Shalom and thank you Elrond!
It is very kind of you to try and help me and i'm fully sure that you will succeed!
Since my last post I noticed that my computer isn't acting so slowly.
However, my norton antivirus found more viruses, this time called "W32.Pilleuz" and claimed to have removed them...
I'm now posting the logs that you requested. I have the two logs of OTL, but Gmer failed to complete the scan. The program stops responding and windows closes it...
The first file is OTL.txt (i ran it twice but wasn't the file supposed to be called OTListIt.txt?):
OTL logfile created on: 06/06/2010 20:04:22 - Run 2
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\owner\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000040d | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 375.94 Gb Free Space | 80.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ORIVENITZAN
Current User Name: owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Users\owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\msfeedssync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
PRC - C:\Windows\System32\lxducoms.exe ( )
PRC - C:\Windows\System32\spool\drivers\w32x86\3\lxduserv.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
========== Modules (SafeList) ========== MOD - C:\Users\owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (CSIScanner) -- C:\Program Files\Prevx\prevx.exe (Prevx)
SRV - (lxdu_device) -- C:\Windows\System32\lxducoms.exe ( )
SRV - (lxduCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe ()
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Norton AntiVirus) -- C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ========== DRV - (pxrts) -- C:\Windows\System32\drivers\pxrts.sys (Prevx)
DRV - (pxscan) -- C:\Windows\System32\drivers\pxscan.sys (Prevx)
DRV - (pxkbf) -- C:\Windows\System32\drivers\pxkbf.sys (Prevx)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100528.003\IDSvix86.sys (Symantec Corporation)
DRV - (lpypwb) -- C:\Windows\System32\drivers\lpypwb.sys ()
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100606.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100606.003\NAVENG.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\System32\Drivers\NAV\1008000.029\ccHPx86.sys (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NAV\1008000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NAV\1008000.029\SRTSP.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\System32\Drivers\NAV\1008000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\NAV\1008000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\NAV\1008000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\NAV\1008000.029\SYMNDISV.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NAV\1008000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (aksfridge) -- C:\Windows\system32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV - (Hardlock) -- C:\Windows\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2186487272-3208527863-4151074708-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ieIE - HKU\S-1-5-21-2186487272-3208527863-4151074708-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKU\S-1-5-21-2186487272-3208527863-4151074708-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.ynet.co.il/IE - HKU\S-1-5-21-2186487272-3208527863-4151074708-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2186487272-3208527863-4151074708-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ieIE - HKU\S-1-5-21-2186487272-3208527863-4151074708-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieIE - HKU\S-1-5-21-2186487272-3208527863-4151074708-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2010/06/02 19:14:59 | 000,000,806 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Lexmark סרגל כלים) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (no name) - {54B02808-B60E-44CD-A72D-9865117E4E62} - No CLSID value found.
O2 - BHO: (AGFormHelperObj Class) - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\Program Files\agat\AGForm\AGFormsHelper.dll (Agat)
O2 - BHO: (SafeOnline BHO) - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\Windows\System32\PxSecure.dll (Prevx)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (Lexmark סרגל כלים) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (AGForms) - {ed2e7de7-07db-4941-a06d-f780b93ba730} - C:\Program Files\agat\AGForm\AGForms.dll (Agat)
