Author Topic: Random slowness and crashes (Read 3391 times)

Brenneka · « **on:** June 26, 2009, 04:48:29 AM »

Hi again. This time I am here because I'm having slowness issues with my PC. Sometimes (randomly) I get an error message from windows saying that drwstn32.exe/explorer.exe/rundll32.exe have crashed or something like that, I don't know if that is the reason for the slowness. Anything takes very long time to load and close (even notepad), and in the meantime while I wait for it to load completely, my cursor moves very very slowly, as if I'm on 1 FPS or something. It happens even when I open a folder or a file.

Also, I have some programs installed that are in the "Add/Remove Programs" list, and when I try to remove one of them (Spybot S&D for example) through there, I get an error message saying "File C:/Windows/unins001.dat does not exist. Cannot uninstall". I ran a quick scan with Malwarebytes' Anti-Malware and it didn't find anything. Here's a Hijackthis log (notice the three unknown "Winsock LSP" files):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:48, on 26/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\×¢×“×Ÿ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\mIRC\mirc.exe
C:\Documents and Settings\×¢×“×Ÿ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\×¢×“×Ÿ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\×¢×“×Ÿ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\×¢×“×Ÿ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\×¢×“×Ÿ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\×¢×“×Ÿ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ×¢×•×–×¨ ×”×›× ×™×¡×” ×©×œ Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\×¢×“×Ÿ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &×™×¦× ×œ- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202306177953
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://play.battlefield-heroes.com/static/...er_4.0.15.0.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ssl.sonol.co.il/dana-cached/setup/J...perSetupSP1.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} - http://irc.nana.co.il/Cabs/launcher39.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{138FBCB5-DF29-4828-B640-71D6034CC076}: NameServer = 192.115.106.31 192.115.106.31
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8441 bytes

Thanks!

guestolo · « **Reply #1 on:** June 26, 2009, 09:11:57 AM »

Please download [color=\"blue\"]OTS.exe[/color][/url] to your Desktop.

Close ALL OTHER PROGRAMS.
Double click on OTS.exe to Run it
Under Additional Scans (purple bar) click "Extras".
Do not change any other settings.
Now click the Run Scan button on the left side of the toolbar.
Let it run unhindered until it finishes.
When the scan is complete, Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Post that log back here
If you get an error trying to post that log back here
Upload it please, in a response, click on Browse... on the bottom right
Select the file and then select UPLOAD

Brenneka · « **Reply #2 on:** June 26, 2009, 12:06:02 PM »

OTS logfile created on: 26/06/2009 20:00:47 - Run 2
OTS by OldTimer - Version 3.0.8.0 Folder = C:\Documents and Settings\×¢×“×Ÿ\×©×•×œ×—×Ÿ ×”×¢×‘×•×“×”
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040D | Country: ×™×©×¨××œ | Language: HEB | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 340.32 Mb Available Physical Memory | 66.54% Memory free
1.22 Gb Paging File | 1.06 Gb Available in Paging File | 86.94% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 24.46 Gb Free Space | 21.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TAP-7409E23BDD
Current User Name: ×¢×“×Ÿ
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
explorer.exe -> C:\WINDOWS\Explorer.EXE -> [2007/06/13 16:21:34 | 01,201,664 | ---- | M] (Microsoft Corporation)
googleupdate.exe -> C:\Documents and Settings\×¢×“×Ÿ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe -> [2009/06/13 11:45:57 | 00,133,104 | ---- | M] (Google Inc.)
nmbgmonitor.exe -> C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe -> [2006/08/22 10:52:02 | 00,094,208 | ---- | M] (Nero AG)
nvsvc32.exe -> C:\WINDOWS\System32\nvsvc32.exe -> [2004/09/30 08:35:00 | 00,127,043 | ---- | M] (NVIDIA Corporation)
ots.exe -> C:\Documents and Settings\×¢×“×Ÿ\×©×•×œ×—×Ÿ ×”×¢×‘×•×“×”\OTS.exe -> [2009/06/26 19:58:04 | 00,510,976 | ---- | M] (OldTimer Tools)
soundman.exe -> C:\WINDOWS\SOUNDMAN.EXE -> [2004/09/16 15:39:44 | 00,069,632 | R--- | M] (Realtek Semiconductor Corp.)
wscntfy.exe -> C:\WINDOWS\System32\wscntfy.exe -> [2004/08/27 15:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2008/03/13 14:13:57 | 00,072,704 | ---- | M] (Adobe Systems)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -> [2007/10/09 13:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2004/08/27 15:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2007/10/11 10:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation)
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -> [2006/08/08 22:15:50 | 00,208,896 | ---- | M] (Nero AG)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2007/10/11 10:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\nvsvc32.exe -> [2004/09/30 08:35:00 | 00,127,043 | ---- | M] (NVIDIA Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\WMPNetwk.exe -> [2006/12/01 13:06:10 | 00,908,800 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(ADILOADER) General Purpose USB Driver (adildr.sys) [Kernel | Auto | Stopped] -> C:\WINDOWS\System32\Drivers\adildr.sys -> [2002/10/11 11:19:00 | 00,046,551 | ---- | M] (Analog Deivces)
(adiusbaw) USB ADSL WAN Adapter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\adiusbaw.sys -> [2002/12/18 19:13:34 | 00,122,121 | ---- | M] (Analog Devices Inc.)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\ALCXWDM.SYS -> [2004/09/21 14:53:18 | 02,278,784 | R--- | M] (Realtek Semiconductor Corp.)
(DumaNT) NVIDIA Stereo Helper Service [Kernel | System | Running] -> C:\WINDOWS\System32\DRIVERS\dumant.sys -> [2002/11/18 15:29:26 | 00,399,700 | ---- | M] (NVIDIA Corporation)
(EL90X) 3Com EtherLink XL 90X Adapter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\el90xnd5.sys -> [2001/09/18 15:26:38 | 00,153,631 | ---- | M] (3Com Corporation)
(gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\gameenum.sys -> [2004/08/04 00:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation)
(NEOFLTR_600_12507) Juniper Networks TDI Filter Driver (NEOFLTR_600_12507) [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\NEOFLTR_600_12507.SYS -> [2007/12/28 06:23:10 | 00,064,160 | ---- | M] (Juniper Networks)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -> [2004/09/30 08:35:00 | 02,743,840 | ---- | M] (NVIDIA Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ptilink.sys -> [2004/08/27 15:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2007/03/08 02:51:00 | 00,043,528 | ---- | M] (Sonic Solutions)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\secdrv.sys -> [2007/11/13 13:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sptd) sptd [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\sptd.sys -> [2008/01/01 16:53:43 | 00,715,248 | ---- | M] ()
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\usbaudio.sys -> [2004/08/04 02:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> about:blank ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> 1 ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.co.il/ ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\×¢×“×Ÿ\Application Data\Mozilla\FireFox\Profiles\sx612zxc.default\prefs.js ->
browser.search.update -> false ->
browser.startup.homepage -> "http://www.google.co.uk/" ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c} -> C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\APPLICATION DATA\MOZILLA\FIREFOX EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C} [C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\APPLICATION DATA\MOZILLA\FIREFOX EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C}] -> [2007/06/19 11:44:00 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components -> C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/06/13 12:13:43 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/06/13 12:13:35 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\×¢×“×Ÿ\Application Data\mozilla\Extensions -> [2009/06/13 12:13:43 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\×¢×“×Ÿ\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/06/13 12:13:43 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\×¢×“×Ÿ\Application Data\mozilla\Firefox\Profiles\sx612zxc.default\extensions -> [2009/06/13 12:13:52 | 00,096,232 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/06/03 07:24:27 | 09,777,144 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/06/03 07:24:27 | 09,777,144 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/06/13 12:13:43 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/06/03 07:24:27 | 00,023,032 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/06/03 07:24:27 | 00,134,648 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/06/13 12:13:35 | 00,000,000 | ---D | M]
npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/06/03 07:24:27 | 00,065,528 | ---- | M] (mozilla.org)
< FireFox SearchPlugins [Program Folders] > ->
C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2009/06/13 12:13:38 | 00,000,000 | ---D | M]
amazon-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazon-en-GB.xml -> [2008/01/04 18:36:50 | 00,001,538 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2006/07/05 21:47:38 | 00,002,193 | ---- | M] ()
chambers-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\chambers-en-GB.xml -> [2008/01/04 18:36:50 | 00,000,947 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2008/03/08 12:35:22 | 00,001,534 | ---- | M] ()
eBay-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay-en-GB.xml -> [2008/09/22 22:14:04 | 00,000,759 | ---- | M] ()
google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2008/04/16 07:08:20 | 00,001,706 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2008/03/28 21:11:14 | 00,001,178 | ---- | M] ()
yahoo-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\yahoo-en-GB.xml -> [2008/01/04 18:36:50 | 00,000,831 | ---- | M] ()
< HOSTS File > (686 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/23 00:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/01/28 12:43:28 | 01,554,256 | ---- | M] (Safer Networking Limited)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> [2007/09/25 02:11:33 | 00,501,136 | ---- | M] (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [×¢×•×–×¨ ×”×›× ×™×¡×” ×©×œ Windows Live] -> [2009/01/22 15:41:30 | 00,408,448 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"BluetoothAuthenticationAgent" -> C:\WINDOWS\System32\bthprops.cpl [rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent] -> [2004/08/27 15:00:00 | 00,110,592 | ---- | M] (Microsoft Corporation)
"KernelFaultCheck" -> [%systemroot%\system32\dumprep 0 -k] -> File not found
"NeroFilterCheck" -> C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe] -> [2006/01/12 17:40:44 | 00,155,648 | ---- | M] (Nero AG)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2004/09/30 08:35:00 | 04,603,904 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\WINDOWS\System32\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2004/09/30 08:35:00 | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" -> C:\WINDOWS\System32\nwiz.exe [nwiz.exe /install] -> [2004/09/30 08:35:00 | 00,921,600 | ---- | M] (NVIDIA Corporation)
"PHIME2002A" -> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName] -> [2004/08/27 15:00:00 | 00,455,168 | ---- | M] (Microsoft Corporation)
"PHIME2002ASync" -> [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC] -> File not found
"QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008/03/20 22:33:53 | 00,385,024 | ---- | M] (Apple Inc.)
"SoundMan" -> C:\WINDOWS\SOUNDMAN.EXE [SOUNDMAN.EXE] -> [2004/09/16 15:39:44 | 00,069,632 | R--- | M] (Realtek Semiconductor Corp.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" -> C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"] -> [2006/08/22 10:52:02 | 00,094,208 | ---- | M] (Nero AG)
"Google Update" -> C:\Documents and Settings\×¢×“×Ÿ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe ["C:\Documents and Settings\×¢×“×Ÿ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c] -> [2009/06/13 11:45:57 | 00,133,104 | ---- | M] (Google Inc.)
"msnmsgr" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background] -> [2009/02/06 18:52:08 | 03,885,408 | ---- | M] (Microsoft Corporation)
< All Users.WINDOWS Startup Folder > -> C:\Documents and Settings\All Users.WINDOWS\×ª×¤×¨×™×˜ ×”×ª×—×œ×”\×ª×•×›× ×™×•×ª\×”×¤×¢×œ×” ->
C:\Documents and Settings\All Users.WINDOWS\×ª×¤×¨×™×˜ ×”×ª×—×œ×”\×ª×•×›× ×™×•×ª\×”×¤×¢×œ×”\Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE -> [2001/02/13 03:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation)
< ×¢×“×Ÿ Startup Folder > -> C:\Documents and Settings\×¢×“×Ÿ\×ª×¤×¨×™×˜ ×”×ª×—×œ×”\×ª×•×›× ×™×•×ª\×”×¤×¢×œ×” ->
C:\Documents and Settings\×¢×“×Ÿ\×ª×¤×¨×™×˜ ×”×ª×—×œ×”\×ª×•×›× ×™×•×ª\×”×¤×¢×œ×”\Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -> [1999/11/04 16:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" ->

