Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System32 servies.exe terminated unexpectedly


  • This topic is locked This topic is locked
50 replies to this topic

#1 Shalgi

Shalgi

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 14 September 2009 - 07:30 AM

Hello.

For a couple of days I've been expiriencing the next problem - when I start up my computer, it loads windows as usual and a few seconds after the startup, a message appears saying "system32/services.exe terminated unexpectedly, the system will restart in 00:60".
It then counts down until 00:00 and restarts the computer.
Every couple of restarts, this message doesn't appear and this is how I was able to come here and post this message.
I've tryed looking in the internet for some way to solve this issue, but everything I've found was "run Malwarebytes' Anti-Malware" or other programs which didn't help.

I'd appriciate it if someone here could help me out.

As for the DDS log:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Aviv Shalgi at 14:52:51.45 on Mon 09/14/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.972.1033.18.2047.910 [GMT 3:00]

AV: AVG 7.5.432 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\windows\Explorer.EXE
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\vVX1000.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Messenger\msmsgs.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
D:\MetaTrader 4\terminal.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Aviv Shalgi\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.gamers.org.il/
uSearch Bar = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: H - No File
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRunOnce: [UniblueRegistryBooster] "c:\program files\uniblue\registrybooster 2009\launcher.exe" delay 20000
mRun: [Six Engine] "c:\program files\asus\six engine\SixEngine.exe" -r
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG7_CC] c:\progra~1\grisoft\avgfre~1\avgcc.exe /STARTUP
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [Lexmark X5100 Series] "c:\program files\lexmark x5100 series\lxbabmgr.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "d:\itunes\iTunesHelper.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [AVG7_Run] c:\progra~1\grisoft\avgfre~1\avgw.exe /RUNONCE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &??? ?- Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {e59eb121-f339-4851-a3ba-fe49c35617c2} - c:\icq\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5067a26b-1337-4436-8afe-ee169c2da79f} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77bf5300-1474-4ec7-9980-d32b190e9b07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {20a60f0d-9afa-4515-a0fd-83bd84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {cafeefac-0016-0000-0015-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {f5a7706b-b9c0-4c89-a715-7a0c6b05dd48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-22 64160]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-6-10 150568]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2008-9-12 4224]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2008-9-12 3968]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avgfre~1\avgamsvr.exe [2008-9-12 343552]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avgfre~1\avgupsvc.exe [2008-9-12 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avgfre~1\avgemc.exe [2008-9-12 323072]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2008-9-12 4960]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 icq service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2009-9-4 222968]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-19 1029456]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-9-12 36864]
S1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2008-9-12 816672]
S1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2008-9-12 28416]
S1 bf629657;bf629657;c:\windows\system32\drivers\bf629657.sys --> c:\windows\system32\drivers\bf629657.sys [?]
S2 askupgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-8-14 234888]
S2 gupdate1c9863899e545c0;Google Update Service (gupdate1c9863899e545c0);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\RpcAgentSrv.exe [2009-2-22 98488]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688]

=============== Created Last 30 ================

2009-09-11 15:39 <DIR> --d----- c:\program files\iPod
2009-09-11 15:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-09-04 18:44 <DIR> --d----- c:\program files\ICQ6Toolbar
2009-09-04 18:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ICQ
2009-08-25 19:00 <DIR> --d----- c:\documents and settings\aviv shalgi\.webrenderer

==================== Find3M ====================

2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-06-15 22:14 59,800 a------- c:\docume~1\avivsh~1\applic~1\GDIPFONTCACHEV1.DAT
2008-11-06 17:49 18,036 a------- c:\docume~1\alluse~1\applic~1\edunyky.com
2008-11-06 17:49 15,396 a------- c:\program files\common files\wyqovypap._dl
2008-11-06 17:49 14,230 a------- c:\docume~1\avivsh~1\applic~1\voce.dat
2008-11-06 17:49 13,494 a------- c:\program files\common files\geluzes.pif
2008-11-06 17:49 12,354 a------- c:\docume~1\avivsh~1\applic~1\sodarulihe.bat
2008-11-06 17:49 11,928 a------- c:\docume~1\avivsh~1\applic~1\alisoromug.dat
2008-11-06 17:49 11,167 a------- c:\docume~1\avivsh~1\applic~1\busehepu.sys
2006-06-23 09:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe
2008-11-06 21:54 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110620081107\index.dat

============= FINISH: 14:53:00.35 ===============

Thank you.
Shalgi

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:45 AM

Posted 30 September 2009 - 07:49 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Pleaseinclude a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Shalgi

Shalgi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 04 October 2009 - 03:01 PM

Hello.

Sorry for not responding earlier.
Since I got no reply in the forum, i've tryed to solve the problem in other means and after running "Malwarebytes' Anti-Malware" twice, the message stopped appearing.

If you wish to recieve any other information like logs and such, for future problems, please let me know.
Thanks again for your assistance.
Shalgi

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:45 AM

Posted 05 October 2009 - 03:35 AM

Hi,

it really is up to you. :( If you think that Malwarebytes removed all your problems and you don't want your PC checked, I'll move on to another topic, if you would like to check out your PC and make sure nothing is still sticking around I'll be happy to help you out.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Shalgi

Shalgi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 05 October 2009 - 04:46 AM

Hi,

I'll be happy if you could look and see if everything is gone or some stuff has remained.
I've ran OTL as you requested and here are the results.
OTL.txt:
OTL logfile created on: 05/10/2009 11:23:52 - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Aviv Shalgi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040D | Country: Israel | Language: HEB | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.47% Memory free
3.85 Gb Paging File | 2.97 Gb Available in Paging File | 77.22% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 29.78 Gb Free Space | 60.98% Space Free | Partition Type: NTFS
Drive D: | 416.93 Gb Total Space | 241.33 Gb Free Space | 57.88% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AVIV
Current User Name: Aviv Shalgi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/09/21 16:54:18 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2003/02/27 22:58:34 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\windows\System32\LEXBCES.EXE
PRC - [2003/02/27 22:56:00 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\windows\System32\LEXPPS.EXE
PRC - [2008/04/14 02:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\windows\Explorer.EXE
PRC - [2008/06/02 22:36:34 | 05,964,800 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
PRC - [2008/05/16 08:39:00 | 16,862,720 | R--- | M] (Realtek Semiconductor Corp.) -- C:\windows\RTHDCPL.EXE
PRC - [2009/09/21 16:54:20 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2007/04/10 23:46:52 | 00,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2009/07/25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/08 20:09:42 | 00,305,440 | ---- | M] (Apple Inc.) -- D:\iTunes\iTunesHelper.exe
PRC - [2009/05/14 14:47:08 | 02,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/09/23 11:19:29 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/07/26 16:43:48 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
PRC - [2009/01/01 19:16:02 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2008/04/14 02:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/09/12 20:04:51 | 00,343,552 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
PRC - [2008/09/12 20:04:52 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
PRC - [2008/09/12 20:04:52 | 00,323,072 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/05/14 14:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/06/01 21:20:12 | 00,222,968 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/05/17 23:45:33 | 00,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2008/07/11 02:28:06 | 40,999,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2009/03/27 23:03:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvsvc32.exe
PRC - [2008/07/10 02:49:44 | 00,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2004/08/04 14:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wbem\unsecapp.exe
PRC - [2009/02/06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wbem\wmiprvse.exe
PRC - [2009/09/08 20:09:30 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/14 20:55:58 | 00,288,048 | ---- | M] (BitTorrent, Inc.) -- D:\uTorrent\uTorrent.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/10/05 11:23:34 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aviv Shalgi\Desktop\OTL.exe
PRC - [2009/05/08 19:14:06 | 00,292,136 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/04/02 11:47:04 | 00,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (askupgrade [Auto | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/09/12 20:04:51 | 00,343,552 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -- (Avg7Alrt [Auto | Running])
SRV - [2008/09/12 20:04:52 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe -- (Avg7UpdSvc [Auto | Running])
SRV - [2008/09/12 20:04:52 | 00,323,072 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe -- (AVGEMS [Auto | Running])
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/05/14 14:54:22 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (ehttpsrv [On_Demand | Stopped])
SRV - [2009/05/14 14:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/03 21:49:58 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9863899e545c0 [Auto | Stopped])
SRV - [2009/03/26 16:18:26 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/14 02:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/06/01 21:20:12 | 00,222,968 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (icq service [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/09/08 20:09:30 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (ipod service [On_Demand | Running])
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (javaquickstarterservice [Auto | Running])
SRV - [2009/09/21 16:54:18 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2003/02/27 22:58:34 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\windows\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2007/05/17 23:45:33 | 00,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc [Auto | Running])
SRV - [2008/07/11 02:28:06 | 40,999,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running])
SRV - [2008/07/11 02:28:04 | 00,047,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100 [Disabled | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/03/27 23:03:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2008/12/11 14:53:38 | 00,098,488 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe -- (SandraAgentSrv [On_Demand | Stopped])
SRV - [2008/07/11 02:28:06 | 00,369,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS [Disabled | Stopped])
SRV - [2008/07/10 02:49:34 | 00,258,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped])
SRV - [2008/07/10 02:49:44 | 00,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
SRV - [2006/10/18 17:35:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2007/12/17 11:14:06 | 00,012,400 | R--- | M] () -- C:\windows\System32\drivers\AsIO.sys -- (AsIO [System | Running])
DRV - [2008/09/12 20:04:54 | 00,816,672 | ---- | M] (GRISOFT, s.r.o.) -- C:\windows\System32\Drivers\avg7core.sys -- (Avg7Core [System | Stopped])
DRV - [2008/09/12 20:04:55 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\windows\System32\Drivers\avg7rsw.sys -- (Avg7RsW [System | Running])
DRV - [2008/09/12 20:04:55 | 00,028,416 | ---- | M] (GRISOFT, s.r.o.) -- C:\windows\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP [System | Stopped])
DRV - [2008/09/12 20:04:56 | 00,003,968 | ---- | M] (GRISOFT, s.r.o.) -- C:\windows\System32\Drivers\avgclean.sys -- (AvgClean [System | Running])
DRV - [2008/09/12 20:04:55 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) -- C:\windows\System32\Drivers\avgtdi.sys -- (AvgTdi [Auto | Running])
DRV - [2009/05/14 14:41:10 | 00,114,472 | ---- | M] (ESET) -- C:\windows\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running])
DRV - [2009/05/14 14:47:14 | 00,107,256 | ---- | M] (ESET) -- C:\windows\System32\DRIVERS\ehdrv.sys -- (ehdrv [System | Running])
DRV - [2009/05/14 14:49:32 | 00,094,360 | ---- | M] (ESET) -- C:\windows\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [System | Running])
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\windows\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2007/12/31 12:03:23 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\windows\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/05/20 11:53:00 | 04,800,000 | R--- | M] (Realtek Semiconductor Corp.) -- C:\windows\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008/02/03 01:54:00 | 00,036,864 | R--- | M] (Atheros Communications, Inc.) -- C:\windows\System32\DRIVERS\l1e51x86.sys -- (L1e [On_Demand | Running])
DRV - [2009/04/26 16:59:23 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\windows\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2004/08/13 20:56:20 | 00,005,810 | R--- | M] () -- C:\windows\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2008/06/10 12:33:10 | 00,150,568 | ---- | M] (Marvell Semiconductor, Inc.) -- C:\windows\system32\DRIVERS\mv61xx.sys -- (mv61xx [Boot | Running])
DRV - [2009/03/27 23:03:00 | 06,280,416 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/08/04 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\windows\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/07/10 02:49:14 | 00,242,712 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DRIVERS\RsFx0102.sys -- (RsFx0102 [Disabled | Stopped])
DRV - [2008/11/25 22:57:04 | 00,022,432 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys -- (SANDRA [On_Demand | Stopped])
DRV - [2008/04/13 18:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\windows\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2007/04/10 23:46:53 | 01,966,312 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DRIVERS\VX1000.sys -- (VX1000 [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-789336058-602609370-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-789336058-602609370-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-789336058-602609370-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-789336058-602609370-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-789336058-602609370-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gamers.org.il/
IE - HKU\S-1-5-21-789336058-602609370-839522115-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-789336058-602609370-839522115-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-789336058-602609370-839522115-1003\S-1-5-21-789336058-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2008/11/03 16:50:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/06 16:07:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: c:\program files\real\realplayer\browserrecord\firefox\ext [2009/09/23 11:19:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\thunderbird\extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird


