Hi guys

I have the Trojan-Downloader.Win32.VB.ahk in my PC and I can't removed it.

I tried Malware, Spybot, NOD32 and Bitdefender (online ver), they romve all the other Trojans but non can even detect nur remove the Win32.VB.ahk (I know it is there acoring to the files and precess it opens - see http://www.spywarelib.com/remove--Trojan-D...er-VB-ahk.html).

Please help !

K.

______________

TLC - failed to clean about 40mb (even after 7 restarts).

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/24 00:50
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: Fs_Rec
Image Path: \FileSystem\Fs_Rec
Address: 0xF7D45000 Size: 7936 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: Fs_Rec
Image Path: \FileSystem\Fs_Rec
Address: 0xF7D4B000 Size: 7936 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: nwfilter.sys
Image Path: nwfilter.sys
Address: 0xF7C41000 Size: 15808 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB7027000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x804d7553

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x804d755d

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x804d754e

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x804d7562

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x804d7567

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x804d7576

#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x804d7571

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x804d756c

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x804d7558

==EOF==

OTL logfile created on: 8/24/2009 12:51:26 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = D:\My Documents\My Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.92 Mb Total Physical Memory | 406.97 Mb Available Physical Memory | 39.79% Memory free
1.39 Gb Paging File | 0.87 Gb Available in Paging File | 62.57% Paging File free
Paging file location(s): D:\pagefile.sys 500 500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.62 Gb Total Space | 0.32 Gb Free Space | 2.06% Space Free | Partition Type: NTFS
Drive D: | 21.64 Gb Total Space | 7.03 Gb Free Space | 32.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: REUVENSNB1
Current User Name: ReuvenSNB1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2006/05/02 10:17:16 | 00,061,440 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\Novell\XTAgent.exe
PRC - [2008/09/29 11:17:54 | 00,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\System32\ibmpmsvc.exe
PRC - [2007/02/07 00:33:40 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2007/11/19 15:40:08 | 01,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2008/10/27 11:03:52 | 00,090,112 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009/01/09 17:13:28 | 01,951,376 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
PRC - [2007/11/19 16:00:38 | 00,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/08/09 15:58:34 | 01,757,696 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\hasplms.exe
PRC - [2009/01/30 02:08:28 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2004/08/04 15:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe
PRC - [2009/08/03 13:36:16 | 00,232,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2006/06/13 08:52:18 | 00,113,152 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\nalntsrv.exe
PRC - [2009/05/05 11:04:14 | 00,963,880 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
PRC - [2005/03/14 13:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2008/11/18 11:01:20 | 00,139,912 | ---- | M] (SPAMfighter) -- C:\Program Files\Fighters\configservice.exe
PRC - [2007/11/19 15:35:46 | 00,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/05/09 11:59:00 | 00,167,936 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
PRC - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2007/09/26 18:34:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2008/03/04 11:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2006/06/13 08:57:32 | 00,151,104 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\wm.exe
PRC - [2008/10/27 11:02:30 | 00,217,088 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2008/10/20 11:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/05/05 11:04:12 | 00,996,648 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
PRC - [2008/11/18 11:01:26 | 00,283,272 | ---- | M] (SPAMfighter) -- C:\Program Files\Fighters\licenseservice.exe
PRC - [2009/05/05 11:04:20 | 00,296,224 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\TEMP\HF2925.EXE
PRC - [2008/11/18 11:01:30 | 00,307,848 | ---- | M] (SPAMfighter) -- C:\Program Files\Fighters\updateservice.exe
PRC - [2009/02/06 13:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/11/18 11:01:28 | 00,311,944 | ---- | M] (SPAMfighter) -- C:\Program Files\Fighters\ScannerService.exe
PRC - [2006/06/13 08:57:30 | 00,012,224 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
PRC - [2008/10/27 11:03:32 | 00,135,168 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009/05/05 11:04:02 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
PRC - [2008/08/17 10:35:12 | 00,652,552 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\tmproxy.exe
PRC - [2008/08/17 10:35:34 | 00,435,576 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2008/04/14 03:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2007/02/07 00:33:40 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2009/07/18 09:36:22 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/07/18 09:36:22 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PRC - [2008/04/14 03:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/12/31 14:28:02 | 03,961,064 | ---- | M] (Babylon Ltd.) -- C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
PRC - [2009/05/05 11:04:14 | 00,718,120 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
PRC - [2009/01/09 17:13:26 | 00,669,840 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteui.exe