-> File not found

< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->

-> File not found

\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"DisableRegistryTools" ->

-> File not found

< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" ->

-> File not found

< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&×™×¦× ×œ- Microsoft Excel -> C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000] -> [2008/01/29 12:41:28 | 09,364,480 | R--- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll [Menu: Sun Java Console] -> [2007/09/25 02:11:34 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{B863453A-26C3-4e1f-A54D-A2CD196348E9}:Exec [HKLM] -> C:\Program Files\ICQLite\ICQLite.exe [Button: ICQ Lite] -> File not found
{B863453A-26C3-4e1f-A54D-A2CD196348E9}:Exec [HKLM] -> C:\Program Files\ICQLite\ICQLite.exe [Menu: ICQ Lite] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/01/28 12:43:28 | 01,554,256 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2006/10/10 15:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{E59EB121-F339-4851-A3BA-FE49C35617C2}:Exec [HKLM] -> C:\Program Files\ICQ6\ICQ.exe [Button: ICQ6] -> [2008/09/01 18:08:21 | 00,173,304 | ---- | M] (ICQ, Inc.)
{E59EB121-F339-4851-A3BA-FE49C35617C2}:Exec [HKLM] -> C:\Program Files\ICQ6\ICQ.exe [Menu: ICQ6] -> [2008/09/01 18:08:21 | 00,173,304 | ---- | M] (ICQ, Inc.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2004/10/13 19:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2004/10/13 19:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{B863453A-26C3-4e1f-A54D-A2CD196348E9}" [HKLM] -> C:\Program Files\ICQLite\ICQLite.exe [ICQ Lite] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 19:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4239 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4251 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 93 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab [QuickTime Plugin Control] ->
{02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} [HKLM] -> http://xiah.gamescampus.com/luncher/GamesCampus.cab [GamesCampus Control] ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/5/b...heckControl.cab [Windows Genuine Advantage Validation Tool] ->
{20A60F0D-9AFA-4515-A0FD-83BD84642501} [HKLM] -> http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab [Checkers Class] ->
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://download.macromedia.com/pub/shockwa...director/sw.cab [Shockwave ActiveX Control] ->
{33564D57-0000-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB [Reg Error: Key error.] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftu...b?1202306177953 [MUWebControl Class] ->
{784797A8-342D-4072-9486-03C8D0F2F0A1} [HKLM] -> https://play.battlefield-heroes.com/static/...er_4.0.15.0.cab [Battlefield Heroes Updater] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab [Java Plug-in 1.6.0_03] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab [Reg Error: Key error.] ->
{A90A5822-F108-45AD-8482-9BC8B12DD539} [HKLM] -> http://www.crucial.com/controls/cpcScanner.cab [Crucial cpcScan] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab [MessengerStatsClient Class] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_03] ->
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} [HKLM] -> http://www.adobe.com/products/acrobat/nos/gp.cab [get_atlcom Class] ->
{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} [HKLM] -> https://ssl.sonol.co.il/dana-cached/setup/J...perSetupSP1.cab [JuniperSetupSP1 Control] ->
{F59AB0C4-3443-4551-A78F-C101F9DE0215} [HKLM] -> http://irc.nana.co.il/Cabs/launcher39.cab [Reg Error: Key error.] ->
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [HKLM] -> http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab [Minesweeper Flags Class] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 10.0.0.138 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{05E2438F-3031-492D-B72B-71C15ECD9249}\\DhcpNameServer -> 10.0.0.138 (×ž×ª×× ××ª×¨× ×˜ 3Com 3C905TX-based (×›×œ×œ×™)) ->
{66E548E8-DA0E-4FD2-941F-A76CDE410636}\\DhcpNameServer -> 10.0.0.138 (×ž×ª×× ××ª×¨× ×˜ 3Com 3C905TX-based (×›×œ×œ×™)) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2007/06/13 16:21:34 | 01,201,664 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/27 15:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:52:08 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/27 15:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Documents and Settings\×¢×“×Ÿ\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" -> C:\Documents and Settings\×¢×“×Ÿ\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe [C:\Documents and Settings\×¢×“×Ÿ\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client] -> [2007/12/28 06:39:00 | 00,120,192 | ---- | M] (Juniper Networks)
"C:\Documents and Settings\×¢×“×Ÿ\×©×•×œ×—×Ÿ ×”×¢×‘×•×“×”\new.logic.1.1.beta.1a\emule.exe" -> C:\Documents and Settings\×¢×“×Ÿ\×©×•×œ×—×Ÿ ×”×¢×‘×•×“×”\new.logic.1.1.beta.1a\emule.exe [C:\Documents and Settings\×¢×“×Ÿ\×©×•×œ×—×Ÿ ×”×¢×‘×•×“×”\new.logic.1.1.beta.1a\emule.exe:*:Enabled:eMule] -> File not found
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" -> C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe [C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine] -> [2009/02/13 16:53:40 | 00,966,656 | ---- | M] ()
"C:\Program Files\ICQ6\ICQ.exe" -> C:\Program Files\ICQ6\ICQ.exe [C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6] -> [2008/09/01 18:08:21 | 00,173,304 | ---- | M] (ICQ, Inc.)
"C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe" -> C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe [C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy] -> [2007/12/28 06:23:06 | 00,390,536 | ---- | M] (Juniper Networks)
"C:\Program Files\mIRC\mirc.exe" -> C:\Program Files\mIRC\mirc.exe [C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC] -> [2009/06/19 11:32:30 | 02,756,096 | ---- | M] (mIRC Co. Ltd.)
"C:\Program Files\Tactical Ops\TacticalOps 1\System\TacticalOps.exe" -> C:\Program Files\Tactical Ops\TacticalOps 1\System\TacticalOps.exe [C:\Program Files\Tactical Ops\TacticalOps 1\System\TacticalOps.exe:*:Enabled:TacticalOps] -> [2005/10/05 07:11:50 | 00,233,472 | ---- | M] ()
"C:\Program Files\Tactical Ops\TacticalOps 2\System\TacticalOps.exe" -> C:\Program Files\Tactical Ops\TacticalOps 2\System\TacticalOps.exe [C:\Program Files\Tactical Ops\TacticalOps 2\System\TacticalOps.exe:*:Enabled:TacticalOps] -> [2005/10/04 21:11:50 | 00,233,472 | ---- | M] ()
"C:\Program Files\Tactical Ops\TacticalOps 3\System\TacticalOps.exe" -> C:\Program Files\Tactical Ops\TacticalOps 3\System\TacticalOps.exe [C:\Program Files\Tactical Ops\TacticalOps 3\System\TacticalOps.exe:*:Enabled:TacticalOps] -> [2005/10/04 21:11:50 | 00,233,472 | ---- | M] ()
"C:\Program Files\Tactical Ops\TacticalOps 4\System\TacticalOps.exe" -> C:\Program Files\Tactical Ops\TacticalOps 4\System\TacticalOps.exe [C:\Program Files\Tactical Ops\TacticalOps 4\System\TacticalOps.exe:*:Enabled:TacticalOps] -> [2005/10/04 21:11:50 | 00,233,472 | ---- | M] ()
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:52:08 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Xfire\Xfire.exe" -> C:\Program Files\Xfire\Xfire.exe [C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire] -> [2009/06/12 01:29:44 | 03,182,928 | ---- | M] (Xfire Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/04/30 19:13:50 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->

[Registry - Additional Scans - Safe List]
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> "%1" %* ->
.chm [@ = chm.file] -> C:\WINDOWS\hh.exe -> [2005/05/27 02:22:01 | 00,010,752 | ---- | M] (Microsoft Corporation)
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
.html [@ = htmlfile] -> C:\Program Files\Internet Explorer\IEXPLORE.EXE -> [2008/04/22 10:41:30 | 00,625,664 | ---- | M] (Microsoft Corporation)
.pif [@ = piffile] -> "%1" %* ->
.scr [@ = scrfile] -> "%1" /S ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL[Microsoft PKM KnowledgePluggable Class] -> [2004/01/29 17:08:23 | 00,868,352 | ---- | M] (Microsoft Corporation)
ipp: [HKLM] -> No CLSID value
ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Program Files\Common Files\System\OLE DB\msdaipp.dll[MSDAMON.BINDER] -> [2004/01/29 17:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation)
livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll[Reg Error: Value error.] -> [2009/02/06 18:52:44 | 00,062,304 | ---- | M] (Microsoft Corporation)
msdaipp: [HKLM] -> No CLSID value
msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Program Files\Common Files\System\OLE DB\msdaipp.dll[MSDAMON.BINDER] -> [2004/01/29 17:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation)
msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Program Files\Common Files\System\OLE DB\msdaipp.dll[MSDAIPP.BINDER] -> [2004/01/29 17:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation)
msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll[Reg Error: Value error.] -> [2009/02/06 18:52:44 | 00,062,304 | ---- | M] (Microsoft Corporation)
mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL[Data Page Pluggable Protocol mso-offdap Handler] -> [2008/01/24 16:22:56 | 07,255,384 | ---- | M] (Microsoft Corporation)
vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} [HKLM] -> C:\Program Files\Monopol500\MSDXM.OCX[AsyncPProt Class] -> File not found
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"FirstRunDisabled" -> [1] -> File not found
\\"AntiVirusDisableNotify" ->