O1 HOSTS File: (770 bytes) - C:\windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Skype add-on (mastermind)) - {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-789336058-602609370-839522115-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\windows\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG7_CC] C:\Program Files\Grisoft\AVG Free\avgcc.exe (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [iTunesHelper] D:\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Lexmark X5100 Series] C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\windows\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\Six Engine\SixEngine.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [AVG7_Run] C:\Program Files\Grisoft\AVG Free\avgw.exe (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-18..\Run: [AVG7_Run] C:\Program Files\Grisoft\AVG Free\avgw.exe (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-19..\Run: [AVG7_Run] C:\Program Files\Grisoft\AVG Free\avgw.exe (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-20..\Run: [AVG7_Run] C:\Program Files\Grisoft\AVG Free\avgw.exe (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-21-789336058-602609370-839522115-1003..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-789336058-602609370-839522115-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-789336058-602609370-839522115-1003..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-789336058-602609370-839522115-1003..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &יצא ל- Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: הוסף לבלוג - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &הוסף לבלוג ב- Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067a26b-1337-4436-8afe-ee169c2da79f} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77bf5300-1474-4ec7-9980-d32b190e9b07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {e59eb121-f339-4851-a3ba-fe49c35617c2} - C:\ICQ\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {e59eb121-f339-4851-a3ba-fe49c35617c2} - C:\ICQ\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\windows\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\windows\System32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {20a60f0d-9afa-4515-a0fd-83bd84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {cafeefac-0016-0000-0015-abcdeffedcba} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popca...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {f5a7706b-b9c0-4c89-a715-7a0c6b05dd48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.179.52.100 80.179.55.100
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{593a0c3a-aba4-11de-ba90-00221546d103}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/09/11 14:39:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/10 14:59:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2009/09/23 11:20:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/09/23 11:19:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/09/11 14:39:45 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/09/11 14:38:07 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/09/23 11:19:30 | 00,000,000 | ---D | C] -- C:\Program Files\real
[2009/10/05 11:23:28 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Aviv Shalgi\Desktop\OTL.exe
[2009/09/26 14:47:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aviv Shalgi\My Documents\Passports
[2009/09/23 11:19:48 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\windows\System32\rmoc3260.dll
[2009/09/23 11:19:43 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\windows\System32\pndx5016.dll
[2009/09/23 11:19:43 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\windows\System32\pndx5032.dll
[2009/09/14 14:33:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aviv Shalgi\Desktop\services.exe problem

========== Files - Modified Within 30 Days ==========

[1 C:\windows\System32\*.tmp files]
[7 C:\windows\*.tmp files]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/10/05 11:23:34 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aviv Shalgi\Desktop\OTL.exe
[2009/10/05 11:11:10 | 00,000,868 | ---- | M] () -- C:\windows\tasks\Google Software Updater.job
[2009/10/05 11:09:00 | 00,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/05 10:31:04 | 00,600,792 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2009/10/05 10:31:04 | 00,497,668 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2009/10/05 10:31:04 | 00,091,714 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2009/10/05 10:26:52 | 00,208,485 | ---- | M] () -- C:\windows\System32\nvapps.xml
[2009/10/05 10:26:48 | 00,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/05 10:26:48 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2009/10/05 10:26:46 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2009/10/05 00:00:00 | 01,048,630 | ---- | M] () -- C:\windows\SOH.BMP
[2009/10/05 00:00:00 | 00,000,761 | ---- | M] () -- C:\windows\SOHO Live Images.ini
[2009/10/04 21:29:16 | 00,000,466 | ---- | M] () -- C:\windows\LEXSTAT.INI
[2009/10/04 15:25:42 | 00,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2009/10/01 07:03:01 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2009/09/29 13:08:54 | 00,061,952 | ---- | M] () -- C:\Documents and Settings\Aviv Shalgi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/28 17:54:17 | 00,000,472 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2009/09/24 15:12:49 | 21,453,86496 | ---- | M] () -- C:\windows\MEMORY.DMP
[2009/09/23 11:19:48 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\windows\System32\rmoc3260.dll
[2009/09/23 11:19:43 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\windows\System32\pndx5016.dll
[2009/09/23 11:19:43 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\windows\System32\pndx5032.dll
[2009/09/23 11:19:31 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\windows\System32\pncrt.dll
[2009/09/21 16:55:16 | 00,015,688 | ---- | M] () -- C:\windows\System32\lsdelete.exe
[2009/09/14 18:30:13 | 00,000,506 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Startforex Trader.lnk
[2009/09/11 15:21:22 | 08,972,228 | ---- | M] () -- C:\Documents and Settings\Aviv Shalgi\Desktop\Diego Torres- Andando.mp3
[2009/09/11 15:17:54 | 04,766,454 | ---- | M] () -- C:\Documents and Settings\Aviv Shalgi\Desktop\Juanes- Fotografía.mp3
[2009/09/11 15:15:42 | 03,343,217 | ---- | M] () -- C:\Documents and Settings\Aviv Shalgi\Desktop\Gloria Estefan- Hoy.mp3
[2009/09/11 14:57:48 | 03,996,165 | ---- | M] () -- C:\Documents and Settings\Aviv Shalgi\Desktop\Diego Torres y Juan Luis Guerra - Abriendo Caminos.mp3
[2009/09/11 14:57:43 | 04,623,174 | ---- | M] () -- C:\Documents and Settings\Aviv Shalgi\Desktop\Celia Cruz & Tito Puente - Quimbara.mp3
[2009/09/10 13:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2009/09/10 13:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

========== Files - No Company Name ==========
[2009/09/14 18:30:13 | 00,000,506 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Startforex Trader.lnk
[2009/09/11 15:07:56 | 08,972,228 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Desktop\Diego Torres- Andando.mp3
[2009/09/11 15:07:53 | 03,343,217 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Desktop\Gloria Estefan- Hoy.mp3
[2009/09/11 15:07:49 | 04,766,454 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Desktop\Juanes- Fotografía.mp3
[2009/09/11 14:48:15 | 03,996,165 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Desktop\Diego Torres y Juan Luis Guerra - Abriendo Caminos.mp3
[2009/09/11 14:47:11 | 04,623,174 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Desktop\Celia Cruz & Tito Puente - Quimbara.mp3
[2009/06/13 16:47:21 | 00,212,992 | ---- | C] () -- C:\windows\System32\WMIMPLEX.dll
[2009/06/13 16:47:21 | 00,040,960 | ---- | C] () -- C:\windows\System32\maplec.dll
[2009/06/13 16:47:21 | 00,020,480 | ---- | C] () -- C:\windows\System32\maplecompat.dll
[2009/05/27 16:55:03 | 00,015,498 | ---- | C] () -- C:\windows\VX1000.ini
[2009/05/07 13:48:41 | 00,000,207 | ---- | C] () -- C:\windows\cdplayer.ini
[2009/02/22 16:52:50 | 08,507,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2009/01/15 08:19:00 | 01,724,416 | ---- | C] () -- C:\windows\System32\nvwdmcpl.dll
[2009/01/15 08:19:00 | 01,503,232 | ---- | C] () -- C:\windows\System32\nview.dll
[2009/01/15 08:19:00 | 01,101,824 | ---- | C] () -- C:\windows\System32\nvwimg.dll
[2009/01/15 08:19:00 | 00,466,944 | ---- | C] () -- C:\windows\System32\nvshell.dll
[2009/01/06 21:19:57 | 00,000,043 | ---- | C] () -- C:\windows\gswin32.ini
[2008/12/16 16:58:16 | 00,000,664 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Local Settings\Application Data\d3d9caps.dat
[2008/11/06 16:49:17 | 00,018,036 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\edunyky.com
[2008/11/06 16:49:17 | 00,016,718 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\parakavy._dl
[2008/11/06 16:49:17 | 00,015,396 | ---- | C] () -- C:\Program Files\Common Files\wyqovypap._dl
[2008/11/06 16:49:17 | 00,015,341 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Local Settings\Application Data\vifuf.lib
[2008/11/06 16:49:17 | 00,014,404 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ruripu.ban
[2008/11/06 16:49:17 | 00,014,230 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Application Data\voce.dat
[2008/11/06 16:49:17 | 00,013,494 | ---- | C] () -- C:\Program Files\Common Files\geluzes.pif
[2008/11/06 16:49:17 | 00,012,974 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xovupusemy.ban
[2008/11/06 16:49:17 | 00,012,929 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Local Settings\Application Data\cikuqovase.exe
[2008/11/06 16:49:17 | 00,012,354 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Application Data\sodarulihe.bat
[2008/11/06 16:49:17 | 00,012,134 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Local Settings\Application Data\xaba.reg
[2008/11/06 16:49:17 | 00,011,928 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Application Data\alisoromug.dat
[2008/11/06 16:49:17 | 00,011,167 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Application Data\busehepu.sys
[2008/11/06 15:56:22 | 00,000,761 | ---- | C] () -- C:\windows\SOHO Live Images.ini
[2008/11/01 15:07:35 | 00,765,952 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2008/11/01 15:07:35 | 00,180,224 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2008/10/28 13:26:25 | 00,061,952 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/22 21:32:47 | 00,059,800 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2008/09/12 17:02:06 | 00,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2008/09/12 15:52:49 | 00,000,466 | ---- | C] () -- C:\windows\LEXSTAT.INI
[2008/09/12 15:51:53 | 00,000,188 | ---- | C] () -- C:\windows\System32\lxbacoin.ini
[2008/09/12 15:51:52 | 00,077,824 | ---- | C] () -- C:\windows\System32\LXBALCNP.DLL
[2008/09/12 14:25:47 | 00,059,800 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/09/12 13:35:13 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/09/12 13:33:23 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Aviv Shalgi\Application Data\desktop.ini
[2008/09/12 12:42:01 | 00,024,576 | R--- | C] () -- C:\windows\System32\AsIO.dll
[2008/09/12 12:42:01 | 00,012,400 | R--- | C] () -- C:\windows\System32\drivers\AsIO.sys
[2008/09/12 12:41:59 | 00,011,832 | ---- | C] () -- C:\windows\System32\drivers\AsInsHelp64.sys
[2008/09/12 12:41:59 | 00,010,216 | ---- | C] () -- C:\windows\System32\drivers\AsInsHelp32.sys
[2008/09/12 12:27:22 | 00,035,112 | ---- | C] () -- C:\windows\Ascd_log.ini
[2008/09/12 12:27:06 | 00,005,810 | R--- | C] () -- C:\windows\System32\drivers\ASACPI.sys
[2008/09/12 12:26:53 | 00,034,721 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2008/09/12 12:26:52 | 00,010,296 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2004/08/04 14:00:00 | 00,000,624 | ---- | C] () -- C:\windows\win.ini
[2004/08/04 14:00:00 | 00,000,227 | ---- | C] () -- C:\windows\system.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9