O3 - HKU\S-1-5-21-2186487272-3208527863-4151074708-1000\..\Toolbar\ShellBrowser: (Lexmark סרגל כלים) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-2186487272-3208527863-4151074708-1000\..\Toolbar\WebBrowser: (Lexmark סרגל כלים) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2186487272-3208527863-4151074708-1000..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.117.235.235 62.219.186.7
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\טפט גלריית התמונות של Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\טפט גלריית התמונות של Windows.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 00:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/06/06 19:27:24 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2010/06/03 19:46:57 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Apps
[2010/06/02 19:16:30 | 000,061,952 | ---- | C] (Prevx) -- C:\Windows\System32\PxSecure.dll
[2010/06/02 19:16:29 | 000,061,624 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2010/06/02 19:16:29 | 000,030,320 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys
[2010/06/02 19:16:26 | 000,024,400 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys
[2010/06/02 19:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2010/06/02 19:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2010/06/02 19:00:43 | 000,934,320 | ---- | C] (Prevx) -- C:\Users\owner\Desktop\PREVXCSIFREE.EXE
[2010/06/02 18:36:25 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\owner\Desktop\mbam-setup-1.46.exe
[2010/06/02 18:31:27 | 000,000,000 | ---D | C] -- C:\Users\owner\DoctorWeb
[2010/06/02 18:21:18 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\RootRepeal
[2010/05/31 23:13:04 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Users\owner\Desktop\fsbl.exe
[2010/05/27 07:15:07 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\RegRun2
[2010/05/27 07:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/05/27 00:54:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/05/26 23:37:05 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes
[2010/05/26 23:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/26 23:23:34 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\owner\Desktop\HijackThis.exe
[2010/05/26 21:28:50 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/05/26 21:25:22 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/05/26 21:14:57 | 000,000,000 | RHSD | C] -- C:\RECYCLER
[2010/05/26 19:54:00 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\תמונות נבחרות
[2009/11/10 08:18:58 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll
[2009/11/10 08:18:54 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll
[2009/10/15 22:32:46 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxducoin.dll
[2009/08/03 22:55:46 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll
[2009/08/03 22:55:45 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll
[2009/08/03 22:55:45 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll
[2009/08/03 22:55:44 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll
[2009/08/03 22:55:44 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll
[2009/08/03 22:55:43 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll
[2009/08/03 22:55:41 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll
[2009/08/03 22:55:39 | 000,761,856 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll
========== Files - Modified Within 30 Days ========== [2010/06/06 20:04:57 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8C378682-0261-44B6-958F-7E72ECCF7EE4}.job
[2010/06/06 20:04:25 | 002,883,584 | -HS- | M] () -- C:\Users\owner\ntuser.dat
[2010/06/06 19:53:42 | 000,034,895 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/06/06 19:53:41 | 000,034,895 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/06/06 19:53:26 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/06 19:53:26 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/06 19:53:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/06 19:53:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/06 19:52:07 | 000,524,288 | -HS- | M] () -- C:\Users\owner\ntuser.dat{2f2e13c5-5acc-11df-bb54-0024219c46ab}.TMContainer00000000000000000001.regtrans-ms