PRC - [2002/03/12 12:37:28 | 00,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\NWTRAY.EXE
PRC - [2006/10/23 01:24:00 | 00,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/11/18 11:01:58 | 00,180,872 | ---- | M] (SPAMfighter) -- C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
PRC - [2009/01/22 22:51:14 | 03,581,680 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2009/01/24 00:12:30 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/08/24 08:50:38 | 00,514,048 | ---- | M] (OldTimer Tools) -- D:\My Documents\My Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/10/27 11:03:52 | 00,090,112 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc [Auto | Running])
SRV - [2008/10/27 11:02:30 | 00,217,088 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/02/07 00:33:40 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/01/09 17:13:28 | 01,951,376 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/08/11 16:51:04 | 00,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\cusrvc.exe -- (cusrvc [On_Demand | Stopped])
SRV - [2007/11/19 16:00:38 | 00,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2009/01/24 00:12:30 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/07/18 09:36:22 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate [Disabled | Stopped])
SRV - [2009/01/26 19:22:37 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
SRV - [2007/08/09 15:58:34 | 01,757,696 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\hasplms.exe -- (hasplms [Auto | Running])
SRV - [2008/04/14 03:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/05/20 11:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBPRO.EXE -- (HP Port Resolver [On_Demand | Stopped])
SRV - [2004/10/16 06:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBOID.EXE -- (HP Status Server [On_Demand | Stopped])
SRV - [2008/09/29 11:17:54 | 00,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\System32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/04/14 03:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2009/01/30 02:08:28 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2004/08/04 15:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe -- (LPDSVC [Auto | Running])
SRV - [2009/08/03 13:36:16 | 00,232,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - File not found -- -- (MTBService [Auto | Stopped])
SRV - [2006/06/13 08:52:18 | 00,113,152 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\nalntsrv.exe -- (NALNTSERVICE [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/05/05 11:04:14 | 00,963,880 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/03/14 13:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2008/11/18 11:01:26 | 00,283,272 | ---- | M] (SPAMfighter) -- C:\Program Files\Fighters\licenseservice.exe -- (PTK License-FIGHTERS-297811811 [Auto | Running])
SRV - [2008/11/18 11:01:30 | 00,307,848 | ---- | M] (SPAMfighter) -- C:\Program Files\Fighters\updateservice.exe -- (PTK Live Update-FIGHTERS-297811811 [Auto | Running])
SRV - [2008/11/18 11:01:28 | 00,311,944 | ---- | M] (SPAMfighter) -- C:\Program Files\Fighters\ScannerService.exe -- (PTK Scanner-FIGHTERS-297811811 [Auto | Running])
SRV - [2008/11/18 11:01:20 | 00,139,912 | ---- | M] (SPAMfighter) -- C:\Program Files\Fighters\configservice.exe -- (PTK SharedAccess-FIGHTERS-297811811 [Auto | Running])
SRV - [2007/11/19 15:35:46 | 00,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2006/05/09 11:59:00 | 00,167,936 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe -- (Remote Management Agent [Auto | Running])
SRV - [2007/11/19 15:40:08 | 01,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2008/10/20 11:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService [Auto | Running])
SRV - [2007/09/26 18:34:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service [Auto | Running])
SRV - [2009/05/05 11:04:12 | 00,996,648 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten [Auto | Running])
SRV - [2009/05/05 11:04:02 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw [On_Demand | Running])
SRV - [2008/08/17 10:35:12 | 00,652,552 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy [On_Demand | Running])
SRV - [2006/06/29 22:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\TpKmpSVC.exe -- (TpKmpSVC [Disabled | Stopped])
SRV - [2008/03/04 11:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler [Auto | Running])
SRV - [2006/05/12 16:04:08 | 00,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4 [Disabled | Stopped])
SRV - [2006/05/02 10:17:16 | 00,061,440 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\System32\Novell\XTAgent.exe -- (XTAgent [Auto | Running])
SRV - [2006/06/13 08:57:32 | 00,151,104 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\wm.exe -- (ZFDWM [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cybergrants.com/pls/cybergrants...al_type_id=4680
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.tau.ac.il:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: check4change-owner@mozdev.org:1.6
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.2
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.30.0
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:5.0.20090324W
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:3.8
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.2.0.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.7.4pre.090726
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..network.proxy.autoconfig_url: "http://www.tau.ac.il/remote.pac"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/30 02:08:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/07/18 09:40:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/22 18:46:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/05 09:44:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/10 11:45:12 | 00,000,000 | ---D | M]