-> File not found

\\"FirewallDisableNotify" ->

-> File not found

\\"UpdatesDisableNotify" ->

-> File not found

\\"AntiVirusOverride" ->

-> File not found

\\"FirewallOverride" ->

-> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
\Monitoring\\"DisableMonitoring" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus
\Monitoring\SymantecAntiVirus\\"DisableMonitoring" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall
\Monitoring\SymantecFirewall\\"DisableMonitoring" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000002 [Bluetooth Namespace] -> C:\WINDOWS\System32\wshbth.dll -> [2004/08/27 15:00:00 | 00,108,032 | ---- | M] (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [Juniper Secure DNS (Top)] -> C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll -> [2007/12/28 06:23:04 | 00,071,032 | ---- | M] (Juniper Networks)
NameSpace_Catalog5\Catalog_Entries\000000000004 [Proxifier NSP] -> C:\WINDOWS\System32\PrxerNsp.dll -> [2007/02/28 16:56:34 | 00,061,440 | ---- | M] ( )
NameSpace_Catalog5\Catalog_Entries\000000000007 [Juniper Secure DNS (Bottom)] -> C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll -> [2007/12/28 06:23:04 | 00,071,032 | ---- | M] (Juniper Networks)
Protocol_Catalog9\Catalog_Entries\000000000001 -> C:\WINDOWS\System32\PrxerDrv.dll -> [2007/09/25 15:40:32 | 00,073,728 | ---- | M] (Initex Software)
Protocol_Catalog9\Catalog_Entries\000000000005 -> C:\WINDOWS\System32\rsvpsp.dll -> [2004/08/27 15:00:00 | 00,090,112 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000006 -> C:\WINDOWS\System32\rsvpsp.dll -> [2004/08/27 15:00:00 | 00,090,112 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000008 -> C:\WINDOWS\System32\PrxerDrv.dll -> [2007/09/25 15:40:32 | 00,073,728 | ---- | M] (Initex Software)
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{048298C9-A4D3-490B-9FF9-AB023A9238F3} -> Steam
{18D10072035C4515918F7E37EAFAACFC} -> AutoUpdate
{205C6BDD-7B73-42DE-8505-9A093F35A238} -> ×›×œ×™ ×”×”×¢×œ××” ×©×œ Windows Live
{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} -> MSVCRT
{236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2
{2BA00471-0328-3743-93BD-FA813353A783} -> Microsoft .NET Framework 3.0 Service Pack 1
{3248F0A8-6813-11D6-A77B-00B0D0160030} -> Java(tm) 6 Update 3
{350C97B4-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{38E0C491-5230-4373-B62E-F1A6E94B1033} -> Nero 7 Ultra Edition
{3B4E636E-9D65-4D67-BA61-189800823F52} -> Windows Live Communications Platform
{3CEA4CA8-CDD4-451C-B673-E8F17BE01B15} -> Ulead COOL 360 1.0
{3D5C877F-8C4B-4623-BAD0-1BCD6FEA297B} -> Windows Live Essentials
{43DCF766-6838-4F9A-8C91-D92DA586DFA8} -> Microsoft Windows Journal Viewer
{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F} -> ECI USB ADSL
{60DE4033-9503-48D1-A483-7846BD217CA9} -> ICQ6
{6279F390-2AC9-11DD-6784-007F2D4018BE} -> Knight Empire
{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} -> Windows Genuine Advantage v1.3.0254.0
{7197F874-B0E0-4A73-A880-7E712F4D0EB7}}_is1 -> Uninstall KnightOnline
{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
{74EC78BC-B379-4E29-9006-8F161DCAABA6} -> Apple Software Update
{7784A172-61F1-445E-8368-601607E0DD22} -> MP3 Player Utilities 3.73
{786C5747-1033-0000-B58E-000000000001} -> Adobe Stock Photos 1.0
{789289CA-F73A-4A16-A331-54D498CE069F} -> Ventrilo Client
{7B63B2922B174135AFC0E1377DD81EC2} -> DivX Codec
{7C9AD221-994C-45B2-B46D-26F5735158CF} -> Sony Vegas Pro 8.0
{83FB9DEC-89ED-4D9D-AE85-F2752D107C79} -> Windows Live Messenger
{885A5214-9CDD-40E0-A89D-7672588748E1} -> Windows Live Call
{8ADFC4160D694100B5B8A22DE9DCABD9} -> DivX Player
{8EDBA74D-0686-4C99-BFDD-F894678E5B39} -> Adobe Common File Installer
{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} -> Choice Guard
{9028040D-6000-11D3-8CFE-0050048383C9} -> Microsoft Office XP Professional ×¢× FrontPage
{908A2F10-4DFC-11DD-6784-03B71C4018BE} -> Knight Empire
{95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting
{95774351-6087-3A3B-8CA8-70BEE49D2BD5} -> Google Gears
{9A25302D-30C0-39D9-BD6F-21E6EC160475} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
{A0D6AA15-66B9-41BE-BA85-17EB8C84A685} -> Knight Online
{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} -> Segoe UI
{A34386F8-7655-4E3B-9F51-D3064F607C89} -> blaxxun Contact
{AA7D532A-6C19-4168-A887-BF306A431B65} -> Game Cam Lite v1.4
{AC76BA86-7AD7-1033-7B44-A81200000003} -> Adobe Reader 8.1.2
{AF5E8D43-49AD-4BE7-A941-2BB0A8CACA62} -> ACDSee 5.0 Standard
{B13A7C41581B411290FBC0395694E2A9} -> DivX Converter
{B508B3F1-A24A-32C0-B310-85786919EF28} -> Microsoft .NET Framework 2.0 Service Pack 1
{B50C6AA0-1524-4285-A68C-003DDFF12073}_is1 -> Knight Empire V5.0
{B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player
{B74D4E10-1033-0000-0000-000000000001} -> Adobe Bridge 1.0
{BAF78226-3200-4DB4-BE33-4D922A799840} -> Windows Presentation Foundation
{BCBA462D-3E1B-416C-89F8-492020D4BBF4} -> ×ž×¡×™×™×¢ ×”×›× ×™×¡×” ×©×œ Windows Live
{D271DAE0-8D68-4C97-8356-A126D48A1D8C} -> Ulead Photo Explorer 8.0 SE Basic
{DF3E37E0-06D5-4A1B-A264-BD2B7E30B458} -> Knight Online
{E9787678-1033-0000-8E67-000000000001} -> Adobe Help Center 1.0
Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player Plugin
Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2
Adobe Shockwave Player -> Adobe Shockwave Player
CCleaner -> CCleaner (remove only)
ESE_Registration -> ESE Account Manager (remove only)
Fire eMule_is1 -> Fire eMule.co.il v7.1 (0.47c)
Fraps -> Fraps (remove only)
getPlus®_ocx -> getPlus®_ocx
GOM Player -> GOM Player
HijackThis -> HijackThis 2.0.2
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
ie7 -> Windows Internet Explorer 7
Knight-Empire 5.4 -> Knight-Empire 5.4
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
mIRC -> mIRC
Mozilla Firefox (3.0.11) -> Mozilla Firefox (3.0.11)
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