[2010/06/06 19:52:07 | 000,065,536 | -HS- | M] () -- C:\Users\owner\ntuser.dat{2f2e13c5-5acc-11df-bb54-0024219c46ab}.TM.blf
[2010/06/06 19:52:04 | 005,794,204 | -H-- | M] () -- C:\Users\owner\AppData\Local\IconCache.db
[2010/06/06 19:45:42 | 373,504,896 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/06/06 19:32:56 | 000,293,376 | ---- | M] () -- C:\Users\owner\Desktop\8eftkxbf.exe
[2010/06/06 19:27:30 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2010/06/06 00:24:38 | 000,049,664 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/02 23:58:58 | 000,033,280 | ---- | M] () -- C:\Users\owner\Documents\קורות חיים ניצן רדזינר.doc
[2010/06/02 23:58:24 | 000,033,280 | ---- | M] () -- C:\Users\owner\Documents\קורות חיים - ניצן ארמה[1].doc
[2010/06/02 19:53:06 | 000,451,584 | ---- | M] () -- C:\Users\owner\Desktop\CKScanner.exe
[2010/06/02 19:16:30 | 000,061,952 | ---- | M] (Prevx) -- C:\Windows\System32\PxSecure.dll
[2010/06/02 19:16:29 | 000,061,624 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2010/06/02 19:16:29 | 000,030,320 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys
[2010/06/02 19:16:26 | 000,024,400 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys
[2010/06/02 19:14:59 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/06/02 19:00:52 | 000,934,320 | ---- | M] (Prevx) -- C:\Users\owner\Desktop\PREVXCSIFREE.EXE
[2010/06/02 18:37:03 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\owner\Desktop\mbam-setup-1.46.exe
[2010/06/02 18:28:45 | 000,000,137 | ---- | M] () -- C:\Users\owner\AppData\Roaming\default.rss
[2010/06/02 18:24:04 | 042,657,480 | ---- | M] () -- C:\Users\owner\Desktop\l9hyt7ff.exe
[2010/06/02 18:16:55 | 000,465,298 | ---- | M] () -- C:\Users\owner\Desktop\RootRepeal.rar
[2010/05/31 23:13:10 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Users\owner\Desktop\fsbl.exe
[2010/05/31 22:22:06 | 001,253,826 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/31 22:22:06 | 000,644,676 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/31 22:22:06 | 000,406,822 | ---- | M] () -- C:\Windows\System32\perfh00D.dat
[2010/05/31 22:22:06 | 000,120,282 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/31 22:22:06 | 000,088,136 | ---- | M] () -- C:\Windows\System32\perfc00D.dat
[2010/05/27 07:15:26 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/05/27 07:15:26 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2010/05/27 07:15:26 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2010/05/27 07:08:29 | 000,446,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/27 07:05:33 | 000,001,152 | ---- | M] () -- C:\Windows\System32\drivers\lpypwb.sys
[2010/05/27 00:18:47 | 000,001,356 | ---- | M] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2010/05/26 23:23:37 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\owner\Desktop\HijackThis.exe
[2010/05/25 21:06:16 | 000,080,983 | ---- | M] () -- C:\Users\owner\Desktop\מסמך.rtf
[2010/05/24 09:33:05 | 000,010,883 | ---- | M] () -- C:\Users\owner\Desktop\אישור.docx
[2010/05/23 11:16:48 | 000,048,492 | ---- | M] () -- C:\Users\owner\Desktop\Sylab_Isr2(2010)__Yom[1].docx
[2010/05/09 22:12:57 | 000,076,800 | ---- | M] () -- C:\Users\owner\Desktop\1_108057297.doc
[2010/05/08 21:18:13 | 000,524,288 | -HS- | M] () -- C:\Users\owner\ntuser.dat{2f2e13c5-5acc-11df-bb54-0024219c46ab}.TMContainer00000000000000000002.regtrans-ms
[2010/05/08 21:09:15 | 000,524,288 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/05/08 21:09:15 | 000,065,536 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
========== Files Created - No Company Name ========== [2010/06/06 19:32:53 | 000,293,376 | ---- | C] () -- C:\Users\owner\Desktop\8eftkxbf.exe
[2010/06/02 23:58:58 | 000,033,280 | ---- | C] () -- C:\Users\owner\Documents\קורות חיים ניצן רדזינר.doc
[2010/06/02 19:53:03 | 000,451,584 | ---- | C] () -- C:\Users\owner\Desktop\CKScanner.exe
[2010/06/02 18:20:09 | 042,657,480 | ---- | C] () -- C:\Users\owner\Desktop\l9hyt7ff.exe
[2010/06/02 18:16:51 | 000,465,298 | ---- | C] () -- C:\Users\owner\Desktop\RootRepeal.rar
[2010/05/27 07:15:26 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2010/05/26 21:28:34 | 373,504,896 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/26 21:15:11 | 000,001,152 | ---- | C] () -- C:\Windows\System32\drivers\lpypwb.sys