[2009/03/15 14:22:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ReuvenSNB1New\Application Data\mozilla\Extensions
[2009/03/15 14:22:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ReuvenSNB1New\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/22 23:34:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ReuvenSNB1New\Application Data\mozilla\Firefox\Profiles\zfe2j6l7.default\extensions
[2009/08/22 22:24:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ReuvenSNB1New\Application Data\mozilla\Firefox\Profiles\zfe2j6l7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/02 10:42:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ReuvenSNB1New\Application Data\mozilla\Firefox\Profiles\zfe2j6l7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/05/29 01:48:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ReuvenSNB1New\Application Data\mozilla\Firefox\Profiles\zfe2j6l7.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/06/15 15:43:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ReuvenSNB1New\Application Data\mozilla\Firefox\Profiles\zfe2j6l7.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/07/31 16:04:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ReuvenSNB1New\Application Data\mozilla\Firefox\Profiles\zfe2j6l7.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/07/02 09:56:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ReuvenSNB1New\Application Data\mozilla\Firefox\Profiles\zfe2j6l7.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/07/31 15:22:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ReuvenSNB1New\Application Data\mozilla\Firefox\Profiles\zfe2j6l7.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2009/08/17 18:54:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ReuvenSNB1New\Application Data\mozilla\Firefox\Profiles\zfe2j6l7.default\extensions\check4change-owner@mozdev.org
[2009/05/17 10:20:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ReuvenSNB1New\Application Data\mozilla\Firefox\Profiles\zfe2j6l7.default\extensions\foxmarks@kei.com
[2009/08/22 23:34:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/05 09:44:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/22 19:06:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/08/05 09:44:05 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/05 09:44:05 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/01/30 02:08:28 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/05 09:44:06 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 20:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2006/10/23 01:24:00 | 00,091,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/14 10:26:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/14 10:26:20 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/14 10:26:20 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/14 10:26:20 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/14 10:26:20 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/14 10:26:21 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/14 10:26:21 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/01 12:24:39 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/01 12:24:39 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/17 09:15:23 | 00,002,194 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2009/07/01 12:24:39 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/01 12:24:39 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/01 12:24:39 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/01 12:24:39 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/01 12:24:39 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (323503 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 11099 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyB0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\NWTRAY.EXE (Novell, Inc.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [spywarefighterguard] C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe (SPAMfighter)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1025-0000-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\ReuvenSNB1New\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &??? ?- Microsoft Excel - Reg Error: Value error. File not found
O8 - Extra context menu item: &יצא ל- Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Translate with &Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\netware\NWWS2NDS.DLL (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\netware\NWWS2SAP.DLL (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\System32\netware\NWWS2SLP.DLL (Novell, Inc.)
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: cybergrants.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1232617234564 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Program Files\PowerPlugs\Viewer\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ncbi8 {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Program Files\Invitrogen\Vector NTI Advance 11\Ncbi.dll (Informax Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (ziswin.exe) - C:\WINDOWS\System32\ziswin.exe (Novell)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\NWGINA.DLL (Novell, Inc.)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-6966974329-9066630733-583480967-1949\nissan.exe) - C:\RECYCLER\S-1-5-21-6966974329-9066630733-583480967-1949\nissan.exe ()
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NetIdentity Notification: DllName - C:\WINDOWS\system32\Novell\XtNotify.dll - C:\WINDOWS\System32\Novell\XtNotify.dll (Novell, Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files\Novell\ZENworks\NalShell.dll (Novell, Inc)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/22 09:38:28 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/22 02:08:35 | 00,000,046 | ---- | M] () - C:\AUTOEXEC.SOL -- [ NTFS ]
O33 - MountPoints2\{00a31440-16cc-11de-a592-0012f07bc625}\Shell\AutoRun\command - "" = E:\SWORDFISH\maki.exe -- File not found
O33 - MountPoints2\{00a31440-16cc-11de-a592-0012f07bc625}\Shell\explore\command - "" = E:\.\\SWORDFISH\\\maki.exe -- File not found
O33 - MountPoints2\{00a31440-16cc-11de-a592-0012f07bc625}\Shell\open\command - "" = E:\SWORDFISH\\\\\maki.exe -- File not found
O33 - MountPoints2\{81023074-eab9-11dd-a54e-0012f07bc625}\Shell - "" = AutoRun
O33 - MountPoints2\{81023074-eab9-11dd-a54e-0012f07bc625}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{81023074-eab9-11dd-a54e-0012f07bc625}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/08/24 00:43:37 | 00,000,000 | ---- | C] () -- D:\My Documents\My Desktop\settings.dat
[2009/08/24 00:13:02 | 00,514,048 | ---- | C] (OldTimer Tools) -- D:\My Documents\My Desktop\OTL.exe
[2009/08/24 00:12:56 | 00,272,384 | ---- | C] (OldTimer Tools) -- D:\My Documents\My Desktop\TFC.exe
[2009/08/24 00:12:55 | 00,472,064 | ---- | C] ( ) -- D:\My Documents\My Desktop\RootRepeal.exe
[2009/08/23 00:45:28 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/08/23 00:44:52 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2009/08/23 00:42:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2009/08/22 23:45:21 | 00,001,891 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SPYWAREfighter.lnk
[2009/08/22 23:41:21 | 00,000,000 | ---D | C] -- C:\Program Files\Fighters
[2009/08/22 23:41:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2009/08/22 18:32:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/08/22 18:19:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/08/22 18:19:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/08/22 18:19:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/08/22 18:19:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/08/22 18:10:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/08/22 17:21:23 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/22 10:00:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009/08/22 00:35:39 | 00,000,089 | ---- | C] () -- D:\My Documents\My Desktop\Remove Trojan-Downloader.VB.ahk Spyware Removal Information.URL
[2009/08/22 00:35:37 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/08/22 00:35:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/08/14 09:27:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ReuvenSNB1New\Local Settings\Application Data\Temp
[2009/08/13 10:35:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/08/13 07:51:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/08/10 12:32:30 | 00,000,000 | ---D | C] -- D:\My Documents\Updater5
[2009/08/10 11:53:10 | 00,070,906 | ---- | C] () -- D:\My Documents\My Desktop\Lior Mayo - CV Aug 2009.pdf
[2009/08/10 11:45:17 | 00,001,848 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2009/08/10 11:45:13 | 00,002,337 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/08/10 01:19:33 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat

========== Files - Modified Within 14 Days ==========

[2009/08/24 08:50:38 | 00,514,048 | ---- | M] (OldTimer Tools) -- D:\My Documents\My Desktop\OTL.exe
[2009/08/24 08:49:22 | 00,472,064 | ---- | M] ( ) -- D:\My Documents\My Desktop\RootRepeal.exe
[2009/08/24 08:47:12 | 00,272,384 | ---- | M] (OldTimer Tools) -- D:\My Documents\My Desktop\TFC.exe
[2009/08/24 01:00:52 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-920026266-1343024091-1003.job
[2009/08/24 00:43:43 | 00,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/08/24 00:43:37 | 00,000,000 | ---- | M] () -- D:\My Documents\My Desktop\settings.dat
[2009/08/24 00:43:09 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/24 00:43:02 | 00,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/24 00:41:19 | 00,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/08/24 00:41:00 | 00,001,004 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-920026266-1343024091-1007UA.job
[2009/08/24 00:35:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/24 00:35:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/23 09:22:28 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/08/22 23:45:21 | 00,001,891 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SPYWAREfighter.lnk
[2009/08/22 19:41:08 | 00,001,007 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/22 19:41:08 | 00,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/22 19:41:08 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/08/22 19:41:03 | 00,000,952 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-920026266-1343024091-1007Core.job
[2009/08/22 18:36:10 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/08/22 18:35:28 | 02,214,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/22 18:35:17 | 00,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/22 18:35:17 | 00,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/22 18:35:17 | 00,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/22 18:15:16 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/08/22 17:21:23 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/22 13:01:20 | 00,000,498 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for ReuvenSNB1.job
[2009/08/22 09:38:28 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/08/22 02:08:35 | 00,000,046 | ---- | M] () -- C:\AUTOEXEC.SOL
[2009/08/22 01:00:02 | 00,323,503 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/22 00:59:42 | 00,323,503 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090822-010002.backup
[2009/08/22 00:35:39 | 00,000,089 | ---- | M] () -- D:\My Documents\My Desktop\Remove Trojan-Downloader.VB.ahk Spyware Removal Information.URL
[2009/08/18 18:42:26 | 00,000,640 | ---- | M] () -- D:\My Documents\quosasdddm.properties
[2009/08/11 19:13:05 | 00,005,632 | ---- | M] () -- C:\Documents and Settings\ReuvenSNB1New\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/10 20:58:27 | 00,093,848 | ---- | M] () -- C:\Documents and Settings\ReuvenSNB1New\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/10 11:53:10 | 00,070,906 | ---- | M] () -- D:\My Documents\My Desktop\Lior Mayo - CV Aug 2009.pdf
[2009/08/10 11:45:17 | 00,001,848 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2009/08/10 10:32:16 | 00,053,248 | ---- | M] () -- D:\My Documents\My Desktop\Lior Mayo - CV Aug 2009.doc

========== LOP Check ==========

[2009/08/22 23:41:21 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/02/01 14:53:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACASystems
[2009/01/24 00:23:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALM
[2009/08/24 00:44:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2009/01/23 01:21:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2009/08/22 23:41:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2009/02/04 22:25:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/03/03 17:31:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Informax
[2009/01/22 14:28:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009/01/22 23:11:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\StatSoft
[2009/08/23 10:08:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/22 14:30:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2009/08/22 23:40:28 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\ReuvenSNB1New\Application Data
[2009/08/22 12:06:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ReuvenSNB1New\Application Data\Babylon
[2009/08/23 11:06:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ReuvenSNB1New\Application Data\EndNote
[2009/03/23 21:16:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ReuvenSNB1New\Application Data\EZQuant
[2009/07/21 16:00:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ReuvenSNB1New\Application Data\SmartDraw
[2009/03/20 15:09:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ReuvenSNB1New\Application Data\StatSoft
[2009/08/23 11:36:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ReuvenSNB1New\Application Data\U3
[2009/03/15 21:26:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ReuvenSNB1New\Application Data\URSoft
[2004/08/04 15:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/24 00:43:02 | 00,000,890 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/08/24 00:41:19 | 00,000,894 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/08/24 01:00:52 | 00,000,946 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-920026266-1343024091-1003.job
[2009/08/22 19:41:03 | 00,000,952 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-920026266-1343024091-1007Core.job
[2009/08/24 00:41:00 | 00,001,004 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-920026266-1343024091-1007UA.job
[2009/08/22 13:01:20 | 00,000,498 | ---- | M] () -- C:\WINDOWS\Tasks\Malwarebytes' Scheduled Update for ReuvenSNB1.job
[2009/08/24 00:35:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/14 03:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/14 03:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13