========== Files - Unicode (All) ==========
[2009/09/29 17:00:16 | 00,000,000 | ---D | M](C:\Documents and Settings\Aviv Shalgi\My Documents\???) -- C:\Documents and Settings\Aviv Shalgi\My Documents\צבא
[2009/09/29 16:42:52 | 00,105,177 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ???? ????? ??????? 30.09.09.html) -- C:\Documents and Settings\Aviv Shalgi\My Documents\כרטיסי טיסה ומלון לבודפשט 30.09.09.html
[2009/09/29 16:42:51 | 00,105,177 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ???? ????? ??????? 30.09.09.html) -- C:\Documents and Settings\Aviv Shalgi\My Documents\כרטיסי טיסה ומלון לבודפשט 30.09.09.html
[2009/09/29 15:19:40 | 00,000,000 | ---D | M](C:\Documents and Settings\Aviv Shalgi\Desktop\?????? ???????) -- C:\Documents and Settings\Aviv Shalgi\Desktop\תמונות מהמצלמה
[2009/09/29 15:11:14 | 00,000,000 | ---D | C](C:\Documents and Settings\Aviv Shalgi\Desktop\?????? ???????) -- C:\Documents and Settings\Aviv Shalgi\Desktop\תמונות מהמצלמה
[2009/09/25 12:51:20 | 00,000,000 | ---D | M](C:\Documents and Settings\Aviv Shalgi\My Documents\??????) -- C:\Documents and Settings\Aviv Shalgi\My Documents\השקעות
[2009/09/23 22:31:17 | 00,024,064 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\????? ?????.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\מטמון חמיצר.doc
[2009/09/23 22:31:17 | 00,024,064 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\????? ?????.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\מטמון חמיצר.doc
[2009/09/16 18:06:47 | 00,279,752 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ?????? ????? ?? ??????? ??????? 2009.pdf) -- C:\Documents and Settings\Aviv Shalgi\My Documents\טופס לביטוח לאומי על מילואים בספטמבר 2009.pdf
[2009/09/16 18:06:47 | 00,279,752 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ?????? ????? ?? ??????? ??????? 2009.pdf) -- C:\Documents and Settings\Aviv Shalgi\My Documents\טופס לביטוח לאומי על מילואים בספטמבר 2009.pdf
[2009/09/10 18:45:59 | 00,016,384 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ??? 2.xls) -- C:\Documents and Settings\Aviv Shalgi\My Documents\בידינג שנה 2.xls
[2009/09/06 18:17:30 | 01,066,398 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\Desktop\??? ????? ?????? ?????.jpg) -- C:\Documents and Settings\Aviv Shalgi\Desktop\רשת תלייה ושלושה מדפים.jpg
[2009/09/06 18:17:24 | 00,954,738 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\Desktop\????? ?????.jpg) -- C:\Documents and Settings\Aviv Shalgi\Desktop\שולחן עבודה.jpg
[2009/09/03 16:24:06 | 00,016,384 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ??? 2.xls) -- C:\Documents and Settings\Aviv Shalgi\My Documents\בידינג שנה 2.xls
[2009/09/03 16:04:12 | 00,046,080 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ??? 1.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\בידינג שנה 1.doc
[2009/09/03 16:04:12 | 00,046,080 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ??? 1.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\בידינג שנה 1.doc
[2009/08/25 11:15:24 | 00,954,738 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\Desktop\????? ?????.jpg) -- C:\Documents and Settings\Aviv Shalgi\Desktop\שולחן עבודה.jpg
[2009/08/25 11:15:12 | 01,066,398 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\Desktop\??? ????? ?????? ?????.jpg) -- C:\Documents and Settings\Aviv Shalgi\Desktop\רשת תלייה ושלושה מדפים.jpg
[2009/08/23 19:49:15 | 00,343,040 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ?????? ?? ???.ppt) -- C:\Documents and Settings\Aviv Shalgi\My Documents\קבלה ללפטופ של אבא.ppt
[2009/08/23 19:49:15 | 00,343,040 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ?????? ?? ???.ppt) -- C:\Documents and Settings\Aviv Shalgi\My Documents\קבלה ללפטופ של אבא.ppt
[2009/08/23 19:44:31 | 00,179,697 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\??????? ????? ???? 2.jpg) -- C:\Documents and Settings\Aviv Shalgi\My Documents\חשבונית אופיס דיפו 2.jpg
[2009/08/23 19:44:31 | 00,179,697 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\??????? ????? ???? 2.jpg) -- C:\Documents and Settings\Aviv Shalgi\My Documents\חשבונית אופיס דיפו 2.jpg
[2009/08/23 19:44:00 | 00,123,212 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\??????? ????? ????.jpg) -- C:\Documents and Settings\Aviv Shalgi\My Documents\חשבונית אופיס דיפו.jpg
[2009/08/23 19:43:58 | 00,123,212 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\??????? ????? ????.jpg) -- C:\Documents and Settings\Aviv Shalgi\My Documents\חשבונית אופיס דיפו.jpg
[2009/08/19 09:58:47 | 00,994,304 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\Desktop\???? ????? ??? ?????.doc) -- C:\Documents and Settings\Aviv Shalgi\Desktop\מבחן איתור רמה מתקדם.doc
[2009/08/16 15:17:04 | 00,024,064 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\Desktop\???.doc) -- C:\Documents and Settings\Aviv Shalgi\Desktop\הוט.doc
[2009/08/16 15:17:04 | 00,024,064 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\Desktop\???.doc) -- C:\Documents and Settings\Aviv Shalgi\Desktop\הוט.doc
[2009/08/13 15:01:41 | 00,994,304 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\Desktop\???? ????? ??? ?????.doc) -- C:\Documents and Settings\Aviv Shalgi\Desktop\מבחן איתור רמה מתקדם.doc
[2009/08/10 23:30:12 | 00,000,000 | ---D | M](C:\Documents and Settings\Aviv Shalgi\My Documents\???? ??????) -- C:\Documents and Settings\Aviv Shalgi\My Documents\חוזה שכירות
[2009/08/06 17:52:34 | 00,129,611 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\Desktop\???? ???.jpg) -- C:\Documents and Settings\Aviv Shalgi\Desktop\ברקו קשת.jpg
[2009/08/06 17:47:35 | 00,129,611 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\Desktop\???? ???.jpg) -- C:\Documents and Settings\Aviv Shalgi\Desktop\ברקו קשת.jpg
[2009/08/03 20:12:10 | 00,014,848 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ???????????.xls) -- C:\Documents and Settings\Aviv Shalgi\My Documents\ציונים באוניברסיטה.xls
[2009/08/01 21:48:29 | 00,000,000 | ---D | M](C:\Documents and Settings\Aviv Shalgi\My Documents\???) -- C:\Documents and Settings\Aviv Shalgi\My Documents\אמא
[2009/08/01 12:09:56 | 00,000,000 | ---D | M](C:\Documents and Settings\Aviv Shalgi\My Documents\????) -- C:\Documents and Settings\Aviv Shalgi\My Documents\תארו
[2009/08/01 12:03:36 | 00,000,000 | ---D | C](C:\Documents and Settings\Aviv Shalgi\My Documents\????) -- C:\Documents and Settings\Aviv Shalgi\My Documents\תארו
[2009/07/31 10:17:32 | 00,083,968 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ?????? ???? ????? - 3.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\הסכם שכירות בלתי מוגנת - 3.doc
[2009/07/31 10:17:29 | 00,083,968 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ?????? ???? ????? - 3.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\הסכם שכירות בלתי מוגנת - 3.doc
[2009/07/28 18:51:05 | 00,028,160 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ????? ?? ????????? 2009.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\נספח לחוזה עם גולדפינגר 2009.doc
[2009/07/28 18:48:04 | 00,028,160 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ????? ?? ????????? 2009.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\נספח לחוזה עם גולדפינגר 2009.doc
[2009/07/23 22:49:42 | 00,000,000 | ---D | C](C:\Documents and Settings\Aviv Shalgi\My Documents\???? ??????) -- C:\Documents and Settings\Aviv Shalgi\My Documents\חוזה שכירות
[2009/07/14 20:39:37 | 00,000,000 | ---D | M](C:\Documents and Settings\Aviv Shalgi\My Documents\???) -- C:\Documents and Settings\Aviv Shalgi\My Documents\אבא
[2009/06/06 19:54:48 | 00,000,000 | ---D | M](C:\Documents and Settings\Aviv Shalgi\My Documents\????? ????) -- C:\Documents and Settings\Aviv Shalgi\My Documents\קורות חיים
[2009/05/09 15:21:28 | 00,014,848 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ???????????.xls) -- C:\Documents and Settings\Aviv Shalgi\My Documents\ציונים באוניברסיטה.xls
[2009/05/06 19:43:57 | 00,140,800 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\????? ??????.ppt) -- C:\Documents and Settings\Aviv Shalgi\My Documents\תעודת סטודנט.ppt
[2009/05/06 19:43:57 | 00,140,800 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\????? ??????.ppt) -- C:\Documents and Settings\Aviv Shalgi\My Documents\תעודת סטודנט.ppt
[2009/04/29 11:40:08 | 00,033,280 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\??? ??? ??''?.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\בתי ספר בת''א.doc
[2009/04/28 17:57:32 | 00,033,280 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\??? ??? ??''?.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\בתי ספר בת''א.doc
[2009/04/26 17:47:37 | 00,000,000 | ---D | M](C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ??????) -- C:\Documents and Settings\Aviv Shalgi\My Documents\מסמכים לנסיעה
[2009/04/20 17:00:49 | 00,025,600 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ????? ?????? - ????? ????? 2.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\מכתב למשרד הרישוי - נהיגה מונעת 2.doc
[2009/04/20 16:56:27 | 00,025,600 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ????? ?????? - ????? ????? 2.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\מכתב למשרד הרישוי - נהיגה מונעת 2.doc
[2009/04/12 18:25:57 | 00,145,516 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\??? ??????? ???? 2.jpg) -- C:\Documents and Settings\Aviv Shalgi\My Documents\קרן השתלמות רעות 2.jpg
[2009/04/12 18:25:45 | 00,145,516 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\??? ??????? ???? 2.jpg) -- C:\Documents and Settings\Aviv Shalgi\My Documents\קרן השתלמות רעות 2.jpg
[2009/04/12 14:39:44 | 00,013,824 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ??? ?? ????.xls) -- C:\Documents and Settings\Aviv Shalgi\My Documents\הוצאות דלק של אביב.xls
[2009/04/12 14:36:44 | 00,013,824 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ??? ?? ????.xls) -- C:\Documents and Settings\Aviv Shalgi\My Documents\הוצאות דלק של אביב.xls
[2009/03/12 20:07:47 | 01,061,888 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ???? ????? ??????? - ????? ???.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\הצעת מחיר מעלית חיצונית - איציק לוי.doc
[2009/03/12 20:07:35 | 01,061,888 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ???? ????? ??????? - ????? ???.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\הצעת מחיר מעלית חיצונית - איציק לוי.doc
[2009/03/12 15:56:29 | 00,000,921 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ?????? ???.lnk) -- C:\Documents and Settings\Aviv Shalgi\My Documents\תיקיות השיתוף שלי.lnk
[2009/03/11 23:51:02 | 00,000,000 | ---D | C](C:\Documents and Settings\Aviv Shalgi\My Documents\???) -- C:\Documents and Settings\Aviv Shalgi\My Documents\צבא
[2009/02/21 20:56:47 | 00,000,000 | ---D | C](C:\Documents and Settings\Aviv Shalgi\My Documents\????? ????) -- C:\Documents and Settings\Aviv Shalgi\My Documents\קורות חיים
[2009/01/29 14:34:34 | 00,030,208 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ???? ?????? ?? ????.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\מייל לגבי הפנסיה של אביב.doc
[2009/01/29 14:34:34 | 00,030,208 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ???? ?????? ?? ????.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\מייל לגבי הפנסיה של אביב.doc
[2008/12/27 21:37:52 | 00,000,000 | ---D | C](C:\Documents and Settings\Aviv Shalgi\My Documents\???) -- C:\Documents and Settings\Aviv Shalgi\My Documents\אמא
[2008/12/17 17:26:37 | 00,000,000 | ---D | C](C:\Documents and Settings\Aviv Shalgi\My Documents\??????) -- C:\Documents and Settings\Aviv Shalgi\My Documents\השקעות
[2008/12/13 13:49:29 | 00,000,000 | ---D | C](C:\Documents and Settings\Aviv Shalgi\My Documents\???) -- C:\Documents and Settings\Aviv Shalgi\My Documents\אבא
[2008/12/08 22:21:57 | 00,029,696 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\??????? ??????.ppt) -- C:\Documents and Settings\Aviv Shalgi\My Documents\שיעורים פרטיים.ppt
[2008/12/08 22:19:13 | 00,029,696 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\??????? ??????.ppt) -- C:\Documents and Settings\Aviv Shalgi\My Documents\שיעורים פרטיים.ppt
[2008/12/07 10:31:22 | 01,086,976 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ???? ?????.ppt) -- C:\Documents and Settings\Aviv Shalgi\My Documents\סריקות לקרן פנסיה.ppt
[2008/12/07 10:26:53 | 01,086,976 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ???? ?????.ppt) -- C:\Documents and Settings\Aviv Shalgi\My Documents\סריקות לקרן פנסיה.ppt
[2008/11/27 21:45:23 | 00,024,064 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\להראל.doc
[2008/11/27 21:45:22 | 00,024,064 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\להראל.doc
[2008/10/30 14:15:28 | 00,000,000 | ---D | M](C:\Documents and Settings\Aviv Shalgi\Desktop\?????) -- C:\Documents and Settings\Aviv Shalgi\Desktop\פסגות
[2008/10/30 14:14:44 | 00,000,000 | ---D | C](C:\Documents and Settings\Aviv Shalgi\Desktop\?????) -- C:\Documents and Settings\Aviv Shalgi\Desktop\פסגות
[2008/10/20 16:00:53 | 00,102,400 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?? ????? ????? ??????? ????.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\דף ריכוז רנטות לניצולי שואה.doc
[2008/10/20 16:00:52 | 00,102,400 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?? ????? ????? ??????? ????.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\דף ריכוז רנטות לניצולי שואה.doc
[2008/10/09 16:59:04 | 00,824,832 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\??? ????? 60 ????.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\יום הולדת 60 ליעל.doc
[2008/10/09 13:15:00 | 00,000,000 | ---D | M](C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ??? ???????) -- C:\Documents and Settings\Aviv Shalgi\My Documents\הקבצים שלי שהתקבלו
[2008/10/09 12:14:43 | 00,824,832 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\??? ????? 60 ????.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\יום הולדת 60 ליעל.doc
[2008/09/13 14:17:18 | 00,000,000 | ---D | C](C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ??????) -- C:\Documents and Settings\Aviv Shalgi\My Documents\מסמכים לנסיעה
[2008/09/12 18:15:07 | 00,000,778 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\Desktop\????.lnk) -- C:\Documents and Settings\Aviv Shalgi\Desktop\סורק.lnk
[2008/09/12 15:52:03 | 00,000,778 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\Desktop\????.lnk) -- C:\Documents and Settings\Aviv Shalgi\Desktop\סורק.lnk
[2008/09/12 15:36:52 | 00,000,921 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ?????? ???.lnk) -- C:\Documents and Settings\Aviv Shalgi\My Documents\תיקיות השיתוף שלי.lnk
[2008/09/12 15:33:11 | 00,000,000 | ---D | C](C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ??? ???????) -- C:\Documents and Settings\Aviv Shalgi\My Documents\הקבצים שלי שהתקבלו
< End of report >