[2010/05/25 20:18:16 | 000,080,983 | ---- | C] () -- C:\Users\owner\Desktop\מסמך.rtf
[2010/05/24 09:33:05 | 000,010,883 | ---- | C] () -- C:\Users\owner\Desktop\אישור.docx
[2010/05/23 11:16:55 | 000,048,492 | ---- | C] () -- C:\Users\owner\Desktop\Sylab_Isr2(2010)__Yom[1].docx
[2010/05/09 22:11:57 | 000,076,800 | ---- | C] () -- C:\Users\owner\Desktop\1_108057297.doc
[2010/05/08 21:18:13 | 000,524,288 | -HS- | C] () -- C:\Users\owner\ntuser.dat{2f2e13c5-5acc-11df-bb54-0024219c46ab}.TMContainer00000000000000000002.regtrans-ms
[2010/05/08 21:18:13 | 000,524,288 | -HS- | C] () -- C:\Users\owner\ntuser.dat{2f2e13c5-5acc-11df-bb54-0024219c46ab}.TMContainer00000000000000000001.regtrans-ms
[2010/05/08 21:18:13 | 000,065,536 | -HS- | C] () -- C:\Users\owner\ntuser.dat{2f2e13c5-5acc-11df-bb54-0024219c46ab}.TM.blf
[2009/12/12 10:46:10 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/12/12 10:46:10 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/12/12 10:46:07 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/12/12 10:46:06 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/12/12 10:46:06 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/12/12 10:46:03 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/12/12 10:46:03 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/11/10 08:18:47 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll
[2009/10/14 13:36:24 | 000,102,400 | ---- | C] () -- C:\Windows\System32\lxduinsr.dll
[2009/10/14 13:36:20 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxducur.dll
[2009/10/14 13:36:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\lxdujswr.dll
[2009/09/24 04:54:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 23:00:54 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll
[2009/08/03 22:59:33 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll
[2009/08/03 22:59:32 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll
[2009/08/03 22:59:32 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll
[2009/08/03 22:59:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXDUPMON.DLL
[2009/08/03 22:59:15 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXDUFXPU.DLL
[2009/08/03 22:58:55 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxduoem.dll
[2009/08/03 22:56:41 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdurwrd.ini
[2009/08/03 22:55:46 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDUinst.dll
[2009/02/25 12:21:26 | 000,072,192 | R--- | C] () -- C:\Windows\System32\zlibwapi.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006/11/02 10:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
========== Alternate Data Streams ========== @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A9662AE0
< End of report >
the second is Extras.txt:
OTL Extras logfile created on: 06/06/2010 19:28:38 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\owner\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000040d | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 375.93 Gb Free Space | 80.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ORIVENITZAN
Current User Name: owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"16874:TCP" = 16874:TCP:*:Enabled:spport
"6301:TCP" = 6301:TCP:*:Enabled:spport
"17872:TCP" = 17872:TCP:*:Enabled:spport
"18226:TCP" = 18226:TCP:*:Enabled:spport
"5163:TCP" = 5163:TCP:*:Enabled:spport
"14808:TCP" = 14808:TCP:*:Enabled:spport
"6316:TCP" = 6316:TCP:*:Enabled:spport
"25187:TCP" = 25187:TCP:*:Enabled:spport
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{240DA6AA-B2C8-4D78-8A67-AA4C91EEF435}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C30B1F3-8F56-4275-8B0C-35CB55C07B7C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83616D27-96BB-49F4-8350-0D82F0265A0F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{865E1A05-DFD2-4A0E-ADFC-3A5D2899A43A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8A8AE1F5-A35A-4FCA-9AC0-D3EB4554DA3F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{97F8AF82-D79F-41BF-86CB-B5A04FF0EA27}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA102873-3016-4FED-A144-E5FCE7B68B50}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BBE32857-EE35-410C-927F-C7B15D331E00}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C5E8CE79-6129-4351-8841-248254D90DDA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC271173-30E3-44D0-9E21-8679A284499B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D4F9D3-4CA4-4B34-86DE-95452E70820E}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"{0270D855-69F6-4A72-B4F5-9FE45D583E99}" = protocol=6 | dir=out | app=system |