========== Files - Unicode (All) ==========
[2005/06/28 23:16:38 | 00,000,000 | ---D | C](D:\My Documents\????? ??????????) -- D:\My Documents\הנדסה מולוקולרית
[2007/08/02 13:41:17 | 00,000,000 | ---D | M](D:\My Documents\????? ??????????) -- D:\My Documents\הנדסה מולוקולרית
[2009/06/08 09:12:00 | 00,000,000 | ---D | C](D:\My Documents\My Desktop\????? ??????) -- D:\My Documents\My Desktop\אסופת מאמרים
[2009/07/17 08:33:12 | 00,033,792 | ---- | C] ()(D:\My Documents\My Desktop\????? ????.doc) -- D:\My Documents\My Desktop\הצעיר אורי.doc
[2009/07/17 08:33:13 | 00,033,792 | ---- | M] ()(D:\My Documents\My Desktop\????? ????.doc) -- D:\My Documents\My Desktop\הצעיר אורי.doc
[2009/07/22 17:23:58 | 00,015,872 | ---- | C] ()(D:\My Documents\My Desktop\?????? ?????? ?????.xls) -- D:\My Documents\My Desktop\החלטות השקעות קצרות.xls
[2009/07/22 17:50:38 | 00,015,872 | ---- | M] ()(D:\My Documents\My Desktop\?????? ?????? ?????.xls) -- D:\My Documents\My Desktop\החלטות השקעות קצרות.xls
[2009/07/25 12:51:30 | 00,024,576 | ---- | C] ()(D:\My Documents\My Desktop\??.doc) -- D:\My Documents\My Desktop\לו.doc
[2009/07/25 12:51:30 | 00,024,576 | ---- | M] ()(D:\My Documents\My Desktop\??.doc) -- D:\My Documents\My Desktop\לו.doc
[2009/08/18 20:48:29 | 00,000,000 | ---D | M](D:\My Documents\My Desktop\????? ??????) -- D:\My Documents\My Desktop\אסופת מאמרים
< End of report >
OTL Extras logfile created on: 8/24/2009 12:51:26 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = D:\My Documents\My Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.92 Mb Total Physical Memory | 406.97 Mb Available Physical Memory | 39.79% Memory free
1.39 Gb Paging File | 0.87 Gb Available in Paging File | 62.57% Paging File free
Paging file location(s): D:\pagefile.sys 500 500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.62 Gb Total Space | 0.32 Gb Free Space | 2.06% Space Free | Partition Type: NTFS
Drive D: | 21.64 Gb Total Space | 7.03 Gb Free Space | 32.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: REUVENSNB1
Current User Name: ReuvenSNB1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\My Documents\Downloads\IMG009945-4-PHOTOBUCKET.exe" = D:\My Documents\Downloads\IMG009945-4-PHOTOBUCKET.exe:*:Enabled:svchosts -- File not found
"C:\Documents and Settings\ReuvenSNB1New\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\ReuvenSNB1New\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\ReuvenSNB1New\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\ReuvenSNB1New\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CDE246F-1197-4374-91BE-1C8927755298}" = V11CNT
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0FC497E5-4EC1-4FE7-98C0-9AF57021F818}" = V11CC
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{593E635B-6D3E-4CD8-ABAF-A2E6C55641A6}" = STATISTICA 8.0.360.0 English
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7878B1D4-B2CB-4EA8-9A0A-7E0575D23B96}" = ZENworks Desktop Management Agent
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{81BF6FB0-34E7-4897-A544-61AA6C3B1284}" = V11DT
