVIDIA Corporation)(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ptilink.sys -> [2004/08/27 15:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2007/03/08 02:51:00 | 00,043,528 | ---- | M] (Sonic Solutions)(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -> [2006/10/10 12:53:48 | 00,005,632 | ---- | M] ()(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -> [2006/02/16 16:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.)(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -> [2007/02/27 11:39:26 | 00,032,256 | ---- | M] ()(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\secdrv.sys -> [2007/11/13 13:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)(sptd) sptd [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\sptd.sys -> [2008/01/01 16:53:43 | 00,715,248 | ---- | M] ()(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\usbaudio.sys -> [2004/08/04 02:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) [Registry - Safe List]< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> about:blank -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> 1 -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.co.il/ -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\MozillaHKLM\software\mozilla\Firefox\Extensions ->  -> HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c} -> C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\APPLICATION DATA\MOZILLA\FIREFOX EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C} [C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\APPLICATION DATA\MOZILLA\FIREFOX EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C}] -> [2007/06/19 11:44:00 | 00,000,000 | ---D | M]< FireFox Extensions [User Folders] > -> < HOSTS File > (686 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> Reset Hosts127.0.0.1 localhost< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/23 00:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated){53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/01/28 12:43:28 | 01,554,256 | ---- | M] (Safer Networking Limited){5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> [2007/09/25 02:11:33 | 00,501,136 | ---- | M] (Sun Microsystems, Inc.){9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [עוזר הכניסה של Windows Live] -> [2009/01/22 15:41:30 | 00,408,448 | ---- | M] (Microsoft Corporation)< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "BluetoothAuthenticationAgent" -> C:\WINDOWS\System32\bthprops.cpl [rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent] -> [2004/08/27 15:00:00 | 00,110,592 | ---- | M] (Microsoft Corporation)"Microsoft Corporation Svchost Services" ->  [mssvcs.exe] -> File not found"NeroFilterCheck" -> C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe] -> [2006/01/12 17:40:44 | 00,155,648 | ---- | M] (Nero AG)"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2004/09/30 08:35:00 | 04,603,904 | ---- | M] (NVIDIA Corporation)"NvMediaCenter" -> C:\WINDOWS\System32\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2004/09/30 08:35:00 | 00,086,016 | ---- | M] (NVIDIA Corporation)"nwiz" -> C:\WINDOWS\System32\nwiz.exe [nwiz.exe /install] -> [2004/09/30 08:35:00 | 00,921,600 | ---- | M] (NVIDIA Corporation)"PHIME2002A" -> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName] -> [2004/08/27 15:00:00 | 00,455,168 | ---- | M] (Microsoft Corporation)"PHIME2002ASync" ->  [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC] -> File not found"QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008/03/20 22:33:53 | 00,385,024 | ---- | M] (Apple Inc.)"SoundMan" -> C:\WINDOWS\SOUNDMAN.EXE [SOUNDMAN.EXE] -> [2004/09/16 15:39:44 | 00,069,632 | R--- | M] (Realtek Semiconductor Corp.)< RunServices [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices -> "Microsoft Corporation Svchost Services" ->  [mssvcs.exe] -> File not found< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "AdobeUpdater" -> C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe] -> [2007/03/01 11:37:52 | 02,321,600 | R--- | M] (Adobe Systems Incorporated)"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" -> C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"] -> [2006/08/22 10:52:02 | 00,094,208 | ---- | M] (Nero AG)"DAEMON Tools Lite" -> C:\Program Files\DAEMON Tools\daemon.exe ["C:\Program Files\DAEMON Tools\daemon.exe"] -> [2007/12/29 15:05:17 | 00,486,856 | ---- | M] (DT Soft Ltd)"Google Update" -> C:\Documents and Settings\עדן\Local Settings\Application Data\Google\Update\GoogleUpdate.exe ["C:\Documents and Settings\עדן\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c] -> [2008/12/16 20:33:22 | 00,133,104 | ---- | M] (Google Inc.)"Microsoft Corporation Svchost Services" ->  [mssvcs.exe] -> File not found"msnmsgr" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background] -> [2009/02/06 18:52:08 | 03,885,408 | ---- | M] (Microsoft Corporation)< RunServices [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices -> "Microsoft Corporation Svchost Services" ->  [mssvcs.exe] -> File not found< All Users.WINDOWS Startup Folder > -> C:\Documents and Settings\All Users.WINDOWS\תפריט התחלה\תוכניות\הפעלה -> C:\Documents and Settings\All Users.WINDOWS\תפריט התחלה\תוכניות\הפעלה\Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE -> [2001/02/13 03:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation)< עדן Startup Folder > -> C:\Documents and Settings\עדן\תפריט התחלה\תוכניות\הפעלה -> C:\Documents and Settings\עדן\תפריט התחלה\תוכניות\הפעלה\Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -> [1999/11/04 16:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\"dontdisplaylastusername" ->  

