In your HJT log, The only ones (besides the google entries... which SHOULD be safe.. i still dont like them though) I see are these.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O15 - Trusted Zone: *.ordernet.co.il
O15 - Trusted Zone: http://*.ordernet.co.il
I pretty sure the O2 entry can and should be removed safely. Though I recommend waiting for others input just incase. That and I may have missed a few =)
Also, This one is kind of strange... C:\WINDOWS\system32\nvsvc32.exe . usually its for Nvidia drivers, but look at this
Note: Any malware can be named anything - so you should check where the files of the running processes are located on your disk. If a "non-Microsoft" .exe file is located in the C:\Windows or C:\Windows\System32 folder, then there is a high risk for a virus, spyware, trojan or worm infection! Check it out!
From
HereAnd,
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
You have two.. I see some differences...
Anyway, Im just pointing some stuff out. DON'T take action just yet on the ones I pointed out. As I may be very wrong. Wait for some more responses.
P.S. The location of this one raised my suspicion too. F3 - REG:win.ini: load=C:\DOCUME~1\6425~1\LOCALS~1\APPLIC~1\MICROS~1\rsvp.exe