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}" = EndNote X1
"{8B4AE751-7055-4518-87B0-E148A8D50D0A}" = Macromedia FreeHand MX
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{9011040D-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{901E0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 English User Interface Pack
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9611D325-5333-4415-8338-CA957D8564D0}" = V11PFAM
"{9876E8C6-F8D7-4F43-84D3-B97D177F9466}" = Vector NTI 11
"{9F98C9F8-9B49-411C-AFB9-AF633249FA7C}" = ThinkVantage Fingerprint Software 5.8
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A81A0CFE-7C45-46B8-93B4-8A4BEEC424E9}" = 7500 Fast System
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1025-0000-7760-000000000003}" = Adobe Acrobat 8 Professional - Middle Eastern, North African
"{B017026E-FC02-4CD4-A848-52447D60676B}" = V11NQ
"{B279F2F1-3B2F-3A96-AC11-5743CD43DCCB}" = Google Talk Plugin
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBC783B7-8725-3B1C-B49A-BA7F09391251}" = Google Talk Plugin
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA19EDB3-DF71-448F-AFBF-1EEB3ACB9B31}" = V11COM
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F724042F-367A-3B58-9BE3-8EF7A6F058D6}" = Google Gears
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe Acrobat 8 Professional - Middle Eastern, North African" = Adobe Acrobat 8 Professional - Middle Eastern, North African
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0.1 ME" = Adobe Photoshop 7.0.1 ME
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Babylon" = Babylon
"BackRex Expert Backup" = BackRex Expert Backup
"Carbonite Backup" = Carbonite
"Carl Zeiss LSM Image Browser" = LSM Image Browser, Release 4.2
"Chart" = PowerPlugs: Charts
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = ThinkPad Integrated 56K Modem
"FlowJo" = FlowJo
"HASP Emulator Professiaonal Edition V2.33 for Windows NT/W2K/XP" = HASP Emulator Professiaonal Edition V2.33 for Windows NT/W2K/XP
"HASP HL Device Driver" = HASP HL Device Driver
"HASP4 Device Drivers" = HASP4 Device Drivers
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{A81A0CFE-7C45-46B8-93B4-8A4BEEC424E9}" = 7500 Fast System
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"MacBiophotonics ImageJ_is1" = Uninstall_ImageJ
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"myBabylon_English Toolbar" = myBabylon_English Toolbar
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Novell Client for Windows" = Novell Client for Windows
"ObjectDock Plus" = ObjectDock Plus
"OfficeScanNT" = Trend Micro OfficeScan Client
"Power Management Driver" = ThinkPad Power Management Driver
"PowerPlugs" = PowerPlugs: Transitions and/or 3D Titles
"ProInst" = Intel® PROSet/Wireless Software
"RealVNC_is1" = VNC Free Edition 4.1.2
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMDI2.9" = WinMDI2.9
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Your Uninstaller! 2008_is1" = Your Uninstaller! 2008 Version 6.2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"eb0df05699aedd24" = EZQuant-Gel