• -> File not found\\"legalnoticecaption" ->  [] -> File not found\\"legalnoticetext" ->  [] -> File not found\\"shutdownwithoutlogon" ->  [1] -> File not found\\"undockwithoutlogon" ->  [1] -> File not found< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDriveTypeAutoRun" ->  [145] -> File not found< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\"DisableRegistryTools" ->  
• -> File not found< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &יצא ל- Microsoft Excel -> C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000] -> [2008/01/29 12:41:28 | 09,364,480 | R--- | M] (Microsoft Corporation)< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll [Menu: Sun Java Console] -> [2007/09/25 02:11:34 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.){B863453A-26C3-4e1f-A54D-A2CD196348E9}:Exec [HKLM] -> C:\Program Files\ICQLite\ICQLite.exe [Button: ICQ Lite] -> File not found{B863453A-26C3-4e1f-A54D-A2CD196348E9}:Exec [HKLM] -> C:\Program Files\ICQLite\ICQLite.exe [Menu: ICQ Lite] -> File not found{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/01/28 12:43:28 | 01,554,256 | ---- | M] (Safer Networking Limited){e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2006/10/10 15:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation){E59EB121-F339-4851-A3BA-FE49C35617C2}:Exec [HKLM] -> C:\Program Files\ICQ6\ICQ.exe [Button: ICQ6] -> [2008/09/01 18:08:21 | 00,173,304 | ---- | M] (ICQ, Inc.){E59EB121-F339-4851-A3BA-FE49C35617C2}:Exec [HKLM] -> C:\Program Files\ICQ6\ICQ.exe [Menu: ICQ6] -> [2008/09/01 18:08:21 | 00,173,304 | ---- | M] (ICQ, Inc.){FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2004/10/13 19:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation){FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2004/10/13 19:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{B863453A-26C3-4e1f-A54D-A2CD196348E9}" [HKLM] -> C:\Program Files\ICQLite\ICQLite.exe [ICQ Lite] -> File not foundCmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 19:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix"" -> http://< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4241 domain(s) found. -> 33 domain(s) and sub-domain(s) not assigned to a zone.< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4251 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone.< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 93 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab [QuickTime Plugin Control] -> {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} [HKLM] -> http://xiah.gamescampus.com/luncher/GamesCampus.cab [GamesCampus Control] -> {17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/5/b...heckControl.cab [Windows Genuine Advantage Validation Tool] -> {20A60F0D-9AFA-4515-A0FD-83BD84642501} [HKLM] -> http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab [Checkers Class] -> {233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://download.macromedia.com/pub/shockwa...director/sw.cab [Shockwave ActiveX Control] -> {33564D57-0000-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB [Reg Error: Key error.] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftu...b?1202306177953 [MUWebControl Class] -> {784797A8-342D-4072-9486-03C8D0F2F0A1} [HKLM] -> https://play.battlefield-heroes.com/static/...er_4.0.15.0.cab [Battlefield Heroes Updater] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab [Java Plug-in 1.6.0_03] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab [Reg Error: Key error.] -> {A90A5822-F108-45AD-8482-9BC8B12DD539} [HKLM] -> http://www.crucial.com/controls/cpcScanner.cab [Crucial cpcScan] -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab [MessengerStatsClient Class] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_03] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_03] -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} [HKLM] -> http://www.adobe.com/products/acrobat/nos/gp.cab [get_atlcom Class] -> {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} [HKLM] -> https://ssl.sonol.co.il/dana-cached/setup/J...perSetupSP1.cab [JuniperSetupSP1 Control] -> {F59AB0C4-3443-4551-A78F-C101F9DE0215} [HKLM] -> http://irc.nana.co.il/Cabs/launcher39.cab [Reg Error: Key error.] -> {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [HKLM] -> http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab [Minesweeper Flags Class] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 10.0.0.138 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {05E2438F-3031-492D-B72B-71C15ECD9249}\\DhcpNameServer -> 10.0.0.138   (מתאם אתרנט 3Com 3C905TX-based (כללי)) -> {66E548E8-DA0E-4FD2-941F-A76CDE410636}\\DhcpNameServer -> 10.0.0.138   (מתאם אתרנט 3Com 3C905TX-based (כללי)) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 16:21:34 | 01,201,664 | ---- | M] (Microsoft Corporation)*MultiFile Done* -> -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2006/12/20 12:55:48 | 00,077,824 | ---- | M] (SuperAdBlocker.com)< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/27 15:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation)"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:52:08 | 03,885,408 | ---- | M] (Microsoft Corporation)"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/27 15:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation)"C:\Documents and Settings\עדן\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" -> C:\Documents and Settings\עדן\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe [C:\Documents and Settings\עדן\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client] -> [2007/12/28 06:39:00 | 00,120,192 | ---- | M] (Juniper Networks)"C:\Documents and Settings\עדן\שולחן העבודה\new.logic.1.1.beta.1a\emule.exe" -> C:\Documents and Settings\עדן\שולחן העבודה\new.logic.1.1.beta.1a\emule.exe [C:\Documents and Settings\עדן\שולחן העבודה\new.logic.1.1.beta.1a\emule.exe:*:Enabled:eMule] -> [2006/12/06 19:27:18 | 04,935,680 | ---- | M] (http://www.emule-project.net)"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" -> C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe [C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine] -> [2009/02/13 16:53:40 | 00,966,656 | ---- | M] ()"C:\Program Files\ICQ6\ICQ.exe" -> C:\Program Files\ICQ6\ICQ.exe [C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6] -> [2008/09/01 18:08:21 | 00,173,304 | ---- | M] (ICQ, Inc.)"C:\Program Files\ICQLite\ICQLite.exe" -> C:\Program Files\ICQLite\ICQLite.exe [C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite] -> File not found"C:\Program Files\Internet Explorer\iexplore.exe" -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> [2008/04/22 10:41:30 | 00,625,664 | ---- | M] (Microsoft Corporation)"C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe" -> C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe [C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy] -> [2007/12/28 06:23:06 | 00,390,536 | ---- | M] (Juniper Networks)"C:\Program Files\mIRC\mirc.exe" -> C:\Program Files\mIRC\mirc.exe [C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC] -> [2007/11/01 22:57:24 | 02,756,096 | ---- | M] (mIRC Co. Ltd.)"C:\Program Files\mIRC-NEW\mirc.exe" -> C:\Program Files\mIRC-NEW\mirc.exe [C:\Program Files\mIRC-NEW\mirc.exe:*:Enabled:mIRC] -> File not found"C:\Program Files\mIRC-NEWEST\mirc.exe" -> C:\Program Files\mIRC-NEWEST\mirc.exe [C:\Program Files\mIRC-NEWEST\mirc.exe:*:Enabled:mIRC] -> File not found"C:\Program Files\mIRC-NEWEST2\mirc.exe" -> C:\Program Files\mIRC-NEWEST2\mirc.exe [C:\Program Files\mIRC-NEWEST2\mirc.exe:*:Enabled:mIRC] -> File not found"C:\Program Files\mIRC-NEWEST4\mirc.exe" -> C:\Program Files\mIRC-NEWEST4\mirc.exe [C:\Program Files\mIRC-NEWEST4\mirc.exe:*:Enabled:mIRC] -> File not found"C:\Program Files\mIRC-NEWESTzzz\mirc.exe" -> C:\Program Files\mIRC-NEWESTzzz\mirc.exe [C:\Program Files\mIRC-NEWESTzzz\mirc.exe:*:Enabled:mIRC] -> File not found"C:\Program Files\mIRC-zzz\mirc.exe" -> C:\Program Files\mIRC-zzz\mirc.exe [C:\Program Files\mIRC-zzz\mirc.exe:*:Enabled:mIRC] -> File not found"C:\Program Files\Tactical Ops\TacticalOps 1\System\TacticalOps.exe" -> C:\Program Files\Tactical Ops\TacticalOps 1\System\TacticalOps.exe [C:\Program Files\Tactical Ops\TacticalOps 1\System\TacticalOps.exe:*:Enabled:TacticalOps] -> [2005/10/05 07:11:50 | 00,233,472 | ---- | M] ()"C:\Program Files\Tactical Ops\TacticalOps 2\System\TacticalOps.exe" -> C:\Program Files\Tactical Ops\TacticalOps 2\System\TacticalOps.exe [C:\Program Files\Tactical Ops\TacticalOps 2\System\TacticalOps.exe:*:Enabled:TacticalOps] -> [2005/10/04 21:11:50 | 00,233,472 | ---- | M] ()"C:\Program Files\Tactical Ops\TacticalOps 3\System\TacticalOps.exe" -> C:\Program Files\Tactical Ops\TacticalOps 3\System\TacticalOps.exe [C:\Program Files\Tactical Ops\TacticalOps 3\System\TacticalOps.exe:*:Enabled:TacticalOps] -> [2005/10/04 21:11:50 | 00,233,472 | ---- | M] ()"C:\Program Files\Tactical Ops\TacticalOps 4\System\TacticalOps.exe" -> C:\Program Files\Tactical Ops\TacticalOps 4\System\TacticalOps.exe [C:\Program Files\Tactical Ops\TacticalOps 4\System\TacticalOps.exe:*:Enabled:TacticalOps] -> [2005/10/04 21:11:50 | 00,233,472 | ---- | M] ()"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:52:08 | 03,885,408 | ---- | M] (Microsoft Corporation)"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)"C:\Program Files\Xfire\Xfire.exe" -> C:\Program Files\Xfire\Xfire.exe [C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire] -> [2009/04/30 00:20:26 | 03,145,552 | ---- | M] (Xfire Inc.)"C:\WINDOWS\system32\PnkBstrA.exe" -> C:\WINDOWS\System32\PnkBstrA.exe [C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA] -> File not found"C:\WINDOWS\system32\PnkBstrB.exe" -> C:\WINDOWS\System32\PnkBstrB.exe [C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB] -> File not found< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->"AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found< Drives with AutoRun files > ->  -> C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/04/30 19:13:50 | 00,000,000 | ---- | M] ()< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->  [Registry - Additional Scans - Safe List]< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> C:^Documents and Settings^All Users.WINDOWS^תפריט התחלה^תוכניות^הפעלה^DSLMON.lnk -> C:\Program Files\ECI Telecoms\ECI USB ADSL\DSLMON.exe -> [2003/01/13 13:30:22 | 00,929,861 | ---- | M] ()C:^Documents and Settings^עדן^תפריט התחלה^תוכניות^הפעלה^Xfire.lnk -> C:\Program Files\Xfire\Xfire.exe -> [2009/04/30 00:20:26 | 03,145,552 | ---- | M] (Xfire Inc.)< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe -> [2008/01/11 23:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)DAEMON Tools hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\DAEMON Tools\daemon.exe -> [2007/12/29 15:05:17 | 00,486,856 | ---- | M] (DT Soft Ltd)DLD.EXE hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Download Direct\DLD.exe -> File not foundICQ hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\ICQ6\ICQ.exe -> [2008/09/01 18:08:21 | 00,173,304 | ---- | M] (ICQ, Inc.)ICQ Lite hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\ICQLite\ICQLite.exe -> File not foundIMJPMIG8.1 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE -> [2004/08/27 15:00:00 | 00,208,952 | ---- | M] (Microsoft Corporation)MSMSGS hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Messenger\msmsgs.exe -> [2004/10/13 19:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)MsnMsgr hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\MSN Messenger\MsnMsgr.Exe -> File not foundQuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\qttask.exe -> [2008/03/20 22:33:53 | 00,385,024 | ---- | M] (Apple Inc.)Steam hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Steam\Steam.exe -> [2008/05/02 21:53:34 | 01,271,032 | ---- | M] (Valve Corporation)WinampAgent hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Winamp\winampa.exe -> File not foundWindows Defender hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Windows Defender\MSASCui.exe -> File not found< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> "bootini" -> 0 -> "services" -> 0 -> "startup" -> 2 -> "system.ini" -> 0 -> "win.ini" -> 0 -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .bat [@ = batfile] -> "%1" %* -> .cmd [@ = cmdfile] -> "%1" %* -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> .html [@ = htmlfile] -> C:\Program Files\Internet Explorer\IEXPLORE.EXE -> [2008/04/22 10:41:30 | 00,625,664 | ---- | M] (Microsoft Corporation).pif [@ = piffile] -> "%1" %* -> .scr [@ = scrfile] -> "%1" /S -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL[Microsoft PKM KnowledgePluggable Class] -> [2004/01/29 17:08:23 | 00,868,352 | ---- | M] (Microsoft Corporation)ipp: [HKLM] -> No CLSID valueipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Program Files\Common Files\System\OLE DB\msdaipp.dll[MSDAMON.BINDER] -> [2004/01/29 17:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation)livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll[Reg Error: Value error.] -> [2009/02/06 18:52:44 | 00,062,304 | ---- | M] (Microsoft Corporation)msdaipp: [HKLM] -> No CLSID valuemsdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Program Files\Common Files\System\OLE DB\msdaipp.dll[MSDAMON.BINDER] -> [2004/01/29 17:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation)msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Program Files\Common Files\System\OLE DB\msdaipp.dll[MSDAIPP.BINDER] -> [2004/01/29 17:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation)msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll[Reg Error: Value error.] -> [2009/02/06 18:52:44 | 00,062,304 | ---- | M] (Microsoft Corporation)mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL[Data Page Pluggable Protocol mso-offdap Handler] -> [2008/01/24 16:22:56 | 07,255,384 | ---- | M] (Microsoft Corporation)vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} [HKLM] -> C:\Program Files\Monopol500\MSDXM.OCX[AsyncPProt Class] -> [1999/08/09 15:49:10 | 00,843,536 | ---- | M] (Microsoft Corporation)< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled" ->  [1] -> File not found\\"AntiVirusDisableNotify" ->  
