[abneb217]

Hi,
I was told to open a new topic here from the XP Software forum -
My original thread in the Software category
In a nutshell -
-computer freezes randomly
-can't open a dos window
-can't update avg

I followed the instructions HERE and below are my logs:

MBAM - i'm unable to update the program and a scan comes up clean.

Rooter -
Microsoft Windows XP Professional (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:41158 Mo/Free:1031 Mo)
D:\ [Fixed] - NTFS - (Total:37369 Mo/Free:3214 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:3928 Mo/Free:825 Mo)

Sat 05/23/2009|22:28

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
---------- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
---------- C:\WINDOWS\SOUNDMAN.EXE
---------- C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
---------- C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
---------- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\WINDOWS\system32\RunDll32.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\PROGRA~1\AVG\AVG8\avgemc.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\Program Files\AVG\AVG8\avgcsrvx.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Sat 05/23/2009|22:28

----------------------\\ Scan completed at 22:28


OTListIt
OTListIt logfile created on: 23/05/2009 22:29:19 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\ישראלי\שולחן העבודה
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 245.61 Mb Available Physical Memory | 48.02% Memory free
1.97 Gb Paging File | 1.73 Gb Available in Paging File | 87.77% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.19 Gb Total Space | 29.01 Gb Free Space | 72.17% Space Free | Partition Type: NTFS
Drive D: | 36.49 Gb Total Space | 35.14 Gb Free Space | 96.29% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 3.84 Gb Total Space | 0.81 Gb Free Space | 21.02% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ISRAELI-PC
Current User Name: ישראלי
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\GlobespanVirata\Adsl\dslstat.exe (GlobespanVirata, Inc.)
PRC - C:\Program Files\GlobespanVirata\Adsl\dslagent.exe ()
PRC - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Documents and Settings\ישראלי\שולחן העבודה\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (ALCXWDM [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AR5523 [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ar5523.bin ()
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (cmuda [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\cmuda.sys (C-Media Inc)
DRV - (DNINDIS5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DNINDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (HCF_MSFT [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys (Conexant)
DRV - (lanusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\glausb.sys (GlobespanVirata Inc.)
DRV - (ms_mpu401 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (netrcacm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\netrcacm.sys (Thomson Inc.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (PRISM_A02 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\PRISMA02.sys (Conexant Systems, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.babakama.co.il/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/05/21 21:00:01 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (עוזר הכניסה של Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (Radio G Toolbar) - {f228c6a4-a593-4017-944c-4e7958fb3177} - C:\Program Files\Radio_G\tbRad0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Radio G Toolbar) - {f228c6a4-a593-4017-944c-4e7958fb3177} - C:\Program Files\Radio_G\tbRad0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F228C6A4-A593-4017-944C-4E7958FB3177} - C:\Program Files\Radio_G\tbRad0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe ()
O4 - HKLM..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon (GlobespanVirata, Inc.)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: הוסף לבלוג - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &הוסף לבלוג ב- Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: takdinet.co.il ([www] http in אתרים מהימנים)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1174241290455 (WUWebControl Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (דף הבית הנוכחי שלי) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/18 19:39:51 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/07 19:15:54 | 00,000,129 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{c2016970-45f4-11de-99c1-d1b1ac405410}\Shell\default\command - "" = F:\p.exe -- [2009/04/06 18:38:28 | 00,067,584 | RHS- | M] ()
O33 - MountPoints2\{c76b7b60-639f-11dd-97de-00208f0cd867}\Shell\AutoRun\command - "" = F:\00hoeav.com -- File not found
O33 - MountPoints2\{c76b7b60-639f-11dd-97de-00208f0cd867}\Shell\explore\Command - "" = F:\00hoeav.com -- File not found
O33 - MountPoints2\{c76b7b60-639f-11dd-97de-00208f0cd867}\Shell\open\Command - "" = F:\00hoeav.com -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/23 22:28:50 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/05/23 22:27:49 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/23 22:26:30 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\B705~1\שולחן העבודה\OTListIt2.exe
[2009/05/22 10:23:36 | 01,089,883 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/05/22 10:20:22 | 00,000,670 | ---- | C] () -- C:\DOCUME~1\B705~1\שולחן העבודה\What's Running.lnk
[2009/05/22 10:20:21 | 00,000,000 | ---D | C] -- C:\Program Files\WhatsRunning
[2009/05/22 10:19:03 | 53,639,9872 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/21 21:47:03 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/05/21 21:46:30 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/05/21 21:42:56 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/05/21 21:10:11 | 00,000,000 | ---D | C] -- C:\AVGTemp
[2009/05/21 21:06:05 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2009/05/21 20:58:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/05/21 20:58:43 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/05/21 20:58:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/05/21 20:58:33 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/05/21 20:58:02 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/05/21 20:58:02 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/05/21 20:58:02 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/05/21 20:58:02 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/05/21 20:58:02 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/05/21 20:58:02 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/05/21 20:58:02 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/05/21 16:08:18 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/05/21 15:43:59 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/05/21 15:43:59 | 00,001,507 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\שולחן העבודה\AVG Free 8.5.lnk