Extras.txt:
OTL Extras logfile created on: 05/10/2009 11:23:52 - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Aviv Shalgi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040D | Country: Israel | Language: HEB | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.47% Memory free
3.85 Gb Paging File | 2.97 Gb Available in Paging File | 77.22% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 29.78 Gb Free Space | 60.98% Space Free | Partition Type: NTFS
Drive D: | 416.93 Gb Total Space | 241.33 Gb Free Space | 57.88% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AVIV
Current User Name: Aviv Shalgi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Grisoft\AVG Free\avginet.exe" = C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe -- (GRISOFT, s.r.o.)
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe" = C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe -- (GRISOFT, s.r.o.)
"C:\Program Files\Grisoft\AVG Free\avgcc.exe" = C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe -- (GRISOFT, s.r.o.)
"C:\Program Files\Grisoft\AVG Free\avgemc.exe" = C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe -- (GRISOFT, s.r.o.)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\ICQ\ICQ6\ICQ.exe" = C:\ICQ\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Programs\BitTorrent\bittorrent.exe" = C:\Programs\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"D:\uTorrent\uTorrent.exe" = D:\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\ICQ\ICQ6.5\ICQ.exe" = C:\ICQ\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"D:\iTunes\iTunes.exe" = D:\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{035D48BB-503E-4F09-9D52-EC57D3411DDC}" = Windows Live Essentials
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0c34b801-6aec-4667-b053-03a67e2d0415}" = Apple Application Support
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = כלי ההעלאה של Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{29C632CB-6EDC-49E0-9D43-DAAB7D2F1074}" = Windows Live Writer
"{2eebac31-3eef-4118-91cb-1a286a507db2}" = ESET NOD32 Antivirus
"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113 Gigabit/Fast Ethernet Driver
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = Startforex Trader 4.00
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.1
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{634328D0-C948-4C4D-BDE9-58015B941648}" = Windows Live Messenger
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7c503e58-b2bc-11d5-978a-0050ba84f5f7}" = Neverwinter Nights
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{885A5214-9CDD-40E0-A89D-7672588748E1}" = Windows Live Call
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8b53527d-bbb2-43a5-91d7-9ed772fd737f}" = Skype web features
"{8dae4336-2b71-11d4-9a6c-006067325e47}" = Baldur's Gate™ II - Shadows of Amn™
"{9028040D-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional עם FrontPage
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{a429c2ae-ebf1-4f81-a221-1c115caaddad}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{aadea55d-c834-4bcb-98a3-4b8d1c18f4ee}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1037-7B44-A81200000003}" = Adobe Reader 8 - Hebrew
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP2
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{d103c4ba-f905-437a-8049-db24763bbe36}" = Skype™ 4.1
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{ec2a8f27-4fbf-4e41-b27b-fe822511b761}" = iTunes
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"Ad-Aware" = Ad-Aware
"adobe flash player activex" = Adobe Flash Player 10 ActiveX
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"ask toolbar_is1" = Ask Toolbar
"AVG7Uninstall" = AVG Free Edition
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DSMT5" = MathType 5
"Google Updater" = Google Updater
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"Graph_is1" = Graph 4.3
"GSview 4.9" = GSview 4.9
"icqtoolbar" = ICQ Toolbar
"ie8" = Windows Internet Explorer 8
"Lexmark X5100 Series" = Lexmark X5100 Series
"malwarebytes' anti-malware_is1" = Malwarebytes' Anti-Malware
"Maple 12" = Maple 12
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"mv61xxDriver" = marvell 61xx
"nero - burning rom!uninstallkey" = Nero 6 Demo
"NVIDIA Drivers" = NVIDIA Drivers
"Orb" = Winamp Remote
"pfportchecker" = PFPortChecker 1.0.30
"pokerstars.net" = PokerStars.net
"RealPlayer 12.0" = RealPlayer
"SystemRequirementsLab" = System Requirements Lab
"Total Video Converter 3.21_is1" = Total Video Converter 3.20 090114
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-789336058-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"utorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/10/2009 02:12:37 | Computer Name = AVIV | Source = Google Update | ID = 20
Description =