• -> File not found\\"FirewallDisableNotify" ->  
• -> File not found\\"UpdatesDisableNotify" ->  
• -> File not found\\"AntiVirusOverride" ->  
• -> File not found\\"FirewallOverride" ->  
• -> File not foundHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\Monitoring\\"DisableMonitoring" ->  [1] -> File not foundHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\Monitoring\SymantecAntiVirus\\"DisableMonitoring" ->  [1] -> File not foundHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\Monitoring\SymantecFirewall\\"DisableMonitoring" ->  [1] -> File not foundHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000002 [Bluetooth Namespace] -> C:\WINDOWS\System32\wshbth.dll -> [2004/08/27 15:00:00 | 00,108,032 | ---- | M] (Microsoft Corporation)NameSpace_Catalog5\Catalog_Entries\000000000003 [Juniper Secure DNS (Top)] -> C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll -> [2007/12/28 06:23:04 | 00,071,032 | ---- | M] (Juniper Networks)NameSpace_Catalog5\Catalog_Entries\000000000005 [Proxifier NSP] -> C:\WINDOWS\System32\PrxerNsp.dll -> [2007/02/28 16:56:34 | 00,061,440 | ---- | M] ( )NameSpace_Catalog5\Catalog_Entries\000000000007 [Juniper Secure DNS (Bottom)] -> C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll -> [2007/12/28 06:23:04 | 00,071,032 | ---- | M] (Juniper Networks)Protocol_Catalog9\Catalog_Entries\000000000001 -> C:\WINDOWS\System32\PrxerDrv.dll -> [2007/09/25 15:40:32 | 00,073,728 | ---- | M] (Initex Software)Protocol_Catalog9\Catalog_Entries\000000000005 -> C:\WINDOWS\System32\rsvpsp.dll -> [2004/08/27 15:00:00 | 00,090,112 | ---- | M] (Microsoft Corporation)Protocol_Catalog9\Catalog_Entries\000000000006 -> C:\WINDOWS\System32\rsvpsp.dll -> [2004/08/27 15:00:00 | 00,090,112 | ---- | M] (Microsoft Corporation)Protocol_Catalog9\Catalog_Entries\000000000008 -> C:\WINDOWS\System32\PrxerDrv.dll -> [2007/09/25 15:40:32 | 00,073,728 | ---- | M] (Initex Software)< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> {048298C9-A4D3-490B-9FF9-AB023A9238F3} -> Steam{18D10072035C4515918F7E37EAFAACFC} -> AutoUpdate{205C6BDD-7B73-42DE-8505-9A093F35A238} -> כלי ההעלאה של Windows Live{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} -> MSVCRT{236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2{2BA00471-0328-3743-93BD-FA813353A783} -> Microsoft .NET Framework 3.0 Service Pack 1{3248F0A8-6813-11D6-A77B-00B0D0160030} -> Java™ 6 Update 3{350C97B4-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP{38E0C491-5230-4373-B62E-F1A6E94B1033} -> Nero 7 Ultra Edition{3B4E636E-9D65-4D67-BA61-189800823F52} -> Windows Live Communications Platform{3CEA4CA8-CDD4-451C-B673-E8F17BE01B15} -> Ulead COOL 360 1.0{3D5C877F-8C4B-4623-BAD0-1BCD6FEA297B} -> Windows Live Essentials{43DCF766-6838-4F9A-8C91-D92DA586DFA8} -> Microsoft Windows Journal Viewer{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F} -> ECI USB ADSL{60DE4033-9503-48D1-A483-7846BD217CA9} -> ICQ6{6279F390-2AC9-11DD-6784-007F2D4018BE} -> Knight Empire{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} -> Windows Genuine Advantage v1.3.0254.0{7197F874-B0E0-4A73-A880-7E712F4D0EB7}}_is1 -> Uninstall KnightOnline{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable{74EC78BC-B379-4E29-9006-8F161DCAABA6} -> Apple Software Update{7784A172-61F1-445E-8368-601607E0DD22} -> MP3 Player Utilities 3.73{786C5747-1033-0000-B58E-000000000001} -> Adobe Stock Photos 1.0{789289CA-F73A-4A16-A331-54D498CE069F} -> Ventrilo Client{7B63B2922B174135AFC0E1377DD81EC2} -> DivX Codec{7C9AD221-994C-45B2-B46D-26F5735158CF} -> Sony Vegas Pro 8.0{83FB9DEC-89ED-4D9D-AE85-F2752D107C79} -> Windows Live Messenger{885A5214-9CDD-40E0-A89D-7672588748E1} -> Windows Live Call{8ADFC4160D694100B5B8A22DE9DCABD9} -> DivX Player{8EDBA74D-0686-4C99-BFDD-F894678E5B39} -> Adobe Common File Installer{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} -> Choice Guard{9028040D-6000-11D3-8CFE-0050048383C9} -> Microsoft Office XP Professional עם FrontPage{908A2F10-4DFC-11DD-6784-03B71C4018BE} -> Knight Empire{95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting{95774351-6087-3A3B-8CA8-70BEE49D2BD5} -> Google Gears{A0D6AA15-66B9-41BE-BA85-17EB8C84A685} -> Knight Online{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} -> Segoe UI{A34386F8-7655-4E3B-9F51-D3064F607C89} -> blaxxun Contact{AA7D532A-6C19-4168-A887-BF306A431B65} -> Game Cam Lite v1.4{AC76BA86-7AD7-1033-7B44-A81200000003} -> Adobe Reader 8.1.2{AF5E8D43-49AD-4BE7-A941-2BB0A8CACA62} -> ACDSee 5.0 Standard{B13A7C41581B411290FBC0395694E2A9} -> DivX Converter{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy{B508B3F1-A24A-32C0-B310-85786919EF28} -> Microsoft .NET Framework 2.0 Service Pack 1{B50C6AA0-1524-4285-A68C-003DDFF12073}_is1 -> Knight Empire V5.0{B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player{B74D4E10-1033-0000-0000-000000000001} -> Adobe Bridge 1.0{BAF78226-3200-4DB4-BE33-4D922A799840} -> Windows Presentation Foundation{BCBA462D-3E1B-416C-89F8-492020D4BBF4} -> מסייע הכניסה של Windows Live{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} -> SUPERAntiSpyware Professional{D271DAE0-8D68-4C97-8356-A126D48A1D8C} -> Ulead Photo Explorer 8.0 SE Basic{DF3E37E0-06D5-4A1B-A264-BD2B7E30B458} -> Knight Online{E9787678-1033-0000-8E67-000000000001} -> Adobe Help Center 1.0Ad-aware 6 Professional -> Ad-aware 6 ProfessionalAdobe Flash Player ActiveX -> Adobe Flash Player ActiveXAdobe Flash Player Plugin -> Adobe Flash Player PluginAdobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2Adobe Shockwave Player -> Adobe Shockwave PlayerAtomixMP3 v2.3 Trial -> AtomixMP3 v2.3 TrialCCleaner -> CCleaner (remove only)ESE_Registration -> ESE Account Manager (remove only)Fire eMule_is1 -> Fire eMule.co.il v7.1 (0.47c)Fraps -> Fraps (remove only)getPlus®_ocx -> getPlus®_ocxGOM Player -> GOM PlayerHijackThis -> HijackThis 1.99.1IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIsie7 -> Windows Internet Explorer 7Knight-Empire 5.4 -> Knight-Empire 5.4mIRC -> mIRCMonopol -> Monopol 5.0MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XPNeoteris_Secure_Application_Manager -> Juniper Networks Secure Application ManagerNLSDownlevelMapping -> Microsoft National Language Support Downlevel APIsNVIDIA Drivers -> NVIDIA DriversNVIDIAStereo -> NVIDIA Windows 95/98/ME/2000/XP Stereo DriversProxifier_is1 -> Proxifier version 2.7Speed eMule_is1 -> Speed eMule.co.il v8.0 (0.48a)Spybot - Search & Destroy_is1 -> Spybot - Search & Destroy 1.5.2.20Steam App 440 -> Team Fortress 2Teamspeak 2 RC2_is1 -> TeamSpeak 2 RC2TeamSpeak 2 Server_is1 -> TeamSpeak 2 Server RC2UnrealTournament -> Unreal Tournament G.O.T.Y. EditionVentriloMIX -> VentriloMIXWIC -> Windows Imaging ComponentWindows Media Format Runtime -> Windows Media Format 11 runtimeWindows Media Player -> Windows Media Player 11WinLiveSuite_Wave3 -> Windows Live EssentialsWinRAR archiver -> WinRAR archiverWMFDist11 -> Windows Media Format 11 runtimewmp11 -> Windows Media Player 11WOW -> WOWWudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0Xfire -> Xfire (remove only)XpsEPSC -> XML Paper Specification Shared Components Pack 1.0XviD -> XviD MPEG-4 Codec< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> Google Chrome -> Google ChromeJuniper_Networks_Cache_Cleaner 6.0.0 -> Juniper Networks Cache Cleaner 6.0.0Juniper_Term_Services -> Juniper Terminal Services ClientNeoteris_Host_Checker -> Juniper Networks Host CheckerNoNameScript -> NoNameScript< EventViewer Logs - Last 10 Errors > -> Event Information -> DescriptionApplication [ Error ] 31/05/2009 06:17:04 Computer Name = TAP-7409E23BDD | Source = Google Update | ID = 20 -> Description = Application [ Error ] 01/06/2009 04:11:46 Computer Name = TAP-7409E23BDD | Source = Google Update | ID = 20 -> Description = Application [ Error ] 03/06/2009 00:04:03 Computer Name = TAP-7409E23BDD | Source = Google Update | ID = 20 -> Description = Application [ Error ] 04/06/2009 08:49:35 Computer Name = TAP-7409E23BDD | Source = Application Error | ID = 1000 -> Description = ‏‏תקלה ביישום wmplayer.exe, גירסה 11.0.5721.5145, תקלה במודול nevideo.ax, גירסה 4.2.12.25, כתובת התקלה 0x000b1eb5‏.Application [ Error ] 04/06/2009 08:50:36 Computer Name = TAP-7409E23BDD | Source = Application Error | ID = 1000 -> Description = ‏‏תקלה ביישום wmplayer.exe, גירסה 11.0.5721.5145, תקלה במודול nevideo.ax, גירסה 4.2.12.25, כתובת התקלה 0x000b1eb5‏.Application [ Error ] 04/06/2009 08:54:07 Computer Name = TAP-7409E23BDD | Source = Application Error | ID = 1000 -> Description = ‏‏תקלה ביישום wmplayer.exe, גירסה 11.0.5721.5145, תקלה במודול nevideo.ax, גירסה 4.2.12.25, כתובת התקלה 0x000b1eb5‏.Application [ Error ] 04/06/2009 08:55:10 Computer Name = TAP-7409E23BDD | Source = Application Error | ID = 1000 -> Description = ‏‏תקלה ביישום wmplayer.exe, גירסה 11.0.5721.5145, תקלה במודול nevideo.ax, גירסה 4.2.12.25, כתובת התקלה 0x000b1eb5‏.Application [ Error ] 04/06/2009 09:15:20 Computer Name = TAP-7409E23BDD | Source = Google Update | ID = 20 -> Description = Application [ Error ] 04/06/2009 10:15:20 Computer Name = TAP-7409E23BDD | Source = Google Update | ID = 20 -> Description = Application [ Error ] 06/06/2009 07:05:41 Computer Name = TAP-7409E23BDD | Source = Application Error | ID = 1000 -> Description = ‏‏תקלה ביישום chrome.exe, גירסה 0.0.0.0, תקלה במודול unknown, גירסה 0.0.0.0, כתובת התקלה 0x806fdf43‏.System [ Error ] 31/05/2009 02:49:30 Computer Name = TAP-7409E23BDD | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error:   %%126System [ Error ] 31/05/2009 02:49:30 Computer Name = TAP-7409E23BDD | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error:   %%126System [ Error ] 31/05/2009 02:49:30 Computer Name = TAP-7409E23BDD | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error:   %%126System [ Error ] 31/05/2009 02:49:30 Computer Name = TAP-7409E23BDD | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error:   %%126System [ Error ] 31/05/2009 02:49:31 Computer Name = TAP-7409E23BDD | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error:   %%126System [ Error ] 31/05/2009 02:49:31 Computer Name = TAP-7409E23BDD | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error:   %%126System [ Error ] 31/05/2009 02:49:31 Computer Name = TAP-7409E23BDD | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error:   %%126System [ Error ] 31/05/2009 02:49:31 Computer Name = TAP-7409E23BDD | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error:   %%126System [ Error ] 31/05/2009 02:49:31 Computer Name = TAP-7409E23BDD | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error:   %%126System [ Error ] 31/05/2009 02:49:31 Computer Name = TAP-7409E23BDD | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error:   %%126 [Files/Folders - Created Within 30 Days]bookmarks.html -> C:\Documents and Settings\עדן\שולחן העבודה\bookmarks.html ->