Neoteris_Secure_Application_Manager -> Juniper Networks Secure Application Manager
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
NVIDIA Drivers -> NVIDIA Drivers
NVIDIAStereo -> NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
Proxifier_is1 -> Proxifier version 2.7
Speed eMule_is1 -> Speed eMule.co.il v8.0 (0.48a)
Spybot - Search & Destroy_is1 -> Spybot - Search & Destroy 1.5.2.20
Teamspeak 2 RC2_is1 -> TeamSpeak 2 RC2
TeamSpeak 2 Server_is1 -> TeamSpeak 2 Server RC2
UnrealTournament -> Unreal Tournament G.O.T.Y. Edition
VentriloMIX -> VentriloMIX
WIC -> Windows Imaging Component
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Windows Media Player 11
WinLiveSuite_Wave3 -> Windows Live Essentials
WinRAR archiver -> WinRAR archiver
WMFDist11 -> Windows Media Format 11 runtime
wmp11 -> Windows Media Player 11
WOW -> WOW
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
Xfire -> Xfire (remove only)
XpsEPSC -> XML Paper Specification Shared Components Pack 1.0
XviD -> XviD MPEG-4 Codec
< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
Google Chrome -> Google Chrome
Juniper_Networks_Cache_Cleaner 6.0.0 -> Juniper Networks Cache Cleaner 6.0.0
Juniper_Term_Services -> Juniper Terminal Services Client
Neoteris_Host_Checker -> Juniper Networks Host Checker
NoNameScript -> NoNameScript
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 16/06/2009 01:01:38 Computer Name = TAP-7409E23BDD | Source = Google Update | ID = 20 -> Description =
Application [ Error ] 16/06/2009 04:06:46 Computer Name = TAP-7409E23BDD | Source = Google Update | ID = 20 -> Description =
Application [ Error ] 20/06/2009 04:57:40 Computer Name = TAP-7409E23BDD | Source = Google Update | ID = 20 -> Description =
Application [ Error ] 20/06/2009 09:03:27 Computer Name = TAP-7409E23BDD | Source = Application Hang | ID = 1002 -> Description = â€â€×™×™×©×•× ×œ× ×ž×’×™×‘ chrome.exe, ×’×™×¨×¡×” 0.0.0.0, ×ž×•×“×•×œ ×—×•×¡×¨ ×ª×’×•×‘×” hungapp, ×’×™×¨×¡×” 0.0.0.0, ×›×ª×•×‘×ª ×—×•×¡×¨ ×ª×’×•×‘×” 0x00000000â€.
Application [ Error ] 20/06/2009 09:13:58 Computer Name = TAP-7409E23BDD | Source = Application Hang | ID = 1002 -> Description = â€â€×™×™×©×•× ×œ× ×ž×’×™×‘ chrome.exe, ×’×™×¨×¡×” 0.0.0.0, ×ž×•×“×•×œ ×—×•×¡×¨ ×ª×’×•×‘×” hungapp, ×’×™×¨×¡×” 0.0.0.0, ×›×ª×•×‘×ª ×—×•×¡×¨ ×ª×’×•×‘×” 0x00000000â€.
Application [ Error ] 23/06/2009 06:03:50 Computer Name = TAP-7409E23BDD | Source = Application Error | ID = 1000 -> Description = â€â€×ª×§×œ×” ×‘×™×™×©×•× iexplore.exe, ×’×™×¨×¡×” 7.0.6000.16674, ×ª×§×œ×” ×‘×ž×•×“×•×œ ntdll.dll, ×’×™×¨×¡×” 5.1.2600.2180, ×›×ª×•×‘×ª ×”×ª×§×œ×” 0x0002ae22â€.
Application [ Error ] 23/06/2009 06:03:57 Computer Name = TAP-7409E23BDD | Source = Application Error | ID = 1000 -> Description = â€â€×ª×§×œ×” ×‘×™×™×©×•× drwtsn32.exe, ×’×™×¨×¡×” 5.1.2600.0, ×ª×§×œ×” ×‘×ž×•×“×•×œ dbghelp.dll, ×’×™×¨×¡×” 5.1.2600.2180, ×›×ª×•×‘×ª ×”×ª×§×œ×” 0x0001295dâ€.
Application [ Error ] 23/06/2009 06:05:39 Computer Name = TAP-7409E23BDD | Source = Application Hang | ID = 1002 -> Description = â€â€×™×™×©×•× ×œ× ×ž×’×™×‘ iexplore.exe, ×’×™×¨×¡×” 7.0.6000.16674, ×ž×•×“×•×œ ×—×•×¡×¨ ×ª×’×•×‘×” hungapp, ×’×™×¨×¡×” 0.0.0.0, ×›×ª×•×‘×ª ×—×•×¡×¨ ×ª×’×•×‘×” 0x00000000â€.
Application [ Error ] 25/06/2009 12:42:39 Computer Name = TAP-7409E23BDD | Source = Application Error | ID = 1000 -> Description = â€â€×ª×§×œ×” ×‘×™×™×©×•× chrome.exe, ×’×™×¨×¡×” 0.0.0.0, ×ª×§×œ×” ×‘×ž×•×“×•×œ unknown, ×’×™×¨×¡×” 0.0.0.0, ×›×ª×•×‘×ª ×”×ª×§×œ×” 0x806fdf43â€.
Application [ Error ] 26/06/2009 03:18:29 Computer Name = TAP-7409E23BDD | Source = Google Update | ID = 20 -> Description =
System [ Error ] 24/06/2009 02:20:21 Computer Name = TAP-7409E23BDD | Source = Dhcp | ID = 1002 -> Description = The IP address lease 10.0.0.1 for the Network Card with network address 00104B360A8E has been denied by the DHCP server 10.0.0.138 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 24/06/2009 02:20:41 Computer Name = TAP-7409E23BDD | Source = Service Control Manager | ID = 7000 -> Description = The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: %%1058
System [ Error ] 24/06/2009 04:58:56 Computer Name = TAP-7409E23BDD | Source = Service Control Manager | ID = 7000 -> Description = The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: %%1058
System [ Error ] 24/06/2009 05:26:59 Computer Name = TAP-7409E23BDD | Source = Service Control Manager | ID = 7000 -> Description = The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: %%1058
System [ Error ] 25/06/2009 02:07:15 Computer Name = TAP-7409E23BDD | Source = Dhcp | ID = 1002 -> Description = The IP address lease 10.0.0.1 for the Network Card with network address 00104B360A8E has been denied by the DHCP server 10.0.0.138 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 25/06/2009 02:07:35 Computer Name = TAP-7409E23BDD | Source = Service Control Manager | ID = 7000 -> Description = The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: %%1058
System [ Error ] 25/06/2009 06:31:30 Computer Name = TAP-7409E23BDD | Source = DCOM | ID = 10000 -> Description = Unable to start a DCOM Server: {46986115-84D6-459C-8F95-52DD653E532E}. The error: "%3" Happened while starting this command: "C:\Program Files\Winamp\winamp.exe" -Embedding
System [ Error ] 26/06/2009 03:05:23 Computer Name = TAP-7409E23BDD | Source = Dhcp | ID = 1002 -> Description = The IP address lease 10.0.0.1 for the Network Card with network address 00104B360A8E has been denied by the DHCP server 10.0.0.138 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 26/06/2009 03:06:01 Computer Name = TAP-7409E23BDD | Source = Service Control Manager | ID = 7000 -> Description = The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: %%1058
System [ Error ] 26/06/2009 06:33:15 Computer Name = TAP-7409E23BDD | Source = Service Control Manager | ID = 7000 -> Description = The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: %%1058