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/23/2009 5:30:38 PM | Computer Name = REUVENSNB1 | Source = Userenv | ID = 1047
Description = Windows cannot read the history of GPOs from the registry. Continuing
Group Policy Processing.

Error - 8/23/2009 5:30:59 PM | Computer Name = REUVENSNB1 | Source = Userenv | ID = 1047
Description = Windows cannot read the history of GPOs from the registry. Continuing
Group Policy Processing.

Error - 8/23/2009 5:31:01 PM | Computer Name = REUVENSNB1 | Source = Userenv | ID = 1047
Description = Windows cannot read the history of GPOs from the registry. Continuing
Group Policy Processing.

Error - 8/23/2009 5:31:11 PM | Computer Name = REUVENSNB1 | Source = Google Update | ID = 20
Description =

Error - 8/23/2009 5:35:52 PM | Computer Name = REUVENSNB1 | Source = Userenv | ID = 1047
Description = Windows cannot read the history of GPOs from the registry. Continuing
Group Policy Processing.

Error - 8/23/2009 5:36:09 PM | Computer Name = REUVENSNB1 | Source = Userenv | ID = 1047
Description = Windows cannot read the history of GPOs from the registry. Continuing
Group Policy Processing.

Error - 8/23/2009 5:36:10 PM | Computer Name = REUVENSNB1 | Source = Userenv | ID = 1047
Description = Windows cannot read the history of GPOs from the registry. Continuing
Group Policy Processing.

Error - 8/23/2009 5:41:07 PM | Computer Name = REUVENSNB1 | Source = Google Update | ID = 20
Description =

Error - 8/23/2009 5:43:12 PM | Computer Name = REUVENSNB1 | Source = Google Update | ID = 20
Description =

Error - 8/23/2009 5:52:04 PM | Computer Name = REUVENSNB1 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 8/23/2009 5:33:33 PM | Computer Name = REUVENSNB1 | Source = Service Control Manager | ID = 7031
Description = The Access Connections Main Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 8/23/2009 5:33:34 PM | Computer Name = REUVENSNB1 | Source = Service Control Manager | ID = 7034
Description = The OfficeScan NT Listener service terminated unexpectedly. It has
done this 1 time(s).