Title: Concerned, need help
Post by: guestolo on June 06, 2009, 11:11:38 AM

Can you do the following:
Download [color=\"#FF0000\"]> ATF Cleaner <[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\") by Atribune and save it to your Desktop.

Double Click on ATF-Cleaner.exe to Run it
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
*Prefetch (Windows XP) only.
Java Cache

The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.
If you use Firefox browser
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit from the Main menu

download Malwarebytes' Anti-Malware from Here (http://\"http://www.besttechie.net/tools/mbam-setup.exe\") or Here (http://\"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html\")
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to [color=\"#006400\"]Update Malwarebytes' Anti-Malware[/color] and [color=\"#006400\"]Launch Malwarebytes' Anti-Malware[/color], then click Finish.
     
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
     
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
     
  
• Make sure that everything is checked, and click Remove Selected.
      * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
     
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply
  

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

With that log from MBAM
Can you also do the following
Access your Add and Remove programs and remove Hijackthis 1.99.1
Then: Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color] (http://\"http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe\")
For an alternate download location, you can try HERE  (http://\"http://fileforum.betanews.com/detail/HijackThis/1071179190/1\")
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum

Title: Concerned, need help
Post by: Brenneka on June 06, 2009, 02:09:48 PM

Malwarebytes' Anti-Malware 1.37
Database version: 2238
Windows 5.1.2600 Service Pack 2

06/06/2009 21:57:28
mbam-log-2009-06-06 (21-57-28).txt

Scan type: Quick Scan
Objects scanned: 110534
Time elapsed: 8 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7aa32fc7-133b-4ae7-998e-ced0d9829b12} (Trojan.Dialer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8a0dcbda-6e20-489c-9041-c1e8a0352e75} (Adware.Mirar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Microsoft Corporation Svchost Services (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Microsoft Corporation Svchost Services (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Microsoft Corporation Svchost Services (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Microsoft Corporation Svchost Services (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



-------------------------------------------------------------------------------------------------------------------------------------------------------



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08:38, on 06/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Documents and Settings\עדן\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\עדן\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\עדן\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\עדן\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/ (http://\"http://www.google.co.il/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: עוזר הכניסה של Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Microsoft Corporation Svchost Services] mssvcs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [Microsoft Corporation Svchost Services] mssvcs.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\עדן\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (http://\"http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab\")
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab (http://\"http://xiah.gamescampus.com/luncher/GamesCampus.cab\")
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202306177953 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202306177953\")
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://play.battlefield-heroes.com/static/...er_4.0.15.0.cab (http://\"https://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab\")
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab (http://\"http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab\")
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab (http://\"http://www.crucial.com/controls/cpcScanner.cab\")
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab\")
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab (http://\"http://www.adobe.com/products/acrobat/nos/gp.cab\")
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ssl.sonol.co.il/dana-cached/setup/J...perSetupSP1.cab (http://\"https://ssl.sonol.co.il/dana-cached/setup/JuniperSetupSP1.cab\")
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} - http://irc.nana.co.il/Cabs/launcher39.cab (http://\"http://irc.nana.co.il/Cabs/launcher39.cab\")
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{138FBCB5-DF29-4828-B640-71D6034CC076}: NameServer = 192.115.106.31 192.115.106.31
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8450 bytes

Title: Concerned, need help
Post by: guestolo on June 06, 2009, 02:29:53 PM

Download ComboFix from one of these locations:

[color=\"#0000FF\"]Link 1[/color] (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\")
[color=\"#0000FF\"]Link 2[/color] (http://\"http://subs.geekstogo.com/ComboFix.exe\")
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

      --------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]
NORTON ANTIVIRUS (by Symantec)
Please navigate to the system tray on the bottom right hand corner and find Norton's icon

    * right-click it -> chose "Disable Auto-Protect."
    * select a time duration >>> Choose at least 30 minutes to ensure it won't interfere
    * click "Ok."
    * a popup will warn that protection will now be disabled

PC TOOLS THREATFIRE

    * Right-click on ThreatFire's icon near the clock (it's an orange flame) and select Suspend.
    * When you see that the icon has turned from an orange flame to a blue icon with an orange strip in the middle, ThreatFire has been disabled temporarily.

• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]
(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v706/ried7/whatnext.png)


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

Also post a fresh Hijackthis log afterwards

Title: Concerned, need help
Post by: Brenneka on June 06, 2009, 03:58:42 PM

Alright, I'm done now. About Norton Antivirus and PC Tools Threatfire, I have neither of them installed, I did use Norton AV but that was about 3 years ago so I may still have remnants of it in some places. As I said in my first post, I hadn't used any anti-viruses before I downloaded the ones you told me to, even if I have some installed. I skipped the two bits about Norton AV and ThreatFire and continued following your instructions closely. When I ran ComboFix, I didn't get the 'Recovery Console' query so I assumed I have it installed, but the log says that I don't, no idea why.