[Files/Folders - Created Within 30 Days]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
OTS.exe -> C:\Documents and Settings\×¢×“×Ÿ\×©×•×œ×—×Ÿ ×”×¢×‘×•×“×”\OTS.exe -> [2009/06/26 19:57:52 | 00,510,976 | ---- | C] (OldTimer Tools)
×§×™×¦×•×¨ ×“×¨×š ××œ â€ŽTeamSpeak.exe.lnk -> C:\Documents and Settings\×¢×“×Ÿ\×©×•×œ×—×Ÿ ×”×¢×‘×•×“×”\×§×™×¦×•×¨ ×“×¨×š ××œ â€ŽTeamSpeak.exe.lnk -> [2009/06/22 16:44:48 | 00,000,729 | ---- | C] ()
NoNameScript-June -> C:\Documents and Settings\×¢×“×Ÿ\Application Data\NoNameScript-June -> [2009/06/21 07:48:36 | 00,000,000 | ---D | C]
BASSMOD.dll -> C:\WINDOWS\System32\BASSMOD.dll -> [2009/06/19 11:30:40 | 00,009,728 | ---- | C] ()
mIRC Cracking Patch -> C:\Documents and Settings\×¢×“×Ÿ\My Documents\mIRC Cracking Patch -> [2009/06/19 11:30:03 | 00,000,000 | ---D | C]
mIRC -> C:\Program Files\mIRC -> [2009/06/19 11:14:17 | 00,000,000 | ---D | C]
bookmarks2.html -> C:\Documents and Settings\×¢×“×Ÿ\My Documents\bookmarks2.html -> [2009/06/16 07:57:59 | 00,005,119 | ---- | C] ()
nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2009/06/13 12:13:44 | 00,000,000 | ---- | C] ()
Mozilla -> C:\Documents and Settings\×¢×“×Ÿ\Application Data\Mozilla -> [2009/06/13 12:13:42 | 00,000,000 | ---D | C]
Mozilla Firefox.lnk -> C:\Documents and Settings\All Users.WINDOWS\×©×•×œ×—×Ÿ ×”×¢×‘×•×“×”\Mozilla Firefox.lnk -> [2009/06/13 12:13:38 | 00,001,602 | ---- | C] ()
Mozilla Firefox -> C:\Program Files\Mozilla Firefox -> [2009/06/13 12:13:35 | 00,000,000 | ---D | C]
GoogleUpdateTask

guestolo · « **Reply #3 on:** June 26, 2009, 09:04:57 PM »