"{098362CC-5BBD-43C6-A092-B96B4760ADFB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0AD2C18F-8CC7-4E03-9B6D-640C4B10803A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1787CE43-B480-409D-A474-70CCA07EED93}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{20224D57-7C70-40F7-AF8F-1B89813D0C16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4059}" = protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4060}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{2E00E7D0-BF32-4D2B-BCE2-3DA4F619B91C}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{33E6E634-38A7-428D-8C62-E57A5759D7EE}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{390E2F52-4BC1-4646-A34F-E6066850D73F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41508AD5-16E4-46B7-A6EF-9605CF8F07E2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5356E21E-5D16-4FC8-9872-78085C7734DE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{55C08008-B945-4B0D-8232-8D76999B871E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6007770B-F68B-4142-9A48-AED501CCDCF2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D8A5C99-8811-4847-8291-80D263E9A200}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe |
"{93A91EBA-B31D-46D5-9C2D-1C6FAB834128}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{94DE4AAA-8563-48C6-912B-29FB1DCB574F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9C1BA01B-3FA4-4CB7-9A65-2529C3291E86}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{9D57DB43-70AF-4831-96CD-A06375C9B8B5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB8C06CD-75DA-402E-98C5-C08C7EEF2251}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4788211-D9B2-40D0-8834-481B94D89368}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B5F42978-9011-49F8-84F1-472DB67F5335}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{B6569465-DEB4-4CE6-97D5-3B615863A001}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{B79B36A6-3BB5-47C3-94C5-51582ECCF6C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C26C464A-F0CE-4208-832F-DAC2E6BE8364}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{D12F654C-280A-4F5C-A8D9-C17689E8C6A9}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{ED19F123-2FB5-409E-A632-1A694312AC7C}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"{F3DB1391-CD6E-4D33-B0A2-AD051D91A083}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe |
"{F57F714C-DB4E-4EA4-A4B1-DFEC422750C5}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"TCP Query User{3BCFDFE0-2188-4328-A85F-66D958A9E255}C:\users\owner\appdata\local\temp\wnhqinrh.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\wnhqinrh.exe |
"TCP Query User{9B8EB63B-2D32-4919-8DAD-48B98ACC7775}C:\program files\dap\dap.exe" = protocol=6 | dir=in | app=c:\program files\dap\dap.exe |
"TCP Query User{A9C29A4B-9DEA-4190-B703-85FCA0E9B21E}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{B777684B-DA93-44F1-8283-871C605F04C3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C7D91E96-19C4-47C6-ACE9-61E97B0B9EF8}C:\users\owner\appdata\local\temp\wnhqinrh.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\wnhqinrh.exe |
"UDP Query User{02DD3A62-4D8B-49C6-ADB0-47B8DF51FE7C}C:\users\owner\appdata\local\temp\wnhqinrh.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\wnhqinrh.exe |
"UDP Query User{4AC4FBE8-6716-48FB-BD97-7BBD24A4AB7E}C:\users\owner\appdata\local\temp\wnhqinrh.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\wnhqinrh.exe |
"UDP Query User{80C083B7-07A7-41B4-B7ED-7401E456C214}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{9A1F3325-FA86-4241-80C9-4151BF43B28A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{EC4F67EB-EBFF-4F53-B586-55E7193CD9B1}C:\program files\dap\dap.exe" = protocol=17 | dir=in | app=c:\program files\dap\dap.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark סרגל כלים
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{18880887-285F-4260-989B-8B22020D756F}" = E-GOV.IL Sign&Verify Software - AGForm toolbar