I must also say that before doing the ComboFix 'check', I noticed that my PC's performance had improved after scanning with Malwarebytes' Anti-Malware, it really helped. Also, just as another side note, I opened up the C:\ folder and noticed a strange file named 'lawlok.exe', so I used Kaspersky's single-file online scan from your sticky thread and it said it was a harmful file with 'Backdoor.Win32.Bifoers' or something like that, I can't really remember the name. I immediately deleted the file, I hope what I did was ok.

I'd also like to give you a huge and advanced thank-you.

ComboFix's and Hijackthis' logs follow below.


ComboFix 09-06-05.09 - עדן 06/06/2009 23:28.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1255.972.1037.18.511.214 [GMT 3:00]
Running from: c:\documents and settings\עדן\שולחן העבודה\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents
c:\windows\Downloaded Program Files\rave
c:\windows\system32\launcher.exe

.
(((((((((((((((((((((((((   Files Created from 2009-05-06 to 2009-06-06  )))))))))))))))))))))))))))))))
.

2009-06-06 19:08 . 2009-06-06 19:08   --------   d-----w-   c:\program files\Trend Micro
2009-06-06 18:06 . 2009-06-06 18:06   --------   d-----w-   c:\documents and settings\עדן\Application Data\Malwarebytes
2009-06-06 18:06 . 2009-05-26 10:20   40160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-06 18:06 . 2009-06-06 18:06   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-06-06 18:06 . 2009-06-06 18:06   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-06-06 18:06 . 2009-05-26 10:19   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-06-05 13:37 . 2009-06-05 13:37   --------   d-----w-   c:\windows\system32\wbem\Repository
2009-05-31 11:07 . 2009-05-31 11:07   --------   d-----w-   c:\program files\Monopol500
2009-05-31 11:07 . 2009-05-31 11:07   --------   d-----w-   c:\program files\Proxifier
2009-05-31 11:07 . 2009-05-31 11:07   --------   d-----w-   c:\program files\Vstplugins
2009-05-31 11:06 . 2009-05-31 11:06   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-05-31 11:06 . 2009-05-31 11:06   --------   d-----w-   c:\program files\InterMute
2009-05-31 11:06 . 2009-05-31 11:06   --------   d-----w-   c:\program files\ESET
2009-05-31 11:06 . 2009-05-31 11:06   --------   d-----w-   c:\program files\EA GAMES
2009-05-31 11:04 . 2009-05-31 11:06   --------   d-----w-   c:\program files\wow250
2009-05-31 11:04 . 2009-05-31 11:04   --------   d-----w-   c:\program files\SodaBush
2009-05-31 11:03 . 2009-05-31 11:03   --------   d-----w-   c:\program files\Gamescampus
2009-05-31 11:02 . 2009-05-31 11:02   --------   d-----w-   c:\program files\Coding Workshop Polyphonic Wizard
2009-05-31 11:02 . 2009-05-31 11:02   --------   d-----w-   c:\program files\Avira
2009-05-31 11:02 . 2009-05-31 11:02   --------   d-----w-   c:\program files\ECI Telecoms
2009-05-31 11:02 . 2009-05-31 11:02   --------   d-----w-   c:\program files\i2i Internet Solutions
2009-05-31 11:02 . 2009-05-31 11:02   --------   d-----w-   c:\program files\Download Direct
2009-05-31 11:01 . 2009-05-31 11:01   --------   d-----w-   c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-31 11:01 . 2009-05-31 11:01   --------   d-----w-   c:\program files\MSXML 6.0
2009-05-31 11:00 . 2009-05-31 11:00   --------   d-----w-   c:\program files\Mv2Player
2009-05-31 10:58 . 2009-05-31 11:05   --------   d-----w-   c:\program files\KOSS2
2009-05-31 10:57 . 2009-05-31 11:06   --------   d-----w-   c:\program files\KOSS
2009-05-31 10:55 . 2009-05-31 10:55   --------   d-----w-   C:\NFSC
2009-05-31 10:55 . 2009-05-31 10:55   --------   d-----w-   C:\Nexon
2009-05-31 10:53 . 2009-05-31 10:53   --------   d-----w-   c:\program files\Knight-Empire.net
2009-05-31 10:45 . 2009-05-31 10:53   --------   d-----w-   c:\program files\KnightOnline
2009-05-31 10:41 . 2009-05-31 10:52   --------   d-----w-   c:\program files\Knight Empire
2009-05-31 10:40 . 2009-05-31 10:40   --------   d-----w-   c:\program files\Neoact
2009-05-31 10:40 . 2009-05-31 10:40   --------   d-----w-   c:\program files\Lavasoft
2009-05-31 10:40 . 2009-05-31 10:40   --------   d-----w-   c:\program files\eMule
2009-05-31 10:32 . 2009-05-31 10:32   --------   d-----w-   C:\GamersFirst
2009-05-31 10:31 . 2009-05-31 10:40   --------   d-----w-   c:\program files\Knight Online
2009-05-31 10:31 . 2009-05-31 11:08   --------   d-----w-   c:\program files\Spybot - Search & Destroy2
2009-05-30 10:11 . 2009-05-31 11:08   --------   d-----w-   c:\documents and settings\עדן\Application Data\NoNameScript-May30
2009-05-26 17:55 . 2009-05-26 17:55   91278   ----a-w-   c:\documents and settings\עדן\Application Data\NoNameScript-May26\nnuninstall.exe
2009-05-26 17:55 . 2009-06-06 19:51   --------   d-----w-   c:\documents and settings\עדן\Application Data\NoNameScript-May26
2009-05-25 14:24 . 2009-05-25 14:24   --------   d-----w-   c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\Xfire
2009-05-25 14:20 . 2009-05-25 20:43   --------   d-----w-   c:\documents and settings\עדן\Application Data\Xfire
2009-05-25 14:20 . 2009-06-05 13:36   --------   d-----w-   c:\program files\Xfire
2009-05-18 08:49 . 2009-05-18 08:49   --------   d-----w-   c:\documents and settings\עדן\Local Settings\Application Data\PunkBuster
2009-05-18 08:03 . 2009-06-06 13:01   --------   d-----w-   c:\documents and settings\עדן\Application Data\id Software
2009-05-18 08:02 . 2009-05-18 08:02   22328   ----a-w-   c:\documents and settings\עדן\Application Data\PnkBstrK.sys
2009-05-11 08:16 . 2009-05-11 08:16   91278   ----a-w-   c:\documents and settings\עדן\Application Data\NoNameScript-May11\nnuninstall.exe
2009-05-11 08:16 . 2009-05-26 17:34   --------   d-----w-   c:\documents and settings\עדן\Application Data\NoNameScript-May11