You have CCleaner installed, can you run it to clean Temp files, etc..
Afterwards, take the time to run a free online scan with the [color=\"blue\"]ESET Online Scanner[/color][/url]
Note: You will need to use Internet Explorer for this scan[/i].[list=1]

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Brenneka · « **Reply #4 on:** June 27, 2009, 12:52:09 PM »

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=7.00.6000.16674 (vista_gdr.080415-1732)
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=39bab8fa442c19429180bc8f8a36ea6d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-06-27 05:43:26
# local_time=2009-06-27 08:43:26 )
# country="Israel"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# scanned=137818
# found=1
# cleaned=1
# scan_time=5310
C:\Program Files\Knight Online\XTrap\XTrapVa.dll probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000

It only found one "trojan" which isn't really harmful or anything, it's an anti-cheat program. Does that mean everything's alright?

guestolo · « **Reply #5 on:** June 27, 2009, 10:17:27 PM »

You have Malwarebytes' Anti-Malware installed
Can you open it and check for Updates
Then run a "Quick Scan"

Remove anything it finds and post the log from it

Brenneka · « **Reply #6 on:** June 28, 2009, 02:02:13 AM »

Malwarebytes' Anti-Malware 1.38
Database version: 2344
Windows 5.1.2600 Service Pack 2

28/06/2009 09:43:52
mbam-log-2009-06-28 (09-43-52).txt

Scan type: Quick Scan
Objects scanned: 105118
Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

What about the inability to uninstall programs? There are some stuff I want to remove and for some reason I can't. When trying to remove Spybot S&D it gives me an error: "File C:\Windows\unins001.dat does not exist. Cannot uninstall." Other programs say "An installation support file could not be installed" and sometimes I get a windows error message "Setup.exe has crashed and needs to close."

Is there anything I can do about it? It's not important really, but I'd like to solve this anyway.

Thanks!!!

guestolo · « **Reply #7 on:** June 28, 2009, 02:17:45 AM »

Quote

(notice the three unknown "Winsock LSP" files):

Those appear to be related to a program you have installed>> Proxifier version 2.7
Did you purposely install it

It seems some of the files in your Program Files folder, concerning Spybot have been deleted or somehow removed by other means

Can you Reinstall Spybot and then run the uninstaller thru Add and Remove Programs?
Do not allow to Immunize or enable the Tea Timer during installation
Here's a link to the latest version
http://fileforum.betanews.com/detail/Spybo...oy/1043809773/1

Brenneka · « **Reply #8 on:** June 28, 2009, 03:18:52 AM »

Yes, I installed proxifier about a year ago, but I've removed it now. I downloaded Spybot from the link you gave me, installed it and then uninstalled, but it created a different 'program', the other Spybot in the Add/Remove programs list is still there (2MB btw) and I can't uninstall it.

Also, I did a Hijackthis scan again after I removed Proxifier and those three 'Unknown Winsock files' are still there, would it be safe to fix and remove them with Hijackthis? There's also a few things of Spybot which I don't need since I don't use it, can I safely remove it as well?

Here's a fresh Hijackthis scanlog, there are a few things I don't need and want to remove, I made them bold and underlined, can you tell me which ones are safe to 'fix' with Hijackthis?:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:15, on 28/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\×¢×“×Ÿ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Documents and Settings\×¢×“×Ÿ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\×¢×“×Ÿ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ×¢×•×–×¨ ×”×›× ×™×¡×” ×©×œ Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\×¢×“×Ÿ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &×™×¦× ×œ- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202306177953
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://play.battlefield-heroes.com/static/...er_4.0.15.0.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ssl.sonol.co.il/dana-cached/setup/J...perSetupSP1.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} - http://irc.nana.co.il/Cabs/launcher39.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{138FBCB5-DF29-4828-B640-71D6034CC076}: NameServer = 192.115.106.31 192.115.106.31
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8079 bytes

Thanks!

guestolo · « **Reply #9 on:** June 28, 2009, 01:32:14 PM »

I'm surprised those 010 entries are still around if you removed Proxifier

Please supply an uninstall list from Hijackthis

Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER

Click the SAVE LIST... button

Save the list to your desktop then copy>>Paste back here the Whole contents

In addition:
Download LSPFix from this link
http://www.cexx.org/lspfix.htm
Save it to the desktop
Close down all other open windows
Run LSPFix.
Can you let me know what entries you see on the KEEP side please

Brenneka · « **Reply #10 on:** June 28, 2009, 01:46:46 PM »

Hijackthis uninstall list:

ACDSee 5.0 Standard
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe Stock Photos 1.0
Apple Software Update
blaxxun Contact
CCleaner (remove only)
Choice Guard
DivX Codec
DivX Converter
DivX Player
DivX Web Player
ECI USB ADSL
ESE Account Manager (remove only)
ESET Online Scanner v3
Fire eMule.co.il v7.1 (0.47c)
Fraps (remove only)
getPlus®_ocx
Google Gears
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
ICQ6
Java(tm) 6 Update 3
Juniper Networks Secure Application Manager
Knight Online
Knight Online
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional ×¢× FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Journal Viewer
mIRC
Mozilla Firefox (3.0.11)
MP3 Player Utilities 3.73
MSVCRT
MSXML 6.0 Parser (KB933579)
Nero 7 Ultra Edition
NVIDIA Drivers
NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Segoe UI
Speed eMule.co.il v8.0 (0.48a)
Spybot - Search & Destroy 1.5.2.20
Steam
TeamSpeak 2 RC2
TeamSpeak 2 Server RC2
Ulead COOL 360 1.0
Unreal Tournament G.O.T.Y. Edition
Ventrilo Client
VentriloMIX
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WOW
Xfire (remove only)
XviD MPEG-4 Codec
×›×œ×™ ×”×”×¢×œ××” ×©×œ Windows Live
×ž×¡×™×™×¢ ×”×›× ×™×¡×” ×©×œ Windows Live
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows Internet Explorer 7 (KB928090)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows Internet Explorer 7 (KB931768)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows Internet Explorer 7 (KB933566)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows Internet Explorer 7 (KB937143)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows Internet Explorer 7 (KB938127)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows Internet Explorer 7 (KB939653)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows Internet Explorer 7 (KB942615)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows Internet Explorer 7 (KB944533)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows Internet Explorer 7 (KB950759)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows Media Playerâ€ (KB911564)
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows Media Player 11â€ (KB936782)
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows Media Player 6.4â€ (KB925398)
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows Media Player 9â€ (KB911565)
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows Media Player 9â€ (KB917734)
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows Media Player 9â€ (KB936782)
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB890046)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB893066)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB893756)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB896358)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB896422)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB896423)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB896424)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB896428)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB896688)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB899587)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB899591)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB900725)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB901017)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB901190)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB901214)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB902400)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB904706)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB905414)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB905749)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB905915)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB908519)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB908531)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB911562)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB911567)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB911927)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB912812)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB912919)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB913446)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB913580)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB914388)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB914389)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB916281)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB917159)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB917344)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB917422)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB917953)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB918118)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB918439)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB918899)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB919007)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB920213)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB920214)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB920670)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB920683)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB920685)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB921398)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB921503)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB921883)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB922616)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB922760)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB922819)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB923191)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB923414)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XPâ€ (KB923689)
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB923694)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB923980)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB924191)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB924270)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB924496)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB924667)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB925454)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB925486)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB925902)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB926255)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB926436)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB927779)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB927802)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB928255)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB928843)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB929123)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB930178)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB931261)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB931784)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB932168)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB933729)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB935839)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB935840)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB936021)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB938829)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB941202)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB941568)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XPâ€ (KB941569)
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB941644)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB941693)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB943055)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB943460)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB943485)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB944653)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB945553)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB946026)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB948590)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB948881)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB950749)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB950760)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB950762)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB951376)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB951376-v2)â€Ž
×¢×“×›×•×Ÿ ××‘×˜×—×” ×¢×‘×•×¨ Windows XP (KB951698)â€Ž
×¢×“×›×•×Ÿ ×¢×‘×•×¨ Windows XP (KB894391)â€Ž
×¢×“×›×•×Ÿ ×¢×‘×•×¨ Windows XP (KB898461)â€Ž
×¢×“×›×•×Ÿ ×¢×‘×•×¨ Windows XP (KB900485)â€Ž
×¢×“×›×•×Ÿ ×¢×‘×•×¨ Windows XP (KB904942)â€Ž
×¢×“×›×•×Ÿ ×¢×‘×•×¨ Windows XP (KB910437)â€Ž
×¢×“×›×•×Ÿ ×¢×‘×•×¨ Windows XP (KB911280)â€Ž
×¢×“×›×•×Ÿ ×¢×‘×•×¨ Windows XP (KB916595)â€Ž
×¢×“×›×•×Ÿ ×¢×‘×•×¨ Windows XP (KB920872)â€Ž
×¢×“×›×•×Ÿ ×¢×‘×•×¨ Windows XP (KB922582)â€Ž
×¢×“×›×•×Ÿ ×¢×‘×•×¨ Windows XP (KB925720)â€Ž
×¢×“×›×•×Ÿ ×¢×‘×•×¨ Windows XP (KB927891)â€Ž
×¢×“×›×•×Ÿ ×¢×‘×•×¨ Windows XP (KB929338)â€Ž
×¢×“×›×•×Ÿ ×¢×‘×•×¨ Windows XP (KB930916)â€Ž
×¢×“×›×•×Ÿ ×¢×‘×•×¨ Windows XP (KB931836)â€Ž
×¢×“×›×•×Ÿ ×¢×‘×•×¨ Windows XP (KB932823-v3)â€Ž
×¢×“×›×•×Ÿ ×¢×‘×•×¨ Windows XP (KB933360)â€Ž
×¢×“×›×•×Ÿ ×¢×‘×•×¨ Windows XP (KB936357)â€Ž
×¢×“×›×•×Ÿ ×¢×‘×•×¨ Windows XP (KB938828)â€Ž
×¢×“×›×•×Ÿ ×¢×‘×•×¨ Windows XP (KB942763)â€Ž
×ª×™×§×•×Ÿ ×—× ×¢×‘×•×¨ Windows Internet Explorer 7 (KB947864)â€Ž
×ª×™×§×•×Ÿ ×—× ×¢×‘×•×¨ Windows Media Player 11â€ (KB939683)
×ª×™×§×•×Ÿ ×—× ×¢×‘×•×¨ Windows XP (KB914440)â€Ž
--------------------

LSP-Fix 'Keep' side entries:

Name (Description)

winrnr.dll (NTDS)
wshbth.dll (Bluetooth Namespace)
samnsp.dll (Juniper Secure DNS (Top))
PrxerNsp.dll (Proxifier Nsp)
mswsock.dll (Tcpip)
Prxerdrv.dll (Protocol handler)
rsvpsp.dll (Protocol handler)

guestolo · « **Reply #11 on:** June 28, 2009, 01:56:04 PM »

I want to see if we can rid you of those 010 entries in Hijackthis report

Can you create a new System Restore point
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Select the "Create a Restore Point" radio button
Give the new restore point a name, any name, such as Brenneka
Then click Create
When it's successfully created
Close the window from System Restore

Close down all other windows, especially your web browsers
Reopen LSP Fix
Put a tick in "I Know what I'm doing"
Then move ONLY the following from the Keep side to the REMOVE side
PrxerNsp.dll (Proxifier Nsp)
Prxerdrv.dll (Protocol handler)

Click Finish on the bottom right of the screen
When done, reboot your computer

Come back here and post a fresh Hijackthis log afterwards

NOTE: ONLY if you have lost Internet connection after doing the above
Use System Restore to restore back to that Brennaka restore point
But only if you have lost Internet connection after the reboot

Brenneka · « **Reply #12 on:** June 28, 2009, 02:40:45 PM »

I did what you said and I lost internet connection so I restored back to the point I had created. How come is that program so important? I downloaded it about a year ago to connect to a proxy and bypass some country-IP check for an online game. I didn't use it then so I don't even know how it works.

guestolo · « **Reply #13 on:** June 28, 2009, 02:44:59 PM »

Please download [color=\"red\"]SystemLook[/color] from one of the links below and save it to your Desktop.
[color=\"blue\"]Download Mirror #1[/color]
[color=\"blue\"]Download Mirror #2[/color][/b]

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code: [Select]
:dir C:\Program Files
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Brenneka · « **Reply #14 on:** June 28, 2009, 02:51:55 PM »

SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 22:51 on 28/06/2009 by ×¢×“×Ÿ (Administrator - Elevation successful)

========== dir ==========

C:\Program Files - Parameters: "(none)"

---Files---
Thumbs.db   --ahs- 48640 bytes   [12:14 29/01/2005]   [12:14 29/01/2005]