Error - 04/10/2009 03:12:37 | Computer Name = AVIV | Source = Google Update | ID = 20
Description =

Error - 04/10/2009 04:12:37 | Computer Name = AVIV | Source = Google Update | ID = 20
Description =

Error - 04/10/2009 05:12:37 | Computer Name = AVIV | Source = Google Update | ID = 20
Description =

Error - 04/10/2009 06:12:25 | Computer Name = AVIV | Source = Google Update | ID = 20
Description =

Error - 04/10/2009 07:12:37 | Computer Name = AVIV | Source = Google Update | ID = 20
Description =

Error - 04/10/2009 08:12:36 | Computer Name = AVIV | Source = Google Update | ID = 20
Description =

Error - 04/10/2009 09:12:37 | Computer Name = AVIV | Source = Google Update | ID = 20
Description =

Error - 04/10/2009 14:57:26 | Computer Name = AVIV | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

Error - 04/10/2009 14:57:26 | Computer Name = AVIV | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

[ System Events ]
Error - 04/10/2009 14:57:08 | Computer Name = AVIV | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 05/10/2009 04:27:06 | Computer Name = AVIV | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2

Error - 05/10/2009 04:27:06 | Computer Name = AVIV | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 05/10/2009 04:27:13 | Computer Name = AVIV | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Avg7Core Avg7RsXP

Error - 05/10/2009 04:27:14 | Computer Name = AVIV | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 05/10/2009 04:27:14 | Computer Name = AVIV | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2

Error - 05/10/2009 04:27:17 | Computer Name = AVIV | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 05/10/2009 04:27:18 | Computer Name = AVIV | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2

Error - 05/10/2009 04:27:28 | Computer Name = AVIV | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 05/10/2009 04:27:28 | Computer Name = AVIV | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2


< End of report >

Is there anything else required?

Thanks again for the help,
Shalgi

Attached Files



#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:45 AM

Posted 06 October 2009 - 04:02 AM

Hi,
the logs look rather clean. A couple of remarks though:

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
As AVG7 is outdated I would like to ask you to remove it and only keep Eset AntiVirus. If you need another Antispyware scanner I would advise to use Malwarebytes, which also seems to be installed on your system.

You also have the Ask Toolbar installed. I consider it on the borderline to malware and would ask you to remove it:
Go to Start > Control Panel > Add or Remove Programs.

Remove the following programs, if they are present.
  • Ask Toolbar
If you are unsure of how to use Add or Remove Programs, the please see this tutorial:
How To Remove An Installed Program From Your Computer

Next we are going to remove a couple of old malware files:
Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    
    [2008/11/06 16:49:17 | 00,018,036 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\edunyky.com
    [2008/11/06 16:49:17 | 00,016,718 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\parakavy._dl
    [2008/11/06 16:49:17 | 00,015,396 | ---- | C] () -- C:\Program Files\Common Files\wyqovypap._dl
    [2008/11/06 16:49:17 | 00,015,341 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Local Settings\Application Data\vifuf.lib
    [2008/11/06 16:49:17 | 00,014,404 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ruripu.ban
    [2008/11/06 16:49:17 | 00,014,230 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Application Data\voce.dat
    [2008/11/06 16:49:17 | 00,013,494 | ---- | C] () -- C:\Program Files\Common Files\geluzes.pif
    [2008/11/06 16:49:17 | 00,012,974 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xovupusemy.ban
    [2008/11/06 16:49:17 | 00,012,929 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Local Settings\Application Data\cikuqovase.exe
    [2008/11/06 16:49:17 | 00,012,354 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Application Data\sodarulihe.bat
    [2008/11/06 16:49:17 | 00,012,134 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Local Settings\Application Data\xaba.reg
    [2008/11/06 16:49:17 | 00,011,928 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Application Data\alisoromug.dat
    [2008/11/06 16:49:17 | 00,011,167 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Application Data\busehepu.sys
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
Please also post a log from rootrepeal:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click Posted Image on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.
In your next reply I would like to see the logs from OTL and rootrepeal as well as a description of any remaining problem you might have.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Shalgi

Shalgi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 06 October 2009 - 05:42 AM

Hello.

I have removed the ask toolbar as you requested, but could not succeed in uninstalling AVG.
When I click the uninstall button, it scans some files and alerts me that i'm trying to install the program without a proper license.
How else can I uninstall it?

About the logs:
Here's the fixing part:
========== OTL ==========
C:\Documents and Settings\All Users\Application Data\edunyky.com moved successfully.
C:\Documents and Settings\All Users\Application Data\parakavy._dl moved successfully.
C:\Program Files\Common Files\wyqovypap._dl moved successfully.
C:\Documents and Settings\Aviv Shalgi\Local Settings\Application Data\vifuf.lib moved successfully.
C:\Documents and Settings\All Users\Application Data\ruripu.ban moved successfully.
C:\Documents and Settings\Aviv Shalgi\Application Data\voce.dat moved successfully.
C:\Program Files\Common Files\geluzes.pif moved successfully.
C:\Documents and Settings\All Users\Application Data\xovupusemy.ban moved successfully.
C:\Documents and Settings\Aviv Shalgi\Local Settings\Application Data\cikuqovase.exe moved successfully.
C:\Documents and Settings\Aviv Shalgi\Application Data\sodarulihe.bat moved successfully.
C:\Documents and Settings\Aviv Shalgi\Local Settings\Application Data\xaba.reg moved successfully.
C:\Documents and Settings\Aviv Shalgi\Application Data\alisoromug.dat moved successfully.
C:\Documents and Settings\Aviv Shalgi\Application Data\busehepu.sys moved successfully.

OTL by OldTimer - Version 3.0.18.4 log created on 10062009_122643

And this is the follow up scan's log:

OTL logfile created on: 06/10/2009 12:28:32 - Run 2
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Aviv Shalgi\Desktop\services.exe problem
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040D | Country: Israel | Language: HEB | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.08% Memory free
3.85 Gb Paging File | 3.11 Gb Available in Paging File | 80.89% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 29.77 Gb Free Space | 60.97% Space Free | Partition Type: NTFS
Drive D: | 416.93 Gb Total Space | 240.30 Gb Free Space | 57.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AVIV
Current User Name: Aviv Shalgi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\windows\System32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\windows\System32\LEXPPS.EXE (Lexmark International, Inc.)
PRC - C:\windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\ASUS\Six Engine\SixEngine.exe ()
PRC - C:\windows\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - D:\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Grisoft\AVG Free\avgemc.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\windows\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Aviv Shalgi\Desktop\services.exe problem\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Avg7Alrt [Auto | Running]) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe (GRISOFT, s.r.o.)
SRV - (Avg7UpdSvc [Auto | Running]) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe (GRISOFT, s.r.o.)
SRV - (AVGEMS [Auto | Running]) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe (GRISOFT, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehttpsrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gupdate1c9863899e545c0 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (icq service [Auto | Running]) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (ipod service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (javaquickstarterservice [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LexBceS [Auto | Running]) -- C:\windows\System32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (MSCamSvc [Auto | Running]) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper100 [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\windows\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (SandraAgentSrv [On_Demand | Stopped]) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe (SiSoftware)
SRV - (SQLAgent$SQLEXPRESS [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (SQLBrowser [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AsIO [System | Running]) -- C:\windows\System32\drivers\AsIO.sys ()
DRV - (Avg7Core [System | Stopped]) -- C:\windows\System32\Drivers\avg7core.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsW [System | Running]) -- C:\windows\System32\Drivers\avg7rsw.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsXP [System | Stopped]) -- C:\windows\System32\Drivers\avg7rsxp.sys (GRISOFT, s.r.o.)
DRV - (AvgClean [System | Running]) -- C:\windows\System32\Drivers\avgclean.sys (GRISOFT, s.r.o.)
DRV - (AvgTdi [Auto | Running]) -- C:\windows\System32\Drivers\avgtdi.sys (GRISOFT, s.r.o.)
DRV - (eamon [Auto | Running]) -- C:\windows\System32\DRIVERS\eamon.sys (ESET)
DRV - (ehdrv [System | Running]) -- C:\windows\System32\DRIVERS\ehdrv.sys (ESET)
DRV - (epfwtdir [System | Running]) -- C:\windows\System32\DRIVERS\epfwtdir.sys (ESET)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\windows\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\windows\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\windows\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (L1e [On_Demand | Running]) -- C:\windows\System32\DRIVERS\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (Lbd [Boot | Running]) -- C:\windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (MTsensor [On_Demand | Running]) -- C:\windows\System32\DRIVERS\ASACPI.sys ()
DRV - (mv61xx [Boot | Running]) -- C:\windows\system32\DRIVERS\mv61xx.sys (Marvell Semiconductor, Inc.)
DRV - (nv [On_Demand | Running]) -- C:\windows\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\windows\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RsFx0102 [Disabled | Stopped]) -- C:\windows\System32\DRIVERS\RsFx0102.sys (Microsoft Corporation)
DRV - (SANDRA [On_Demand | Stopped]) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys (SiSoftware)
DRV - (Secdrv [Auto | Running]) -- C:\windows\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (usbaudio [On_Demand | Running]) -- C:\windows\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (VX1000 [On_Demand | Running]) -- C:\windows\System32\DRIVERS\VX1000.sys (Microsoft Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gamers.org.il/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2008/11/03 16:50:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/06 16:07:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: c:\program files\real\realplayer\browserrecord\firefox\ext [2009/09/23 11:19:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\thunderbird\extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird


O1 HOSTS File: (770 bytes) - C:\windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\windows\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\windows\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\windows\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG7_CC] C:\Program Files\Grisoft\AVG Free\avgcc.exe (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [iTunesHelper] D:\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Lexmark X5100 Series] C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\windows\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\Six Engine\SixEngine.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\windows\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &יצא ל- Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: הוסף לבלוג - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &הוסף לבלוג ב- Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067a26b-1337-4436-8afe-ee169c2da79f} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77bf5300-1474-4ec7-9980-d32b190e9b07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {e59eb121-f339-4851-a3ba-fe49c35617c2} - C:\ICQ\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {e59eb121-f339-4851-a3ba-fe49c35617c2} - C:\ICQ\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\windows\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\windows\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {20a60f0d-9afa-4515-a0fd-83bd84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {cafeefac-0016-0000-0015-abcdeffedcba} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popca...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {f5a7706b-b9c0-4c89-a715-7a0c6b05dd48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.179.52.100 80.179.55.100
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\windows\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\windows\System32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\windows\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\windows\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\windows\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\windows\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\windows\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\windows\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\windows\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\windows\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\windows\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\windows\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\windows\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\windows\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\windows\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\windows\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\windows\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\windows\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{593a0c3a-aba4-11de-ba90-00221546d103}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/09/11 14:39:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/10 14:59:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2009/09/23 11:20:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/09/23 11:19:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/09/11 14:39:45 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/09/11 14:38:07 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/09/23 11:19:30 | 00,000,000 | ---D | C] -- C:\Program Files\real
[2009/10/06 12:26:43 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/26 14:47:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aviv Shalgi\My Documents\Passports
[2009/09/23 11:19:48 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\windows\System32\rmoc3260.dll
[2009/09/23 11:19:43 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\windows\System32\pndx5016.dll
[2009/09/23 11:19:43 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\windows\System32\pndx5032.dll
[2009/09/14 14:33:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aviv Shalgi\Desktop\services.exe problem

========== Files - Modified Within 30 Days ==========

[1 C:\windows\System32\*.tmp files]
[7 C:\windows\*.tmp files]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/10/06 12:14:16 | 00,497,668 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2009/10/06 12:14:16 | 00,091,714 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2009/10/06 12:14:15 | 00,600,792 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2009/10/06 12:10:19 | 00,000,868 | ---- | M] () -- C:\windows\tasks\Google Software Updater.job
[2009/10/06 12:10:04 | 00,208,485 | ---- | M] () -- C:\windows\System32\nvapps.xml
[2009/10/06 12:10:00 | 00,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/06 12:10:00 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2009/10/06 12:09:58 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2009/10/06 11:09:00 | 00,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/06 00:30:06 | 01,048,630 | ---- | M] () -- C:\windows\SOH.BMP
[2009/10/06 00:30:06 | 00,000,761 | ---- | M] () -- C:\windows\SOHO Live Images.ini
[2009/10/05 23:55:00 | 21,453,86496 | ---- | M] () -- C:\windows\MEMORY.DMP
[2009/10/05 17:55:48 | 00,000,472 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2009/10/04 21:29:16 | 00,000,466 | ---- | M] () -- C:\windows\LEXSTAT.INI
[2009/10/04 15:25:42 | 00,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2009/10/01 07:03:01 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2009/09/29 13:08:54 | 00,061,952 | ---- | M] () -- C:\Documents and Settings\Aviv Shalgi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/23 11:19:48 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\windows\System32\rmoc3260.dll
[2009/09/23 11:19:43 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\windows\System32\pndx5016.dll
[2009/09/23 11:19:43 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\windows\System32\pndx5032.dll
[2009/09/23 11:19:31 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\windows\System32\pncrt.dll
[2009/09/21 16:55:16 | 00,015,688 | ---- | M] () -- C:\windows\System32\lsdelete.exe
[2009/09/14 18:30:13 | 00,000,506 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Startforex Trader.lnk
[2009/09/11 15:21:22 | 08,972,228 | ---- | M] () -- C:\Documents and Settings\Aviv Shalgi\Desktop\Diego Torres- Andando.mp3
[2009/09/11 15:17:54 | 04,766,454 | ---- | M] () -- C:\Documents and Settings\Aviv Shalgi\Desktop\Juanes- Fotografía.mp3
[2009/09/11 15:15:42 | 03,343,217 | ---- | M] () -- C:\Documents and Settings\Aviv Shalgi\Desktop\Gloria Estefan- Hoy.mp3
[2009/09/11 14:57:48 | 03,996,165 | ---- | M] () -- C:\Documents and Settings\Aviv Shalgi\Desktop\Diego Torres y Juan Luis Guerra - Abriendo Caminos.mp3
[2009/09/11 14:57:43 | 04,623,174 | ---- | M] () -- C:\Documents and Settings\Aviv Shalgi\Desktop\Celia Cruz & Tito Puente - Quimbara.mp3
[2009/09/10 13:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2009/09/10 13:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

========== Files - No Company Name ==========
[2009/09/14 18:30:13 | 00,000,506 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Startforex Trader.lnk
[2009/09/11 15:07:56 | 08,972,228 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Desktop\Diego Torres- Andando.mp3
[2009/09/11 15:07:53 | 03,343,217 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Desktop\Gloria Estefan- Hoy.mp3
[2009/09/11 15:07:49 | 04,766,454 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Desktop\Juanes- Fotografía.mp3
[2009/09/11 14:48:15 | 03,996,165 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Desktop\Diego Torres y Juan Luis Guerra - Abriendo Caminos.mp3
[2009/09/11 14:47:11 | 04,623,174 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Desktop\Celia Cruz & Tito Puente - Quimbara.mp3
[2009/06/13 16:47:21 | 00,212,992 | ---- | C] () -- C:\windows\System32\WMIMPLEX.dll
[2009/06/13 16:47:21 | 00,040,960 | ---- | C] () -- C:\windows\System32\maplec.dll
[2009/06/13 16:47:21 | 00,020,480 | ---- | C] () -- C:\windows\System32\maplecompat.dll
[2009/05/27 16:55:03 | 00,015,498 | ---- | C] () -- C:\windows\VX1000.ini
[2009/05/07 13:48:41 | 00,000,207 | ---- | C] () -- C:\windows\cdplayer.ini
[2009/02/22 16:52:50 | 08,507,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2009/01/15 08:19:00 | 01,724,416 | ---- | C] () -- C:\windows\System32\nvwdmcpl.dll
[2009/01/15 08:19:00 | 01,503,232 | ---- | C] () -- C:\windows\System32\nview.dll
[2009/01/15 08:19:00 | 01,101,824 | ---- | C] () -- C:\windows\System32\nvwimg.dll
[2009/01/15 08:19:00 | 00,466,944 | ---- | C] () -- C:\windows\System32\nvshell.dll
[2009/01/06 21:19:57 | 00,000,043 | ---- | C] () -- C:\windows\gswin32.ini
[2008/12/16 16:58:16 | 00,000,664 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Local Settings\Application Data\d3d9caps.dat
[2008/11/06 15:56:22 | 00,000,761 | ---- | C] () -- C:\windows\SOHO Live Images.ini
[2008/11/01 15:07:35 | 00,765,952 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2008/11/01 15:07:35 | 00,180,224 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2008/10/28 13:26:25 | 00,061,952 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/22 21:32:47 | 00,059,800 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2008/09/12 17:02:06 | 00,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2008/09/12 15:52:49 | 00,000,466 | ---- | C] () -- C:\windows\LEXSTAT.INI
[2008/09/12 15:51:53 | 00,000,188 | ---- | C] () -- C:\windows\System32\lxbacoin.ini
[2008/09/12 15:51:52 | 00,077,824 | ---- | C] () -- C:\windows\System32\LXBALCNP.DLL
[2008/09/12 14:25:47 | 00,059,800 | ---- | C] () -- C:\Documents and Settings\Aviv Shalgi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/09/12 13:35:13 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/09/12 13:33:23 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Aviv Shalgi\Application Data\desktop.ini
[2008/09/12 12:42:01 | 00,024,576 | R--- | C] () -- C:\windows\System32\AsIO.dll
[2008/09/12 12:42:01 | 00,012,400 | R--- | C] () -- C:\windows\System32\drivers\AsIO.sys
[2008/09/12 12:41:59 | 00,011,832 | ---- | C] () -- C:\windows\System32\drivers\AsInsHelp64.sys
[2008/09/12 12:41:59 | 00,010,216 | ---- | C] () -- C:\windows\System32\drivers\AsInsHelp32.sys
[2008/09/12 12:27:22 | 00,035,112 | ---- | C] () -- C:\windows\Ascd_log.ini
[2008/09/12 12:27:06 | 00,005,810 | R--- | C] () -- C:\windows\System32\drivers\ASACPI.sys
[2008/09/12 12:26:53 | 00,034,721 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2008/09/12 12:26:52 | 00,010,296 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2004/08/04 14:00:00 | 00,000,624 | ---- | C] () -- C:\windows\win.ini
[2004/08/04 14:00:00 | 00,000,227 | ---- | C] () -- C:\windows\system.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9