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-06 19:50 . 2008-12-16 12:25   --------   d-----w-   c:\program files\mIRC
2009-06-06 13:00 . 2009-05-31 11:06   --------   d-----w-   c:\program files\BitTorrent
2009-05-31 11:08 . 2006-09-02 13:16   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-05-31 11:07 . 2009-05-31 11:06   --------   d-----w-   c:\program files\AtomixMP3
2009-05-31 11:07 . 2009-05-31 11:06   --------   d-----w-   c:\program files\blaxxun Contact
2009-05-31 11:07 . 2009-05-31 11:07   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Sony
2009-05-31 11:07 . 2009-05-31 11:07   --------   d-----w-   c:\program files\Sony
2009-05-31 11:06 . 2009-05-31 11:06   --------   d-----w-   c:\program files\Steam
2009-05-31 11:06 . 2005-11-24 14:51   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-05-31 11:06 . 2007-04-08 09:26   --------   d-----w-   c:\documents and settings\עדן\Application Data\SUPERAntiSpyware.com
2009-05-31 11:06 . 2009-05-31 11:06   --------   d-----w-   c:\program files\IDoser v4
2009-05-31 11:06 . 2009-05-31 11:06   --------   d-----w-   c:\program files\softnyx
2009-05-31 11:06 . 2009-05-31 11:06   --------   d-----w-   c:\program files\Netex
2009-05-31 11:06 . 2009-05-31 11:06   --------   d-----w-   c:\program files\Sony Setup
2009-05-31 11:06 . 2009-05-31 11:06   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2009-05-31 11:06 . 2009-05-31 11:06   --------   d-----w-   c:\program files\Warcraft III 2
2009-05-31 10:40 . 2004-04-30 16:33   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-05-31 07:10 . 2007-11-17 18:15   --------   d-----w-   c:\program files\Windows Media Connect 2
2009-05-31 06:42 . 2006-01-04 14:33   --------   d-----w-   c:\documents and settings\עדן\Application Data\blaxxun interactive
2009-05-10 16:56 . 2009-04-27 06:36   --------   d-----w-   c:\documents and settings\עדן\Application Data\NoNameScript-Apr27
2009-04-29 21:20 . 2009-04-29 21:20   41808   ----a-w-   c:\windows\system32\xfcodec.dll
2009-04-27 06:36 . 2009-04-27 06:36   91278   ----a-w-   c:\documents and settings\עדן\Application Data\NoNameScript-Apr27\nnuninstall.exe
2009-04-26 19:33 . 2009-04-23 07:04   --------   d-----w-   c:\documents and settings\עדן\Application Data\NoNameScript-Apr23
2009-04-23 07:04 . 2009-04-23 07:04   91278   ----a-w-   c:\documents and settings\עדן\Application Data\NoNameScript-Apr23\nnuninstall.exe
2009-04-22 20:27 . 2009-04-05 03:09   --------   d-----w-   c:\documents and settings\עדן\Application Data\NoNameScript-Apr5
2009-04-05 03:09 . 2009-04-05 03:09   91278   ----a-w-   c:\documents and settings\עדן\Application Data\NoNameScript-Apr5\nnuninstall.exe
2009-04-02 11:53 . 2009-04-02 11:53   37230   ----a-w-   c:\documents and settings\עדן\Application Data\Juniper Networks\Juniper Terminal Services Client\uninstall.exe
2009-04-02 11:52 . 2009-04-02 11:52   49951   ----a-w-   c:\documents and settings\עדן\Application Data\Juniper Networks\Host Checker\uninstall.exe
2009-04-02 11:52 . 2009-04-02 11:52   37067   ----a-w-   c:\documents and settings\עדן\Application Data\Juniper Networks\Cache Cleaner 6.0.0\uninstall.exe
2009-04-01 07:40 . 2009-04-01 07:40   91278   ----a-w-   c:\documents and settings\עדן\Application Data\NoNameScript-Apr1\nnuninstall.exe
2009-04-01 07:28 . 2005-12-08 08:13   54656   ----a-w-   c:\documents and settings\עדן\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-31 09:22 . 2009-03-31 09:22   91278   ----a-w-   c:\documents and settings\עדן\Application Data\NoNameScript-31Mar\nnuninstall.exe
2009-03-27 08:20 . 2004-08-27 12:00   67544   ----a-w-   c:\windows\system32\perfc00d.dat
2009-03-27 08:20 . 2004-08-27 12:00   346000   ----a-w-   c:\windows\system32\perfh00d.dat
2009-03-26 10:36 . 2009-03-26 10:36   91278   ----a-w-   c:\documents and settings\עדן\Application Data\NoNameScript-26Mar\nnuninstall.exe
2009-03-21 07:47 . 2009-03-21 07:47   91278   ----a-w-   c:\documents and settings\עדן\Application Data\NoNameScript-21Mar\nnuninstall.exe
2009-03-12 14:02 . 2009-03-12 14:02   91278   ----a-w-   c:\documents and settings\עדן\Application Data\NoNameScript-12Mar\nnuninstall.exe
2005-01-29 12:14 . 2005-01-29 12:14   48640   --sha-w-   c:\program files\Thumbs.db
2003-01-13 09:20 . 2004-09-12 12:48   278528   ----a-w-   c:\program files\internet explorer\plugins\PanoViewer.dll
1999-04-30 14:00 . 2004-09-12 12:48   98304   ----a-w-   c:\program files\internet explorer\plugins\UPjpeg.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-27 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools\daemon.exe" [2007-12-29 486856]
"Google Update"="c:\documents and settings\עדן\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-16 133104]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-27 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-27 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-30 4603904]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-09-30 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-20 385024]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-09-30 921600]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-09-16 69632]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-27 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-27 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

c:\documents and settings\’ƒ\š”˜‰ˆ „š‡Œ„\š…‹‰…š\„”’Œ„\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-8-8 113664]

c:\documents and settings\All Users.WINDOWS\š”˜‰ˆ „š‡Œ„\š…‹‰…š\„”’Œ„\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^תפריט התחלה^תוכניות^הפעלה^DSLMON.lnk]
path=c:\documents and settings\All Users.WINDOWS\תפריט התחלה\תוכניות\הפעלה\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^עדן^תפריט התחלה^תוכניות^הפעלה^Xfire.lnk]
path=c:\documents and settings\עדן\תפריט התחלה\תוכניות\הפעלה\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Tactical Ops\\TacticalOps 3\\System\\TacticalOps.exe"=
"c:\\Documents and Settings\\עדן\\שולחן העבודה\\new.logic.1.1.beta.1a\\emule.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Documents and Settings\\עדן\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Tactical Ops\\TacticalOps 4\\System\\TacticalOps.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Program Files\\Tactical Ops\\TacticalOps 1\\System\\TacticalOps.exe"=
"c:\\Program Files\\Tactical Ops\\TacticalOps 2\\System\\TacticalOps.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=

R1 NEOFLTR_600_12507;Juniper Networks TDI Filter Driver (NEOFLTR_600_12507);c:\windows\system32\drivers\NEOFLTR_600_12507.sys [28/12/2007 06:23 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 12:53 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27/02/2007 11:39 32256]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 16:51 4096]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 XDva002;XDva002;\??\c:\windows\system32\XDva002.sys --> c:\windows\system32\XDva002.sys [?]
S3 XDva007;XDva007;\??\c:\windows\system32\XDva007.sys --> c:\windows\system32\XDva007.sys [?]
S3 XDva009;XDva009;\??\c:\windows\system32\XDva009.sys --> c:\windows\system32\XDva009.sys [?]
S3 XDva010;XDva010;\??\c:\windows\system32\XDva010.sys --> c:\windows\system32\XDva010.sys [?]
S3 XDva020;XDva020;\??\c:\windows\system32\XDva020.sys --> c:\windows\system32\XDva020.sys [?]
S3 XDva025;XDva025;\??\c:\windows\system32\XDva025.sys --> c:\windows\system32\XDva025.sys [?]
S3 XDva031;XDva031;\??\c:\windows\system32\XDva031.sys --> c:\windows\system32\XDva031.sys [?]
S3 XDva032;XDva032;\??\c:\windows\system32\XDva032.sys --> c:\windows\system32\XDva032.sys [?]
S3 XDva033;XDva033;\??\c:\windows\system32\XDva033.sys --> c:\windows\system32\XDva033.sys [?]
S3 XDva039;XDva039;\??\c:\windows\system32\XDva039.sys --> c:\windows\system32\XDva039.sys [?]
S3 XDva041;XDva041;\??\c:\windows\system32\XDva041.sys --> c:\windows\system32\XDva041.sys [?]
S3 XDva049;XDva049;\??\c:\windows\system32\XDva049.sys --> c:\windows\system32\XDva049.sys [?]
S3 XDva054;XDva054;\??\c:\windows\system32\XDva054.sys --> c:\windows\system32\XDva054.sys [?]
S3 XDva062;XDva062;\??\c:\windows\system32\XDva062.sys --> c:\windows\system32\XDva062.sys [?]
S3 XDva078;XDva078;\??\c:\windows\system32\XDva078.sys --> c:\windows\system32\XDva078.sys [?]
S3 XDva089;XDva089;\??\c:\windows\system32\XDva089.sys --> c:\windows\system32\XDva089.sys [?]
S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?]
S3 XDva136;XDva136;\??\c:\windows\system32\XDva136.sys --> c:\windows\system32\XDva136.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Microsoft Corporation Svchost Services - mssvcs.exe
HKLM-Run-Microsoft Corporation Svchost Services - mssvcs.exe
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-procexp90.Sys
SafeBoot-AVG Anti-Spyware Guard


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.il/
mStart Page = about:blank
IE: &יצא ל- Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\PrxerDrv.dll
TCP: {138FBCB5-DF29-4828-B640-71D6034CC076} = 192.115.106.31 192.115.106.31
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} - hxxp://irc.nana.co.il/Cabs/launcher39.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2009-06-06 23:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-261903793-1801674531-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1960408961-261903793-1801674531-1004\Software\Microsoft\  M*i*c*r*o*s*o*f*t* *M*a*n*a*g*e*m*e*n*t* *C*o*n*s*o*l*e*\Recent File List]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"File1"="c:\\WINDOWS\\system32\\devmgmt.msc"
.
Completion time: 2009-06-06 23:40
ComboFix-quarantined-files.txt  2009-06-06 20:39

Pre-Run: 19,751,161,856 bytes free
Post-Run: 20,684,300,288 bytes free

231   --- E O F ---   2008-06-30 16:25

Title: Concerned, need help
Post by: Brenneka on June 07, 2009, 01:06:12 PM

What now? Is everything ok?

Title: Concerned, need help
Post by: guestolo on June 07, 2009, 01:19:21 PM

Quote

I do not use any kind of anti-viruses, I try to avoid them as they have only caused me problem in the past,

You will probably have more problems without one installed
You may not leave this installed, as I seen you may have used it before, but let's get a scan with it please

Go to the following link:
http://download.cnet.com/Avira-AntiVir-Per...cdlPid=11012914 (http://\"http://download.cnet.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html?part=dl-10322935&subj=dl&tag=button&cdlPid=11012914\")
Download and save the installer to desktop>>>Link is Download Now  (28.68MB)


Double click on the Avira installer and run it
Ensure that you have it check for Updates
The first time it updates may take awhile, but allow it time

NOTE: Avira will display a single big Ad on your computer
Don't be alarmed, just click OK at the bottom of the Ad to close it

A scan of your System should then start
If a scan does not start after updating, double click on the Avira icon by the clock (the red/white umbrella)
and select "Scan system now"

Quarantine or delete everything it finds
When the scan is finished
Reboot the computer

Back in Windows
Can you post all the following back please

 Please post the log from Avira
Open Avira again (Double click on the red Umbrella icon by the clock)
Click on REPORTS under Overview
Double click on the Scan report you just made
Then click on "Report File"

Title: Concerned, need help
Post by: Brenneka on June 07, 2009, 05:31:19 PM

I've also added a fresh Hijackthis log, just as an extra that might help. Oh and after Avira AntiVir finished scanning and after rebooting, Windows ran a CHKDSK. Telling you that just so you know.