[2009/05/21 15:43:58 | 00,107,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/05/21 15:43:52 | 00,325,640 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/05/21 15:43:49 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/05/21 15:43:39 | 33,636,436 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/21 15:43:38 | 00,401,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/05/21 15:43:38 | 00,021,075 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/21 15:43:37 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/05/21 15:43:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/05/21 15:43:30 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/05/21 15:43:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/05/21 15:23:37 | 00,001,729 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\שולחן העבודה\Adobe Reader 9.lnk
[2009/05/21 15:23:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/05/21 15:23:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/05/21 14:47:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/05/21 14:33:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\he-il
[2009/05/21 14:33:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\he
[2009/05/21 14:33:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/05/21 14:29:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/05/21 14:28:01 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/05/21 14:02:17 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/05/21 14:02:17 | 00,149,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2009/05/21 14:02:17 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/05/21 14:02:17 | 00,094,208 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\DNIN50.dll
[2009/05/21 14:02:17 | 00,017,149 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\DNINDIS5.sys
[2009/05/21 14:02:17 | 00,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2009/05/21 13:58:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ישראלי\Application Data\Malwarebytes
[2009/05/21 13:57:59 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/21 13:57:57 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/21 13:57:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/21 13:57:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/21 13:57:27 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/05/21 13:20:41 | 00,000,264 | ---- | C] () -- C:\WINDOWS\tasks\OGADaily.job
[2009/05/21 13:20:40 | 00,000,264 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2009/05/21 13:17:49 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2009/05/21 13:17:47 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys
[2009/05/21 13:17:47 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2009/05/21 13:17:43 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2009/05/21 13:17:35 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2009/05/21 13:17:29 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/05/19 20:52:30 | 00,000,162 | -H-- | C] () -- D:\my doc\~$לצה על ספר.doc
[2009/05/18 16:56:14 | 00,025,600 | ---- | C] () -- D:\my doc\המלצה על ספר.doc
[2009/05/08 15:53:50 | 00,031,744 | ---- | C] () -- D:\my doc\סבתא טובה.doc
[2008/12/31 17:04:42 | 00,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/02 18:24:41 | 00,000,452 | ---- | C] () -- C:\WINDOWS\csrkdf01.ini
[2008/12/02 18:24:41 | 00,000,353 | ---- | C] () -- C:\WINDOWS\csrkun_102.ini
[2008/12/02 18:24:28 | 00,000,452 | ---- | C] () -- C:\WINDOWS\System32\CsrKauto.ini
[2007/09/26 13:54:47 | 00,000,769 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2007/05/06 12:07:27 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\CoInst.dll
[2007/05/06 12:07:25 | 00,018,049 | ---- | C] () -- C:\WINDOWS\wwdslcfg.ini
[2007/04/23 16:21:05 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2007/04/23 16:21:03 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/04/23 15:40:32 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/04/09 15:00:00 | 00,000,613 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/04/09 15:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/02/18 18:26:28 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[1 D:\my doc\*.tmp files]
[2009/05/23 22:30:05 | 00,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/23 22:30:05 | 00,348,684 | ---- | M] () -- C:\WINDOWS\System32\perfh00d.dat
[2009/05/23 22:30:05 | 00,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/23 22:30:05 | 00,068,276 | ---- | M] () -- C:\WINDOWS\System32\perfc00d.dat
[2009/05/23 22:30:04 | 00,934,460 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/23 22:25:49 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2009/05/23 22:25:44 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/23 22:25:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/23 22:25:21 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\ישראלי\Local Settings\desktop.ini
[2009/05/23 22:25:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/23 22:25:17 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/23 22:22:16 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\B705~1\שולחן העבודה\OTListIt2.exe
[2009/05/22 10:20:22 | 00,000,670 | ---- | M] () -- C:\DOCUME~1\B705~1\שולחן העבודה\What's Running.lnk
[2009/05/21 21:42:56 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/05/21 21:18:41 | 00,327,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/21 21:06:10 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/21 15:43:59 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/05/21 15:43:59 | 00,001,507 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\שולחן העבודה\AVG Free 8.5.lnk
[2009/05/21 15:43:58 | 00,107,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/05/21 15:43:52 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/05/21 15:43:49 | 33,636,436 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/21 15:43:49 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/05/21 15:43:38 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/05/21 15:43:38 | 00,401,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/05/21 15:43:38 | 00,021,075 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/21 15:23:37 | 00,001,729 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\שולחן העבודה\Adobe Reader 9.lnk
[2009/05/21 14:48:12 | 00,000,153 | -HS- | M] () -- D:\my doc\desktop.ini
[2009/05/21 14:29:02 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/05/21 13:20:41 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGADaily.job
[2009/05/19 21:11:41 | 00,025,600 | ---- | M] () -- D:\my doc\המלצה על ספר.doc
[2009/05/19 20:52:30 | 00,000,162 | -H-- | M] () -- D:\my doc\~$לצה על ספר.doc
[2009/05/19 20:42:49 | 00,002,417 | ---- | M] () -- C:\DOCUME~1\B705~1\שולחן העבודה\Microsoft Office Word 2003.lnk
[2009/05/12 21:08:36 | 00,002,457 | ---- | M] () -- C:\DOCUME~1\B705~1\שולחן העבודה\Microsoft Office Outlook 2003.lnk
[2009/05/12 16:00:06 | 00,031,744 | ---- | M] () -- D:\my doc\סבתא טובה.doc
[2009/05/11 18:59:08 | 00,000,372 | ---- | M] () -- D:\my doc\spider.sav
[2009/05/11 18:17:53 | 00,000,602 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\שולחן העבודה\adsl.lnk
[2009/05/07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >

Extras-
OTListIt Extras logfile created on: 23/05/2009 22:29:19 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\ישראלי\שולחן העבודה
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 245.61 Mb Available Physical Memory | 48.02% Memory free
1.97 Gb Paging File | 1.73 Gb Available in Paging File | 87.77% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.19 Gb Total Space | 29.01 Gb Free Space | 72.17% Space Free | Partition Type: NTFS
Drive D: | 36.49 Gb Total Space | 35.14 Gb Free Space | 96.29% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 3.84 Gb Total Space | 0.81 Gb Free Space | 21.02% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ISRAELI-PC
Current User Name: ישראלי
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite File not found
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 (ICQ, Inc.)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\WINDOWS\system\smsc.exe:*:Enabled:smsc File not found
F:\p.exe:*:Microsoft Enabled ()
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware (Malwarebytes Corporation)
C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10C604A6-CC48-4DC6-B02B-04D971731C30}" = Windows Live Essentials
"{13A759D5-3B27-44F1-AD68-8D6652096CF6}" = Windows Live Toolbar
"{1E78A01F-AEBC-4D42-86F3-AACBFECF0CD6}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = כלי ההעלאה של Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{350C97B4-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F2D118-EE68-336B-978F-C7F76A83B223}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - HEB
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5DA5A65C-8612-47B4-B146-4B958A87A6E5}" = Windows Live Mail
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{684A3EED-2CF5-43B2-91E1-9367F6D3A912}" = Windows Live Call
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7C4AC071-893E-4726-B61C-9AE430908C24}" = Windows Live Mail
"{83FB9DEC-89ED-4D9D-AE85-F2752D107C79}" = Windows Live Messenger
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{9011040D-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92030EBB-D9DE-4246-9F4D-27DFD29654F9}" = OGA Notifier 1.7.0105.35.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961688FD-5FD8-3D21-BE82-ACB1800EBEA2}" = Microsoft .NET Framework 3.5 Language Pack SP1 - heb
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1037-7B44-A90000000001}" = Adobe Reader 9 - Hebrew
"{B1203490-C93E-3668-B47A-36725B4F178A}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - HEB
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA4A04D5-92D8-4A67-B018-77E6DDCB2184}" = מסייע הכניסה של Windows Live
"{E707B533-DC39-4FD9-8282-F3FFA413597C}" = גלריית התמונות של Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG8Uninstall" = AVG 8.5
"CCleaner" = CCleaner (remove only)
"C-Media Audio Driver" = C-Media WDM Audio Driver
"GlobespanVirata DSL Modem" = GlobespanVirata DSL Modem
"Heshbon10_f" = חשבון 10 -כיתה ו
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - heb" = ערכת שפה של Microsoft .NET Framework 3.5 SP1 - heb
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Radio_G Toolbar" = Radio_G Toolbar
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Takdin" = Takdin
"What's Running_is1" = What's Running 2.2
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/11/2008 12:54:33 | Computer Name = ISRAELI-PC | Source = Application Hang | ID = 1002
Description = ‏‏יישום לא מגיב WINWORD.EXE, גירסה 11.0.8125.0, מודול חוסר תגובה hungapp,
גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.