Error - 8/23/2009 5:33:35 PM | Computer Name = REUVENSNB1 | Source = Service Control Manager | ID = 7034
Description = The PTK License-FIGHTERS-297811811 service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/23/2009 5:33:35 PM | Computer Name = REUVENSNB1 | Source = Service Control Manager | ID = 7034
Description = The PTK Live Update-FIGHTERS-297811811 service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/23/2009 5:33:35 PM | Computer Name = REUVENSNB1 | Source = Service Control Manager | ID = 7034
Description = The PTK Scanner-FIGHTERS-297811811 service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/23/2009 5:33:38 PM | Computer Name = REUVENSNB1 | Source = Service Control Manager | ID = 7034
Description = The OfficeScan NT Firewall service terminated unexpectedly. It has
done this 1 time(s).

Error - 8/23/2009 5:33:38 PM | Computer Name = REUVENSNB1 | Source = Service Control Manager | ID = 7034
Description = The FLEXnet Licensing Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 8/23/2009 5:33:38 PM | Computer Name = REUVENSNB1 | Source = Service Control Manager | ID = 7034
Description = The OfficeScan NT Proxy Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/23/2009 5:34:31 PM | Computer Name = REUVENSNB1 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the CarboniteService service,
but this action failed with the following error: %%1056

Error - 8/23/2009 5:36:07 PM | Computer Name = REUVENSNB1 | Source = Service Control Manager | ID = 7000
Description = The MTB2004 Server service failed to start due to the following error:
%%2


< End of report >

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

8/24/2009 2:23:28 AM
mbam-log-2009-08-24 (02-23-28).txt

Scan type: Quick Scan
Objects scanned: 108001
Time elapsed: 10 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


This post has been edited by koren_7: Aug 24 2009, 02:16 AM

Hi there and sorry for the delay I will need a fresh look at your system and what are your current symptoms

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop

• Close ALL OTHER PROGRAMS.
• Double-click on OTS.exe to start the program.
• Check the box that says Scan All Users
• Under Additional Scans check the following:
  • File - Lop Check
  • File - Purity Scan
  • Evnt - EvtViewer (last 10)
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

Thanks mate !

I uploaded the file.

MAM was finally successful in finding it (not removing it).

so i'm also adding the report :

Malwarebytes' Anti-Malware 1.40
Database version: 2700
Windows 5.1.2600 Service Pack 3

8/27/2009 3:06:41 PM
mbam-log-2009-08-27 (15-06-21).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 221401
Time elapsed: 1 hour(s), 56 minute(s), 4 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
C:\WINDOWS\Temp\030.exe (Trojan.TDSS) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Temp\030.exe (Trojan.TDSS) -> No action taken.
C:\Documents and Settings\ReuvenSNB1New\Local Settings\Temporary Internet Files\Content.IE5\EHGDKQA6\sock[1].exe (Trojan.TDSS) -> No action taken.
C:\WINDOWS\Temp\eixncviqjw.tmp (Trojan.TDSS) -> No action taken.
C:\WINDOWS\Temp\etetbvtvcq.tmp (Trojan.TDSS) -> No action taken.



Thanks MAN !






This post has been edited by koren_7: Aug 28 2009, 05:09 AM

Hi,

Lets see what else we can do.

1) OTS

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.



The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

2) JavaRa

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

3) Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

• Once the update is complete, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, adware, dialers, and other riskware
  • Archives
  • E-mail databases
• Click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View report... at the bottom.
• Click the Save report... button.
  
  
  
  
• Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

In your reply I would like to see copied and pasted,

1) OTS fix log
2) Kaspersky scan

Hi mate,

Thanks for trying to help, nut after i ran the OTS and JavaRA I'm getting blue screens all the time....

I think I will just format the the computer...

but THANK YOU VERY MUCH !!!!

You're welcome.

Sorry that I couldn't be more help. Are you ok to proceed with the reformat?

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.