Avira AntiVir Personal
Report file date: יום ראשון 07 יוני 2009  23:36

Scanning for 1457764 virus strains and unwanted programs.

Licensee        : Avira AntiVir Personal - FREE Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows XP
Windows version : (Service Pack 2)  [5.1.2600]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : TAP-7409E23BDD

Version information:
BUILD.DAT       : 9.0.0.394     17962 Bytes  17/04/2009 11:20:00
AVSCAN.EXE      : 9.0.3.5      466689 Bytes  17/04/2009 06:57:30
AVSCAN.DLL      : 9.0.3.0       40705 Bytes  27/02/2009 08:58:24
LUKE.DLL        : 9.0.3.2      209665 Bytes  20/02/2009 09:35:49
LUKERES.DLL     : 9.0.2.0       12033 Bytes  27/02/2009 08:58:52
ANTIVIR0.VDF    : 7.1.0.0    15603712 Bytes  27/10/2008 10:30:36
ANTIVIR1.VDF    : 7.1.2.12    3336192 Bytes  11/02/2009 18:33:26
ANTIVIR2.VDF    : 7.1.4.38    2692096 Bytes  29/05/2009 20:35:12
ANTIVIR3.VDF    : 7.1.4.66     237568 Bytes  07/06/2009 20:35:17
Engineversion   : 8.2.0.180
AEVDF.DLL       : 8.1.1.1      106868 Bytes  07/06/2009 20:35:55
AESCRIPT.DLL    : 8.1.2.0      389497 Bytes  07/06/2009 20:35:54
AESCN.DLL       : 8.1.2.3      127347 Bytes  07/06/2009 20:35:51
AERDL.DLL       : 8.1.1.3      438645 Bytes  29/10/2008 16:24:41
AEPACK.DLL      : 8.1.3.18     401783 Bytes  07/06/2009 20:35:49
AEOFFICE.DLL    : 8.1.0.36     196987 Bytes  26/02/2009 18:01:56
AEHEUR.DLL      : 8.1.0.129   1761655 Bytes  07/06/2009 20:35:44
AEHELP.DLL      : 8.1.2.2      119158 Bytes  26/02/2009 18:01:56
AEGEN.DLL       : 8.1.1.44     348532 Bytes  07/06/2009 20:35:24
AEEMU.DLL       : 8.1.0.9      393588 Bytes  09/10/2008 12:32:40
AECORE.DLL      : 8.1.6.12     180599 Bytes  07/06/2009 20:35:19
AEBB.DLL        : 8.1.0.3       53618 Bytes  09/10/2008 12:32:40
AVWINLL.DLL     : 9.0.0.3       18177 Bytes  12/12/2008 06:47:59
AVPREF.DLL      : 9.0.0.1       43777 Bytes  05/12/2008 08:32:15
AVREP.DLL       : 8.0.0.3      155905 Bytes  20/01/2009 12:34:28
AVREG.DLL       : 9.0.0.0       36609 Bytes  05/12/2008 08:32:09
AVARKT.DLL      : 9.0.0.3      292609 Bytes  24/03/2009 13:05:41
AVEVTLOG.DLL    : 9.0.0.7      167169 Bytes  30/01/2009 08:37:08
SQLITE3.DLL     : 3.6.1.0      326401 Bytes  28/01/2009 13:03:49
SMTPLIB.DLL     : 9.2.0.25      28417 Bytes  02/02/2009 06:21:33
NETNT.DLL       : 9.0.0.0       11521 Bytes  05/12/2008 08:32:10
RCIMAGE.DLL     : 9.0.0.21    2438401 Bytes  09/02/2009 09:45:45
RCTEXT.DLL      : 9.0.37.0      86785 Bytes  17/04/2009 08:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: יום ראשון 07 יוני 2009  23:36

Starting search for hidden objects.
'78924' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '56' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
    [WARNING]   The file could not be opened!
    [NOTE]      This file is a Windows system file.
    [NOTE]      This file cannot be opened for scanning.
C:\pagefile.sys
    [WARNING]   The file could not be opened!
    [NOTE]      This file is a Windows system file.
    [NOTE]      This file cannot be opened for scanning.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Windows Defender\Quarantine\{00001FD0-0001-0000-D7EE-A8F10EB4A99D}\DATA.CAB
 

• Archive type: CAB (Microsoft)

    --> RESOURCE1
      [1] Archive type: HIDDEN
      [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    --> RESOURCE2
      [1] Archive type: HIDDEN
      [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    --> RESOURCE3
      [1] Archive type: HIDDEN
      [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    --> RESOURCE4
      [1] Archive type: HIDDEN
      [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    --> RESOURCE5
      [1] Archive type: HIDDEN
      [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    --> RESOURCE6
      [1] Archive type: HIDDEN
      [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\Documents and Settings\עדן\Application Data\Sun\Java\Deployment\cache\6.0\54\7c9afc76-52cca17d
 

• Archive type: ZIP

    --> OP.class
      [DETECTION] Contains recognition pattern of the EXP/ByteVerify.I exploit
C:\Documents and Settings\עדן\My Documents\rootcracker alpha 1.3.rar
 

• Archive type: RAR

    --> rootcracker alpha 1.3\rootcracker.exe
      [DETECTION] Is the TR/Hijacker.Gen Trojan
C:\Documents and Settings\עדן\My Documents\rootcracker alpha 1.3\rootcracker.exe
    [DETECTION] Is the TR/Hijacker.Gen Trojan
C:\Documents and Settings\עדן\My Documents\הקבצים שלי שהתקבלו\1014_rootcracker alpha 1.3.rar
 

• Archive type: RAR

    --> rootcracker alpha 1.3\rootcracker.exe
      [DETECTION] Is the TR/Hijacker.Gen Trojan
C:\Documents and Settings\עדן\שולחן העבודה\new.logic.1.1.beta.1a\emule.exe
    [DETECTION] Is the TR/Dldr.Agent.vma Trojan
C:\Program Files\EA GAMES\Need for Speed Underground 2\rld-nu2k.exe
    [DETECTION] Is the TR/Packed.22775 Trojan
C:\Program Files\Knight Empire\dual.dll
    [DETECTION] Is the TR/Agent.buyg Trojan
C:\Program Files\Knight Empire\DualClient.exe
    [DETECTION] Is the TR/Spy.VB.bkc Trojan
C:\Program Files\Knight Empire\KnightOnLine.exe
    [DETECTION] Is the TR/Spy.Agent.amfd Trojan
C:\Program Files\Knight Online\Launcher.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Bifrost.671 back-door program
C:\Program Files\Knight-Empire.net\Knight-Empire\KnightOnLine.exe
    [DETECTION] Is the TR/Spy.Agent.amfd Trojan
C:\Program Files\KnightOnline\Launcher.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Bifrost.671 back-door program
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Darkmoon.GM.1 back-door program
C:\System Volume Information\_restore{0D1368F3-4705-4684-A322-DC445637B4F1}\RP316\A0657637.exe
    [DETECTION] Is the TR/Packed.22775 Trojan
C:\System Volume Information\_restore{0D1368F3-4705-4684-A322-DC445637B4F1}\RP316\A0672591.exe
    [DETECTION] Is the TR/Spy.Agent.amfd Trojan
C:\System Volume Information\_restore{0D1368F3-4705-4684-A322-DC445637B4F1}\RP316\A0679598.exe
    [DETECTION] Is the TR/Agent.ggn Trojan
C:\System Volume Information\_restore{0D1368F3-4705-4684-A322-DC445637B4F1}\RP316\A0683520.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Bifrost.671 back-door program
C:\System Volume Information\_restore{0D1368F3-4705-4684-A322-DC445637B4F1}\RP316\A0684127.dll
    [DETECTION] Is the TR/Agent.buyg Trojan
C:\System Volume Information\_restore{0D1368F3-4705-4684-A322-DC445637B4F1}\RP316\A0684129.exe
    [DETECTION] Is the TR/Spy.VB.bkc Trojan
C:\System Volume Information\_restore{0D1368F3-4705-4684-A322-DC445637B4F1}\RP316\A0684133.exe
    [DETECTION] Is the TR/Spy.Agent.amfd Trojan
C:\System Volume Information\_restore{0D1368F3-4705-4684-A322-DC445637B4F1}\RP318\A0708079.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Bifrost.671 back-door program
C:\System Volume Information\_restore{0D1368F3-4705-4684-A322-DC445637B4F1}\RP325\A0731393.exe
    [DETECTION] Is the TR/Agent.ggn Trojan
C:\System Volume Information\_restore{0D1368F3-4705-4684-A322-DC445637B4F1}\RP329\A0733014.exe
    [DETECTION] Is the TR/Agent.ggn Trojan
C:\System Volume Information\_restore{0D1368F3-4705-4684-A322-DC445637B4F1}\RP329\A0733040.exe
    [DETECTION] Contains recognition pattern of the DIAL/Dialer.Gen dialer
C:\System Volume Information\_restore{0D1368F3-4705-4684-A322-DC445637B4F1}\RP329\A0733214.ocx
    [DETECTION] Contains recognition pattern of the ADSPY/I2ISolution.A adware or spyware
C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING]   The file could not be opened!
C:\תוכנות\OfficeXP (D)\OFFICE1.CAB
 