Error - 01/12/2008 12:32:46 | Computer Name = ISRAELI-PC | Source = Application Hang | ID = 1002
Description = ‏‏יישום לא מגיב iexplore.exe, גירסה 6.0.2900.2180, מודול חוסר תגובה
hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.

Error - 07/12/2008 15:18:37 | Computer Name = ISRAELI-PC | Source = Application Hang | ID = 1002
Description = ‏‏יישום לא מגיב iexplore.exe, גירסה 6.0.2900.2180, מודול חוסר תגובה
hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.

Error - 08/12/2008 03:31:09 | Computer Name = ISRAELI-PC | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.

Error - 10/12/2008 08:33:32 | Computer Name = ISRAELI-PC | Source = Application Hang | ID = 1002
Description = ‏‏יישום לא מגיב WINWORD.EXE, גירסה 11.0.8125.0, מודול חוסר תגובה hungapp,
גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.

Error - 11/12/2008 15:02:42 | Computer Name = ISRAELI-PC | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.

Error - 13/12/2008 13:42:08 | Computer Name = ISRAELI-PC | Source = Application Hang | ID = 1002
Description = ‏‏יישום לא מגיב iexplore.exe, גירסה 6.0.2900.2180, מודול חוסר תגובה
hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.

Error - 19/12/2008 06:46:33 | Computer Name = ISRAELI-PC | Source = Application Hang | ID = 1002
Description = ‏‏יישום לא מגיב WINWORD.EXE, גירסה 11.0.8125.0, מודול חוסר תגובה hungapp,
גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.

Error - 20/12/2008 12:14:49 | Computer Name = ISRAELI-PC | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.

Error - 22/12/2008 08:28:31 | Computer Name = ISRAELI-PC | Source = Application Hang | ID = 1002
Description = ‏‏יישום לא מגיב iexplore.exe, גירסה 6.0.2900.2180, מודול חוסר תגובה
hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.


< End of report >

Edited by abneb217, 23 May 2009 - 01:43 PM.

[Advertisements]

I think my problem is fixed now.

I downloaded the latest version of MBAM and found a link to download manual updates. Removed 'old' version, installed the newly downloaded version & the updates, did a quick scan - which found 7 infections- & now all seems to be ok.
-i'm able to update avg
-can open dos window
-no freezing so far and no sign of the 2 processes that took up all the cpu.

I guess you can close this topic.

thanks.

[abneb217]

I think my problem is fixed now.

I downloaded the latest version of MBAM and found a link to download manual updates. Removed 'old' version, installed the newly downloaded version & the updates, did a quick scan - which found 7 infections- & now all seems to be ok.
-i'm able to update avg
-can open dos window
-no freezing so far and no sign of the 2 processes that took up all the cpu.

I guess you can close this topic.

thanks.