========== Files - Unicode (All) ==========
[2009/10/06 00:05:36 | 00,000,000 | ---D | M](C:\Documents and Settings\Aviv Shalgi\My Documents\??????) -- C:\Documents and Settings\Aviv Shalgi\My Documents\השקעות
[2009/09/29 17:00:16 | 00,000,000 | ---D | M](C:\Documents and Settings\Aviv Shalgi\My Documents\???) -- C:\Documents and Settings\Aviv Shalgi\My Documents\צבא
[2009/09/29 16:42:52 | 00,105,177 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ???? ????? ??????? 30.09.09.html) -- C:\Documents and Settings\Aviv Shalgi\My Documents\כרטיסי טיסה ומלון לבודפשט 30.09.09.html
[2009/09/29 16:42:51 | 00,105,177 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ???? ????? ??????? 30.09.09.html) -- C:\Documents and Settings\Aviv Shalgi\My Documents\כרטיסי טיסה ומלון לבודפשט 30.09.09.html
[2009/09/29 15:19:40 | 00,000,000 | ---D | M](C:\Documents and Settings\Aviv Shalgi\Desktop\?????? ???????) -- C:\Documents and Settings\Aviv Shalgi\Desktop\תמונות מהמצלמה
[2009/09/29 15:11:14 | 00,000,000 | ---D | C](C:\Documents and Settings\Aviv Shalgi\Desktop\?????? ???????) -- C:\Documents and Settings\Aviv Shalgi\Desktop\תמונות מהמצלמה
[2009/09/23 22:31:17 | 00,024,064 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\????? ?????.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\מטמון חמיצר.doc
[2009/09/23 22:31:17 | 00,024,064 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\????? ?????.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\מטמון חמיצר.doc
[2009/09/16 18:06:47 | 00,279,752 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ?????? ????? ?? ??????? ??????? 2009.pdf) -- C:\Documents and Settings\Aviv Shalgi\My Documents\טופס לביטוח לאומי על מילואים בספטמבר 2009.pdf
[2009/09/16 18:06:47 | 00,279,752 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ?????? ????? ?? ??????? ??????? 2009.pdf) -- C:\Documents and Settings\Aviv Shalgi\My Documents\טופס לביטוח לאומי על מילואים בספטמבר 2009.pdf
[2009/09/10 18:45:59 | 00,016,384 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ??? 2.xls) -- C:\Documents and Settings\Aviv Shalgi\My Documents\בידינג שנה 2.xls
[2009/09/06 18:17:30 | 01,066,398 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\Desktop\??? ????? ?????? ?????.jpg) -- C:\Documents and Settings\Aviv Shalgi\Desktop\רשת תלייה ושלושה מדפים.jpg
[2009/09/06 18:17:24 | 00,954,738 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\Desktop\????? ?????.jpg) -- C:\Documents and Settings\Aviv Shalgi\Desktop\שולחן עבודה.jpg
[2009/09/03 16:24:06 | 00,016,384 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ??? 2.xls) -- C:\Documents and Settings\Aviv Shalgi\My Documents\בידינג שנה 2.xls
[2009/09/03 16:04:12 | 00,046,080 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ??? 1.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\בידינג שנה 1.doc
[2009/09/03 16:04:12 | 00,046,080 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ??? 1.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\בידינג שנה 1.doc
[2009/08/25 11:15:24 | 00,954,738 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\Desktop\????? ?????.jpg) -- C:\Documents and Settings\Aviv Shalgi\Desktop\שולחן עבודה.jpg
[2009/08/25 11:15:12 | 01,066,398 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\Desktop\??? ????? ?????? ?????.jpg) -- C:\Documents and Settings\Aviv Shalgi\Desktop\רשת תלייה ושלושה מדפים.jpg
[2009/08/23 19:49:15 | 00,343,040 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ?????? ?? ???.ppt) -- C:\Documents and Settings\Aviv Shalgi\My Documents\קבלה ללפטופ של אבא.ppt
[2009/08/23 19:49:15 | 00,343,040 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ?????? ?? ???.ppt) -- C:\Documents and Settings\Aviv Shalgi\My Documents\קבלה ללפטופ של אבא.ppt
[2009/08/23 19:44:31 | 00,179,697 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\??????? ????? ???? 2.jpg) -- C:\Documents and Settings\Aviv Shalgi\My Documents\חשבונית אופיס דיפו 2.jpg
[2009/08/23 19:44:31 | 00,179,697 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\??????? ????? ???? 2.jpg) -- C:\Documents and Settings\Aviv Shalgi\My Documents\חשבונית אופיס דיפו 2.jpg
[2009/08/23 19:44:00 | 00,123,212 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\??????? ????? ????.jpg) -- C:\Documents and Settings\Aviv Shalgi\My Documents\חשבונית אופיס דיפו.jpg
[2009/08/23 19:43:58 | 00,123,212 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\??????? ????? ????.jpg) -- C:\Documents and Settings\Aviv Shalgi\My Documents\חשבונית אופיס דיפו.jpg
[2009/08/19 09:58:47 | 00,994,304 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\Desktop\???? ????? ??? ?????.doc) -- C:\Documents and Settings\Aviv Shalgi\Desktop\מבחן איתור רמה מתקדם.doc
[2009/08/16 15:17:04 | 00,024,064 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\Desktop\???.doc) -- C:\Documents and Settings\Aviv Shalgi\Desktop\הוט.doc
[2009/08/16 15:17:04 | 00,024,064 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\Desktop\???.doc) -- C:\Documents and Settings\Aviv Shalgi\Desktop\הוט.doc
[2009/08/13 15:01:41 | 00,994,304 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\Desktop\???? ????? ??? ?????.doc) -- C:\Documents and Settings\Aviv Shalgi\Desktop\מבחן איתור רמה מתקדם.doc
[2009/08/10 23:30:12 | 00,000,000 | ---D | M](C:\Documents and Settings\Aviv Shalgi\My Documents\???? ??????) -- C:\Documents and Settings\Aviv Shalgi\My Documents\חוזה שכירות
[2009/08/06 17:52:34 | 00,129,611 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\Desktop\???? ???.jpg) -- C:\Documents and Settings\Aviv Shalgi\Desktop\ברקו קשת.jpg
[2009/08/06 17:47:35 | 00,129,611 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\Desktop\???? ???.jpg) -- C:\Documents and Settings\Aviv Shalgi\Desktop\ברקו קשת.jpg
[2009/08/03 20:12:10 | 00,014,848 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ???????????.xls) -- C:\Documents and Settings\Aviv Shalgi\My Documents\ציונים באוניברסיטה.xls
[2009/08/01 21:48:29 | 00,000,000 | ---D | M](C:\Documents and Settings\Aviv Shalgi\My Documents\???) -- C:\Documents and Settings\Aviv Shalgi\My Documents\אמא
[2009/08/01 12:09:56 | 00,000,000 | ---D | M](C:\Documents and Settings\Aviv Shalgi\My Documents\????) -- C:\Documents and Settings\Aviv Shalgi\My Documents\תארו
[2009/08/01 12:03:36 | 00,000,000 | ---D | C](C:\Documents and Settings\Aviv Shalgi\My Documents\????) -- C:\Documents and Settings\Aviv Shalgi\My Documents\תארו
[2009/07/31 10:17:32 | 00,083,968 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ?????? ???? ????? - 3.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\הסכם שכירות בלתי מוגנת - 3.doc
[2009/07/31 10:17:29 | 00,083,968 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ?????? ???? ????? - 3.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\הסכם שכירות בלתי מוגנת - 3.doc
[2009/07/28 18:51:05 | 00,028,160 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ????? ?? ????????? 2009.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\נספח לחוזה עם גולדפינגר 2009.doc
[2009/07/28 18:48:04 | 00,028,160 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ????? ?? ????????? 2009.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\נספח לחוזה עם גולדפינגר 2009.doc
[2009/07/23 22:49:42 | 00,000,000 | ---D | C](C:\Documents and Settings\Aviv Shalgi\My Documents\???? ??????) -- C:\Documents and Settings\Aviv Shalgi\My Documents\חוזה שכירות
[2009/07/14 20:39:37 | 00,000,000 | ---D | M](C:\Documents and Settings\Aviv Shalgi\My Documents\???) -- C:\Documents and Settings\Aviv Shalgi\My Documents\אבא
[2009/06/06 19:54:48 | 00,000,000 | ---D | M](C:\Documents and Settings\Aviv Shalgi\My Documents\????? ????) -- C:\Documents and Settings\Aviv Shalgi\My Documents\קורות חיים
[2009/05/09 15:21:28 | 00,014,848 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ???????????.xls) -- C:\Documents and Settings\Aviv Shalgi\My Documents\ציונים באוניברסיטה.xls
[2009/05/06 19:43:57 | 00,140,800 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\????? ??????.ppt) -- C:\Documents and Settings\Aviv Shalgi\My Documents\תעודת סטודנט.ppt
[2009/05/06 19:43:57 | 00,140,800 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\????? ??????.ppt) -- C:\Documents and Settings\Aviv Shalgi\My Documents\תעודת סטודנט.ppt
[2009/04/29 11:40:08 | 00,033,280 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\??? ??? ??''?.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\בתי ספר בת''א.doc
[2009/04/28 17:57:32 | 00,033,280 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\??? ??? ??''?.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\בתי ספר בת''א.doc
[2009/04/26 17:47:37 | 00,000,000 | ---D | M](C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ??????) -- C:\Documents and Settings\Aviv Shalgi\My Documents\מסמכים לנסיעה
[2009/04/20 17:00:49 | 00,025,600 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ????? ?????? - ????? ????? 2.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\מכתב למשרד הרישוי - נהיגה מונעת 2.doc
[2009/04/20 16:56:27 | 00,025,600 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ????? ?????? - ????? ????? 2.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\מכתב למשרד הרישוי - נהיגה מונעת 2.doc
[2009/04/12 18:25:57 | 00,145,516 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\??? ??????? ???? 2.jpg) -- C:\Documents and Settings\Aviv Shalgi\My Documents\קרן השתלמות רעות 2.jpg
[2009/04/12 18:25:45 | 00,145,516 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\??? ??????? ???? 2.jpg) -- C:\Documents and Settings\Aviv Shalgi\My Documents\קרן השתלמות רעות 2.jpg
[2009/04/12 14:39:44 | 00,013,824 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ??? ?? ????.xls) -- C:\Documents and Settings\Aviv Shalgi\My Documents\הוצאות דלק של אביב.xls
[2009/04/12 14:36:44 | 00,013,824 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ??? ?? ????.xls) -- C:\Documents and Settings\Aviv Shalgi\My Documents\הוצאות דלק של אביב.xls
[2009/03/12 20:07:47 | 01,061,888 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ???? ????? ??????? - ????? ???.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\הצעת מחיר מעלית חיצונית - איציק לוי.doc
[2009/03/12 20:07:35 | 01,061,888 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ???? ????? ??????? - ????? ???.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\הצעת מחיר מעלית חיצונית - איציק לוי.doc
[2009/03/12 15:56:29 | 00,000,921 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ?????? ???.lnk) -- C:\Documents and Settings\Aviv Shalgi\My Documents\תיקיות השיתוף שלי.lnk
[2009/03/11 23:51:02 | 00,000,000 | ---D | C](C:\Documents and Settings\Aviv Shalgi\My Documents\???) -- C:\Documents and Settings\Aviv Shalgi\My Documents\צבא
[2009/02/21 20:56:47 | 00,000,000 | ---D | C](C:\Documents and Settings\Aviv Shalgi\My Documents\????? ????) -- C:\Documents and Settings\Aviv Shalgi\My Documents\קורות חיים
[2009/01/29 14:34:34 | 00,030,208 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ???? ?????? ?? ????.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\מייל לגבי הפנסיה של אביב.doc
[2009/01/29 14:34:34 | 00,030,208 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\???? ???? ?????? ?? ????.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\מייל לגבי הפנסיה של אביב.doc
[2008/12/27 21:37:52 | 00,000,000 | ---D | C](C:\Documents and Settings\Aviv Shalgi\My Documents\???) -- C:\Documents and Settings\Aviv Shalgi\My Documents\אמא
[2008/12/17 17:26:37 | 00,000,000 | ---D | C](C:\Documents and Settings\Aviv Shalgi\My Documents\??????) -- C:\Documents and Settings\Aviv Shalgi\My Documents\השקעות
[2008/12/13 13:49:29 | 00,000,000 | ---D | C](C:\Documents and Settings\Aviv Shalgi\My Documents\???) -- C:\Documents and Settings\Aviv Shalgi\My Documents\אבא
[2008/12/08 22:21:57 | 00,029,696 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\??????? ??????.ppt) -- C:\Documents and Settings\Aviv Shalgi\My Documents\שיעורים פרטיים.ppt
[2008/12/08 22:19:13 | 00,029,696 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\??????? ??????.ppt) -- C:\Documents and Settings\Aviv Shalgi\My Documents\שיעורים פרטיים.ppt
[2008/12/07 10:31:22 | 01,086,976 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ???? ?????.ppt) -- C:\Documents and Settings\Aviv Shalgi\My Documents\סריקות לקרן פנסיה.ppt
[2008/12/07 10:26:53 | 01,086,976 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ???? ?????.ppt) -- C:\Documents and Settings\Aviv Shalgi\My Documents\סריקות לקרן פנסיה.ppt
[2008/11/27 21:45:23 | 00,024,064 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\להראל.doc
[2008/11/27 21:45:22 | 00,024,064 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\להראל.doc
[2008/10/30 14:15:28 | 00,000,000 | ---D | M](C:\Documents and Settings\Aviv Shalgi\Desktop\?????) -- C:\Documents and Settings\Aviv Shalgi\Desktop\פסגות
[2008/10/30 14:14:44 | 00,000,000 | ---D | C](C:\Documents and Settings\Aviv Shalgi\Desktop\?????) -- C:\Documents and Settings\Aviv Shalgi\Desktop\פסגות
[2008/10/20 16:00:53 | 00,102,400 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?? ????? ????? ??????? ????.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\דף ריכוז רנטות לניצולי שואה.doc
[2008/10/20 16:00:52 | 00,102,400 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?? ????? ????? ??????? ????.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\דף ריכוז רנטות לניצולי שואה.doc
[2008/10/09 16:59:04 | 00,824,832 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\??? ????? 60 ????.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\יום הולדת 60 ליעל.doc
[2008/10/09 13:15:00 | 00,000,000 | ---D | M](C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ??? ???????) -- C:\Documents and Settings\Aviv Shalgi\My Documents\הקבצים שלי שהתקבלו
[2008/10/09 12:14:43 | 00,824,832 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\??? ????? 60 ????.doc) -- C:\Documents and Settings\Aviv Shalgi\My Documents\יום הולדת 60 ליעל.doc
[2008/09/13 14:17:18 | 00,000,000 | ---D | C](C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ??????) -- C:\Documents and Settings\Aviv Shalgi\My Documents\מסמכים לנסיעה
[2008/09/12 18:15:07 | 00,000,778 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\Desktop\????.lnk) -- C:\Documents and Settings\Aviv Shalgi\Desktop\סורק.lnk
[2008/09/12 15:52:03 | 00,000,778 | ---- | M] ()(C:\Documents and Settings\Aviv Shalgi\Desktop\????.lnk) -- C:\Documents and Settings\Aviv Shalgi\Desktop\סורק.lnk
[2008/09/12 15:36:52 | 00,000,921 | ---- | C] ()(C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ?????? ???.lnk) -- C:\Documents and Settings\Aviv Shalgi\My Documents\תיקיות השיתוף שלי.lnk
[2008/09/12 15:33:11 | 00,000,000 | ---D | C](C:\Documents and Settings\Aviv Shalgi\My Documents\?????? ??? ???????) -- C:\Documents and Settings\Aviv Shalgi\My Documents\הקבצים שלי שהתקבלו
< End of report >