---Folders---
ACD Systems   d-----   [08:21 08/05/2004]
Adobe   d-----   [14:10 08/08/2004]
Ahead   d-----   [18:37 17/11/2004]
Apple Software Update   d-----   [18:04 17/10/2007]
Avira   d-----   [11:02 31/05/2009]
AvRack   d-----   [16:33 30/04/2004]
CCleaner   d-----   [09:06 08/04/2007]
Common Files   d-a---   [17:01 30/04/2004]
ComPlus Applications   d-----   [16:11 30/04/2004]
D-Tools   d-----   [13:03 07/08/2004]
DAEMON Tools   d-----   [13:58 01/01/2008]
directx   d-----   [12:51 12/09/2004]
DivX   d-----   [11:25 10/05/2004]
Download Direct   d-----   [11:02 31/05/2009]
ECI Telecoms   d-----   [11:02 31/05/2009]
eMule   d-----   [10:40 31/05/2009]
eMule.co.il   d-----   [12:16 07/11/2006]
ESE   d-----   [14:13 29/03/2008]
ESET   d-----   [11:06 31/05/2009]
Game Cam Lite v1.4   d-----   [09:40 13/10/2007]
Gravity   d-----   [22:19 08/11/2007]
GRETECH   d-----   [10:33 26/12/2008]
HighMAT CD Writing Wizard   d-----   [18:26 07/05/2004]
HijackThis   d-----   [09:21 08/04/2007]
ICQ6   d-----   [19:05 14/07/2008]
InstallShield Installation Information   d--h--   [16:33 30/04/2004]
InterMute   d-----   [11:06 31/05/2009]
Internet Explorer   d-----   [16:11 30/04/2004]
Java   d-----   [23:04 04/06/2004]
JavaSoft   d-----   [00:54 18/05/2004]
Juniper Networks   d-----   [15:58 26/08/2008]
Knight-Empire.net   d-----   [10:53 31/05/2009]
Malwarebytes' Anti-Malware   d-----   [18:06 06/06/2009]
Messenger   d-----   [16:11 30/04/2004]
Microsoft   d-----   [07:27 01/04/2009]
Microsoft CAPICOM 2.1.0.2   d-----   [11:01 31/05/2009]
microsoft frontpage   d-----   [16:14 30/04/2004]
Microsoft Office   d-----   [16:59 30/04/2004]
mIRC   d-----   [08:14 19/06/2009]
Movie Maker   d-----   [16:12 30/04/2004]
Mozilla Firefox   d-----   [09:13 13/06/2009]
MP3 Player Utilities 3.73   d-----   [16:58 19/11/2006]
MSBuild   d-----   [06:25 30/01/2008]
MSI   d-----   [16:24 30/04/2004]
MSN   d-----   [16:11 30/04/2004]
MSN Gaming Zone   d-----   [16:11 30/04/2004]
MSXML 6.0   d-----   [11:01 31/05/2009]
Nero   d-----   [15:58 02/12/2006]
Netex   d-----   [11:06 31/05/2009]
NetMeeting   d-----   [16:12 30/04/2004]
Online Services   d-----   [16:11 30/04/2004]
Outlook Express   d-----   [16:12 30/04/2004]
QuickTime   d-----   [19:33 20/03/2008]
Reference Assemblies   d-----   [06:19 30/01/2008]
SodaBush   d-----   [11:04 31/05/2009]
Sony Setup   d-----   [11:06 31/05/2009]
Spybot - Search & Destroy   d-----   [08:04 28/06/2009]
Spybot - Search & Destroy2   d-----   [10:31 31/05/2009]
Tactical Ops   d-----   [16:20 04/11/2006]
Teamspeak2_RC2   d-----   [16:48 31/03/2006]
Teamspeak2_RC2_Server   d-----   [15:38 02/02/2007]
Trend Micro   d-----   [19:08 06/06/2009]
Uninstall Information   d--h--   [16:17 30/04/2004]
Ventrilo   d-----   [19:56 06/03/2008]
VentriloMIX   d-----   [16:57 26/08/2007]
Windows Journal Viewer   d-----   [12:34 26/01/2007]
Windows Live   d-----   [07:26 01/04/2009]
Windows Live SkyDrive   d-----   [07:27 01/04/2009]
Windows Media Connect 2   d-----   [18:15 17/11/2007]
Windows Media Player   d-----   [16:12 30/04/2004]
Windows NT   d-----   [16:10 30/04/2004]
WindowsUpdate   d--h--   [16:11 30/04/2004]
WinRAR   d-----   [11:27 10/05/2004]
WinZip   d-----   [11:27 10/05/2004]
wow250   d-----   [11:04 31/05/2009]
xerox   d-----   [16:14 30/04/2004]
Xfire   d-----   [14:20 25/05/2009]
XviD   d-----   [21:39 05/11/2008]
â€â€×¢×•×ª×§ ×©×œ Teamspeak2_RC2   d-----   [15:45 21/05/2007]

-=End Of File=-

guestolo · « **Reply #15 on:** June 28, 2009, 02:56:19 PM »

I don't see the Proxifier folder no longer
Try a reinstall of Proxifier Standard Edition with the latest version

http://www.proxifier.com/download.htm
After install, restart the computer
Back in Windows, go and uninstall it again, restart the computer

Post a fresh Hijackthis log afterwards

Brenneka · « **Reply #16 on:** June 28, 2009, 03:11:00 PM »

Wow that's some weird [censored]. I downloaded Proxifier from one of the links you gave me, installed it, rebooted pc, uninstalled it, then rebooted again and I lost internet connection, so I restored again to the point I had saved...

guestolo · « **Reply #17 on:** June 28, 2009, 03:53:16 PM »

Ok, let's try the following
Print these instructions, or save them to a text file on desktop

Go to START>>Control Panel>>Open "Network Connections"
Right click on your connection>>Probably LAN
and select Properties
Hightlight Internet Protocol (TCP/IP) and select Properties

Write down preferred and alternated dns server addresses, just in case we must manually add those entries
I assume Obtain an IP address automatically is checked

Download and save to desktop
WinsockXPFix.exe from the following link
http://majorgeeks.com/WinSock_XP_Fix_d4372.html

Redownload Proxifier and install it and then uninstall it, reboot the computer afterwards
Back in Windows, if you have no Internet

Ensure IE is not set to use Proxy settings
In windows Control Panel, select Internet Options>>Connections tab
LAN Settings button
Ensure Use Proxy server is unticked, if it is ticked, untick, reboot again, see if you have connection
Try more than one Browser

If still no connection
Keep all windows closed
Run WinsockXPfix.exe, follow the prompts
Reboot the computer again afterwards

Back in Windows
If still no connection:
Go back to Network connections in Control Panel
Right click on your connection>>Probably LAN
and select Properties
Hightlight Internet Protocol (TCP/IP) and select Properties
If you have "Use the following DNS server" Providers ticked with addresses you wrote down earlier
Select the Radio button to "Obtain DNS server addresses automatically"
Ok out of there, reboot, any luck?

Brenneka · « **Reply #18 on:** June 28, 2009, 04:35:01 PM »

It worked after I ran WinsockXPfix.exe and rebooted! But I just ran a Hijackthis scan and there's still one 'Unknown Winsock LSP' file (log below). By the way, we still haven't got rid of Spybot S&D, can we try and remove it completely, or should I just leave it alone as it's not any bad? Thanks mate!!! I appreciate it greatly, you're the best <3

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:30:22, on 29/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\×¢×“×Ÿ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ×¢×•×–×¨ ×”×›× ×™×¡×” ×©×œ Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\×¢×“×Ÿ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &×™×¦× ×œ- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202306177953
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://play.battlefield-heroes.com/static/...er_4.0.15.0.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ssl.sonol.co.il/dana-cached/setup/J...perSetupSP1.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} - http://irc.nana.co.il/Cabs/launcher39.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{138FBCB5-DF29-4828-B640-71D6034CC076}: NameServer = 192.115.106.35 62.219.186.7
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7709 bytes

guestolo · « **Reply #19 on:** June 28, 2009, 09:49:50 PM »

Don't worry about that last entry in Hijackthis related to the 010 entry, it's legit

Can you delete the following folders
C:\Program Files\Spybot - Search & Destroy < this folder
C:\Program Files\Spybot - Search & Destroy2 < this folder

Afterwards, let's install the version of Spybot your having a problem with
Download,Save, Install this version
Spybot - Search & Destroy 1.5.2.20

After installation, ensure TeaTimer is NOT running
uninstall it from Add and Remove Programs
Reboot the computer afterwards
Back in Windows

Again, post a fresh Hijackthis log

News:

Author Topic: Random slowness and crashes (Read 3391 times)