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{961688FD-5FD8-3D21-BE82-ACB1800EBEA2}" = Microsoft .NET Framework 3.5 Language Pack SP1 - heb
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DC05852F-1732-4538-A714-D584639484BE}" = Ligature
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{fdd2f775-1e06-4ac2-96d0-3484e2f61a25}" = Nero 9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.5 (Full)
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Microsoft .NET Framework 3.5 Language Pack SP1 - heb" = ערכת שפה של Microsoft .NET Framework 3.5 SP1 - heb
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NAV" = Norton AntiVirus
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"PCSI" = Prevx
"Picasa 3" = Picasa 3
"SubtitleWorkshop" = Subtitle Workshop 2.51
"WinDjView" = WinDjView 1.0.3
"WinRAR archiver" = WinRAR archiver
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2186487272-3208527863-4151074708-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 01/06/2010 14:17:06 | Computer Name = OriVeNitzan | Source = Application Hang | ID = 1002
Description = התוכנית WINWORD.EXE מגירסה 12.0.4518.1014 הפסיקה לקיים אינטראקציה
עם Windows ונסגרה. כדי לברר אם זמין מידע נוסף אודות הבעיה, בדוק את היסטוריית הבעיה
בלוח הבקרה של פתרונות ודוחות של בעיות. מזהה תהליך: 10c8 זמן התחלה: 01cb018ddb224f4a
זמן
סיום: 2
Error - 02/06/2010 00:25:59 | Computer Name = OriVeNitzan | Source = Application Hang | ID = 1002
Description = התוכנית ccSvcHst.exe מגירסה 108.1.1.10 הפסיקה לקיים אינטראקציה עם
Windows ונסגרה. כדי לברר אם זמין מידע נוסף אודות הבעיה, בדוק את היסטוריית הבעיה
בלוח הבקרה של פתרונות ודוחות של בעיות. מזהה תהליך: fa0 זמן התחלה: 01cb00fd0f43b933
זמן
סיום: 60000
Error - 02/06/2010 00:29:48 | Computer Name = OriVeNitzan | Source = WinMgmt | ID = 10
Description =
Error - 02/06/2010 11:28:11 | Computer Name = OriVeNitzan | Source = Perflib | ID = 1010
Description =
Error - 02/06/2010 12:26:17 | Computer Name = OriVeNitzan | Source = VSS | ID = 8194
Description =
Error - 02/06/2010 12:54:24 | Computer Name = OriVeNitzan | Source = Application Hang | ID = 1002
Description = התוכנית CKScanner.exe מגירסה 1.6.1.0 הפסיקה לקיים אינטראקציה עם
Windows ונסגרה. כדי לברר אם זמין מידע נוסף אודות הבעיה, בדוק את היסטוריית הבעיה
בלוח הבקרה של פתרונות ודוחות של בעיות. מזהה תהליך: 408 זמן התחלה: 01cb027422a83708
זמן
סיום: 2
Error - 03/06/2010 11:41:42 | Computer Name = OriVeNitzan | Source = WinMgmt | ID = 10
Description =
Error - 03/06/2010 15:19:28 | Computer Name = OriVeNitzan | Source = Application Hang | ID = 1002
Description = התוכנית CKScanner.exe מגירסה 1.6.1.0 הפסיקה לקיים אינטראקציה עם
Windows ונסגרה. כדי לברר אם זמין מידע נוסף אודות הבעיה, בדוק את היסטוריית הבעיה
בלוח הבקרה של פתרונות ודוחות של בעיות. מזהה תהליך: cd4 זמן התחלה: 01cb035196220f8f
זמן
סיום: 2
Error - 04/06/2010 09:56:49 | Computer Name = OriVeNitzan | Source = WinMgmt | ID = 10
Description =
Error - 05/06/2010 13:42:12 | Computer Name = OriVeNitzan | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 27/04/2010 09:20:50 | Computer Name = OriVeNitzan | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25058
seconds with 6960 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 02/06/2010 12:25:59 | Computer Name = OriVeNitzan | Source = LSM | ID = 1048
Description =
Error - 02/06/2010 12:26:04 | Computer Name = OriVeNitzan | Source = LSM | ID = 1048
Description =
Error - 02/06/2010 12:27:28 | Computer Name = OriVeNitzan | Source = LSM | ID = 1048
Description =
Error - 03/06/2010 11:41:07 | Computer Name = OriVeNitzan | Source = EventLog | ID = 6008
Description = The previous system shutdown at 18:24:11 on 03/06/2010 was unexpected.
Error - 03/06/2010 11:41:40 | Computer Name = OriVeNitzan | Source = LSM | ID = 1048
Description =
Error - 03/06/2010 11:41:43 | Computer Name = OriVeNitzan | Source = Service Control Manager | ID = 7026
Description =
Error - 04/06/2010 09:56:53 | Computer Name = OriVeNitzan | Source = LSM | ID = 1048
Description =
Error - 04/06/2010 09:56:53 | Computer Name = OriVeNitzan | Source = Service Control Manager | ID = 7026
Description =
Error - 05/06/2010 13:42:12 | Computer Name = OriVeNitzan | Source = LSM | ID = 1048
Description =
Error - 05/06/2010 13:42:12 | Computer Name = OriVeNitzan | Source = Service Control Manager | ID = 7026
Description =
< End of report >
Thank you again, and let me know what to do next!