And the rootrepeal log:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/06 12:33
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\windows\System32\Drivers\dump_atapi.sys
Address: 0xB61A7000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\windows\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5FC000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\windows\system32\drivers\rootrepeal.sys
Address: 0xB5A2B000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\aviv shalgi\local settings\temp\~df7cc5.tmp
Status: Allocation size mismatch (API: 491520, Raw: 0)

Path: c:\documents and settings\aviv shalgi\local settings\temp\~dfca21.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\aviv shalgi\local settings\temp\~dfd3b1.tmp
Status: Allocation size mismatch (API: 81920, Raw: 16384)

Path: c:\documents and settings\aviv shalgi\local settings\temp\~df2a42.tmp
Status: Allocation size mismatch (API: 45056, Raw: 16384)

Path: c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\log\log_465.trc
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\log\log_468.trc
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\aviv shalgi\local settings\temporary internet files\content.ie5\vjh5x7h0\mail[7].htm
Status: Allocation size mismatch (API: 81920, Raw: 98304)

Path: c:\documents and settings\aviv shalgi\local settings\temporary internet files\content.ie5\vjh5x7h0\mail[11].htm
Status: Allocation size mismatch (API: 12288, Raw: 16384)

SSDT
-------------------
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x88b448a0

#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xba11887e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x88b43cb0

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x88b440d0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xba118bfe

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x88b446d0

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x88b444f0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x88b43ee0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x88b44310

Stealth Objects
-------------------
Object: Hidden Code [ETHREAD: 0x899b7598]
Process: System Address: 0x88b42930 Size: 1000

==EOF==

If you could help me out with the uninstallation of the AVG that would be great, and if there's anything else wrong that you see i'd be happy if you let me know.

Thanks again for the help.
Shalgi

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:45 AM

Posted 06 October 2009 - 05:58 AM

Hi,

please try the following instructions for removing AVG:


The following removal utility can be used to uninstall the program if the uninstall via Add/remove does not work:
  • Download the latest installation file of AVG from their website
  • After downloading, run teh file and choose the Uninstall Product option in the Select Setup Type dialoge
  • Finish the uninstallation process and restart your computer
If this fails as well, you can try to use AVGremover:

  • Download avgremover.exe and save it to your Desktop
  • Run the file avgremover.exe
  • Confirm that you want to uninstall.
  • Wait until the program confirms the removal
  • Restart your computer

Original instructions here:
http://www.avg.com/faq.num-1119#faq_1119

Please let me know if this works for you.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Shalgi

Shalgi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 06 October 2009 - 06:43 AM

Unfortunatly both suggestions haven't succeeded in removing the software.
Do you have any other ideas?

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:45 AM

Posted 08 October 2009 - 05:43 AM

Hi,

Do you get the same error message when you try to uninstall it using the remover? Have you tried uninstalling it in safe-mode?

If this does not work, please try revo-uninstaller:

1.Please download Revo Uninstaller.
2.Extract the ZIP file to a folder and run revouninstaller.exe from there! (You can copy that folder to an USB Mass storage drive and use it without any installation required!)
3.There are two ways to uninstall programs with Revo Uninstaller:
Important: Please, try to close the application you want to uninstall first!
Select the application in the list of installed applications and press the Uninstall button in the toolbar.
Right-click the application and click the Uninstall command in the displayed menu. Follow the instructions.

Please let me know if this helps you.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Shalgi

Shalgi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 10 October 2009 - 06:50 AM

Oh finally!
I've tryed removing it in safe mode, but it didn't work.
The Revo Uninstaller did work.
Thank you very much!

Just one last thing, I've noticed lately that when my computer turns on, after BIOS, there's a line "Invalid boot.ini file" that appears on the screen, and after a few seconds it disppears and windows shows up and works flawlessly.
I've tryed finding my Windows XP installation CD, but I couldn't find it - so I can't follow microsoft's advise on the issue.
Do you know any way I could solve this without the CD?

Thank you very much for all your help!
Shalgi

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:45 AM

Posted 10 October 2009 - 08:47 AM

Hi,

yes fixing the boot.ini should be possible. Let's start by looking for the file:

Please download SystemLook from jpshortstuff and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click the SystemLook and copy/paste the following into the box
    :filefind
    boot.ini
    :contents
    C:\boot.ini
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Shalgi

Shalgi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 10 October 2009 - 09:17 AM

Hi,
I've did as you asked and recieved the next log:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 16:16 on 10/10/2009 by Aviv Shalgi (Administrator - Elevation successful)

========== filefind ==========

Searching for "boot.ini"
No files found.

========== contents ==========

C:\boot.ini - Unable to open file.

-=End Of File=-

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:45 AM

Posted 10 October 2009 - 09:37 AM

Hi,

someone stole your boot.ini, which is an odd thing to have happened.

Please run the following to check if there is a backup present on your disk:

Please download SystemLook from jpshortstuff and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click the SystemLook and copy/paste the following into the box
    dir:
    C:\
    filefind:
    boot.*
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 Shalgi

Shalgi
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 10 October 2009 - 09:42 AM

Hi,

Why would someone steal my boot.ini?
Could it be that it got deleted somehow? (though I would never delete it myself intentionally).

Here's the log:
ystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 16:38 on 10/10/2009 by Aviv Shalgi (Administrator - Elevation successful)

No Context: dir:

No Context: C:\

No Context: filefind:

No Context: boot.*

-=End Of File=-

By the way, maybe I should've said it earlier, but I've had 2 "Windows XP" installed on my computer initially (one on C drive and one on D), and I've removed one (formatted D drive) - since there was no reason fo having both. Maybe it happened then?
Though this was over a year ago.

Thanks again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users