• Archive type: CAB (Microsoft)

    --> Pkmormsd.5F4F.76FACAA8_4C38_49B4_B59C_6698F3D0BB4F
      [WARNING]   No further files can be extracted from this archive. The archive will be closed
    [WARNING]   No further files can be extracted from this archive. The archive will be closed
C:\תוכנות\OfficeXP (D)\FILES\OSP\1037\IE5\HB\VMX86_01.CAB
 

• Archive type: CAB (Microsoft)

    --> javax86.cab
      [1] Archive type: CAB (Microsoft)
      --> dx3j.dll
        [WARNING]   No further files can be extracted from this archive. The archive will be closed

Beginning disinfection:
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Windows Defender\Quarantine\{00001FD0-0001-0000-D7EE-A8F10EB4A99D}\DATA.CAB
    [NOTE]      The file was moved to '4a803992.qua'!
C:\Documents and Settings\עדן\Application Data\Sun\Java\Deployment\cache\6.0\54\7c9afc76-52cca17d
    [NOTE]      The file was moved to '4a6539b4.qua'!
C:\Documents and Settings\עדן\My Documents\rootcracker alpha 1.3.rar
    [NOTE]      The file was moved to '4a9b39c0.qua'!
C:\Documents and Settings\עדן\My Documents\rootcracker alpha 1.3\rootcracker.exe
    [DETECTION] Is the TR/Hijacker.Gen Trojan
    [NOTE]      The file was moved to '4b055c39.qua'!
C:\Documents and Settings\עדן\My Documents\הקבצים שלי שהתקבלו\1014_rootcracker alpha 1.3.rar
    [NOTE]      The file was moved to '4a5d3981.qua'!
C:\Documents and Settings\עדן\שולחן העבודה\new.logic.1.1.beta.1a\emule.exe
    [DETECTION] Is the TR/Dldr.Agent.vma Trojan
    [NOTE]      The file was moved to '4aa139bf.qua'!
C:\Program Files\EA GAMES\Need for Speed Underground 2\rld-nu2k.exe
    [DETECTION] Is the TR/Packed.22775 Trojan
    [NOTE]      The file was moved to '4a9039be.qua'!
C:\Program Files\Knight Empire\dual.dll
    [DETECTION] Is the TR/Agent.buyg Trojan
    [NOTE]      The file was moved to '4a8d39c7.qua'!
C:\Program Files\Knight Empire\DualClient.exe
    [DETECTION] Is the TR/Spy.VB.bkc Trojan
    [NOTE]      The file was moved to '494421d0.qua'!
C:\Program Files\Knight Empire\KnightOnLine.exe
    [DETECTION] Is the TR/Spy.Agent.amfd Trojan
    [NOTE]      The file was moved to '4a9539c1.qua'!
C:\Program Files\Knight Online\Launcher.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Bifrost.671 back-door program
    [NOTE]      The file was moved to '4aa139b4.qua'!
C:\Program Files\Knight-Empire.net\Knight-Empire\KnightOnLine.exe
    [DETECTION] Is the TR/Spy.Agent.amfd Trojan
    [NOTE]      The file was moved to '4b0496e2.qua'!
C:\Program Files\KnightOnline\Launcher.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Bifrost.671 back-door program
    [NOTE]      The file was moved to '4b0044e5.qua'!
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Darkmoon.GM.1 back-door program
    [NOTE]      The file was moved to '4a8d39b8.qua'!
C:\System Volume Information\_restore{0D1368F3-4705-4684-A322-DC445637B4F1}\RP316\A0657637.exe
    [DETECTION] Is the TR/Packed.22775 Trojan
    [NOTE]      The file was moved to '4a623983.qua'!
C:\System Volume Information\_restore{0D1368F3-4705-4684-A322-DC445637B4F1}\RP316\A0672591.exe
    [DETECTION] Is the TR/Spy.Agent.amfd Trojan
    [NOTE]      The file was moved to '495cb6ac.qua'!
C:\System Volume Information\_restore{0D1368F3-4705-4684-A322-DC445637B4F1}\RP316\A0679598.exe
    [DETECTION] Is the TR/Agent.ggn Trojan
    [NOTE]      The file was moved to '4a623984.qua'!
C:\System Volume Information\_restore{0D1368F3-4705-4684-A322-DC445637B4F1}\RP316\A0683520.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Bifrost.671 back-door program
    [NOTE]      The file was moved to '49239f05.qua'!
C:\System Volume Information\_restore{0D1368F3-4705-4684-A322-DC445637B4F1}\RP316\A0684127.dll
    [DETECTION] Is the TR/Agent.buyg Trojan
    [NOTE]      The file was moved to '4a623986.qua'!
C:\System Volume Information\_restore{0D1368F3-4705-4684-A322-DC445637B4F1}\RP316\A0684129.exe
    [DETECTION] Is the TR/Spy.VB.bkc Trojan
    [NOTE]      The file was moved to '49218f97.qua'!
C:\System Volume Information\_restore{0D1368F3-4705-4684-A322-DC445637B4F1}\RP316\A0684133.exe
    [DETECTION] Is the TR/Spy.Agent.amfd Trojan
    [NOTE]      The file was moved to '4926845f.qua'!
C:\System Volume Information\_restore{0D1368F3-4705-4684-A322-DC445637B4F1}\RP318\A0708079.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Bifrost.671 back-door program
    [NOTE]      The file was moved to '4a633986.qua'!
C:\System Volume Information\_restore{0D1368F3-4705-4684-A322-DC445637B4F1}\RP325\A0731393.exe
    [DETECTION] Is the TR/Agent.ggn Trojan
    [NOTE]      The file was moved to '4a633987.qua'!
C:\System Volume Information\_restore{0D1368F3-4705-4684-A322-DC445637B4F1}\RP329\A0733014.exe
    [DETECTION] Is the TR/Agent.ggn Trojan
    [NOTE]      The file was moved to '495caf78.qua'!
C:\System Volume Information\_restore{0D1368F3-4705-4684-A322-DC445637B4F1}\RP329\A0733040.exe
    [DETECTION] Contains recognition pattern of the DIAL/Dialer.Gen dialer
    [NOTE]      The file was moved to '492f5090.qua'!
C:\System Volume Information\_restore{0D1368F3-4705-4684-A322-DC445637B4F1}\RP329\A0733214.ocx
    [DETECTION] Contains recognition pattern of the ADSPY/I2ISolution.A adware or spyware
    [NOTE]      The file was moved to '49296000.qua'!


End of the scan: יום שני 08 יוני 2009  01:04
Used time:  1:26:33 Hour(s)

The scan has been done completely.

  13882 Scanned directories
 456154 Files were scanned
     31 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 files were deleted
      0 Viruses and unwanted programs were repaired
     26 Files were moved to quarantine
      0 Files were renamed
      3 Files cannot be scanned
 456120 Files not concerned
   2139 Archives were scanned
      6 Warnings
     28 Notes
  78924 Objects were scanned with rootkit scan
      0 Hidden objects were found



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:29:16, on 08/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Documents and Settings\עדן\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\עדן\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\עדן\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/ (http://\"http://www.google.co.il/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: עוזר הכניסה של Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\עדן\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (http://\"http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab\")
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab (http://\"http://xiah.gamescampus.com/luncher/GamesCampus.cab\")
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202306177953 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202306177953\")
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://play.battlefield-heroes.com/static/...er_4.0.15.0.cab (http://\"https://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab\")
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab (http://\"http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab\")
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab (http://\"http://www.crucial.com/controls/cpcScanner.cab\")
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab\")
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab (http://\"http://www.adobe.com/products/acrobat/nos/gp.cab\")
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ssl.sonol.co.il/dana-cached/setup/J...perSetupSP1.cab (http://\"https://ssl.sonol.co.il/dana-cached/setup/JuniperSetupSP1.cab\")
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} - http://irc.nana.co.il/Cabs/launcher39.cab (http://\"http://irc.nana.co.il/Cabs/launcher39.cab\")
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{138FBCB5-DF29-4828-B640-71D6034CC076}: NameServer = 192.115.106.31 192.115.106.31
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8568 bytes

Title: Concerned, need help
Post by: Brenneka on June 08, 2009, 12:42:21 PM

Some of the trojans Avira detected were not really trojans (I have a few installations of the game, different versions). As you can tell by the file's name, it's a launcher of an online game named Knight Online, it is well known that the game's launcher is sometimes detected as a trojan whilst in fact it's not. TeamSpeak is a voice communication program like Ventrilo, I have no idea why it said it was a back-door program. Anyway, I don't need any of the files Avira quarantined, so it's ok.

I'd also like to uninstall Avira, but I'll do it after we're done with everything. Any more checks I can do please?

Title: Concerned, need help
Post by: Brenneka on June 12, 2009, 03:07:45 AM

Bumping up