tinybar.c & mundo troubles me -- Help, please!

[vn3427]

ComboFix 09-03-15.01 - Ehud 03/17/2009 14:56:47.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1255.1.1033.18.1918.1375 [GMT -4:00]
Running from: d:\kits\combofix\ComboFix.exe
Command switches used :: d:\kits\combofix\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090317-0] *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Soulseek
c:\program files\Soulseek\attributes.cfg
c:\program files\Soulseek\attrstrings.cfg
c:\program files\Soulseek\autoaway.cfg
c:\program files\Soulseek\chatrooms.cfg
c:\program files\Soulseek\chatui.cfg
c:\program files\Soulseek\dlbans.cfg
c:\program files\Soulseek\extensions.cfg
c:\program files\Soulseek\hotlist.cfg
c:\program files\Soulseek\ignores.cfg
c:\program files\Soulseek\login.cfg
c:\program files\Soulseek\pchat.cfg
c:\program files\Soulseek\port.cfg
c:\program files\Soulseek\queue.cfg
c:\program files\Soulseek\queue2.cfg
c:\program files\Soulseek\rcmnd.cfg
c:\program files\Soulseek\save.cfg
c:\program files\Soulseek\search.cfg
c:\program files\Soulseek\shared.cfg
c:\program files\Soulseek\ticker.cfg
c:\program files\Soulseek\transfersview.cfg
c:\program files\Soulseek\ui.cfg
c:\program files\Soulseek\userinfo.cfg
c:\program files\Soulseek\usernotes.cfg
c:\program files\Soulseek\wishlist.cfg
E:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-02-17 to 2009-03-17 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-17 17:27 --------- d-----w c:\documents and settings\Ehud\Application Data\Skype
2009-03-17 17:20 --------- d-----w c:\documents and settings\Ehud\Application Data\skypePM
2009-03-16 04:27 --------- d-----w c:\documents and settings\All Users\Application Data\Babylon
2009-03-15 13:42 --------- d-----w c:\program files\ERUNT
2009-03-15 03:13 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-15 03:13 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-15 02:14 --------- d-----w c:\program files\Trend Micro
2009-03-15 01:48 92,485,776 ----a-w C:\backup2.reg
2009-03-13 22:32 --------- d-----w c:\program files\DOSBox-0.72
2009-03-13 19:02 --------- d-----w c:\documents and settings\Ehud\Application Data\U3
2009-03-05 12:43 --------- d-----w c:\documents and settings\Ehud\Application Data\Babylon
2009-03-05 09:33 --------- d-----w c:\program files\Blaze Media Pro
2009-03-01 09:38 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-27 10:47 --------- d-----w c:\documents and settings\Ehud\Application Data\dvdcss
2009-02-19 10:54 --------- d---a-w c:\program files\RotatePagesPdfServer
2009-02-13 10:09 --------- d-----w c:\program files\Xilisoft
2009-02-12 09:58 --------- d-----w c:\program files\Google
2009-02-11 17:53 54,948 ----a-w C:\backup.reg
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\dllcache\win32k.sys
2009-02-05 13:29 --------- d-----w c:\program files\MediaMonkey
2009-02-04 16:19 --------- d-----w c:\program files\Zuma Deluxe
2009-02-03 12:36 --------- d-----w c:\program files\Windows Media Connect 2
2009-02-02 16:42 8,368 ----a-w c:\windows\system32\drivers\AMD64CAx86.sys
2009-02-02 16:42 --------- d-----w c:\program files\AMD64_CPU_Assistant
2009-01-23 15:59 65,536 ----a-w c:\windows\IFinst27.exe
2009-01-16 19:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-19 09:10 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-07-28 15:59 26,111,636 ----a-w c:\documents and settings\Ehud\TRACE_STANDBY_1_1.BIN
2008-04-24 08:52 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-07-28 15:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008072820080729\index.dat
.

((((((((((((((((((((((((((((( SnapShot@Tue 03-17-2009_13.38.45.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-17 17:01:28 72,178 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-17 17:40:14 72,178 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-17 17:01:29 443,164 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-17 17:40:14 443,164 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/13/2008 08:12 PM 15360]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [09/02/2007 06:58 AM 495616]
"AMD64 CPU Assistant"="c:\program files\AMD64_CPU_Assistant\AMD64CPUAssistant.exe" [08/20/2008 06:47 PM 395776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [04/15/2007 08:39 PM 159744]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [05/14/2007 03:23 PM 1191936]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [09/25/2006 10:12 AM 90112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [10/09/2007 06:17 AM 2183168]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [12/05/2007 07:24 PM 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [11/02/2006 03:05 PM 282624]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [02/05/2009 05:08 PM 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [07/09/2001 04:50 AM 155648]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [04/30/2008 09:26 AM 3165920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [09/06/2008 08:09 AM 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/14/2008 07:04 PM 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [11/09/2008 11:43 PM 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/13/2008 08:12 PM 15360]

c:\documents and settings\Ehud\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-11 2150400]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-03-27 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=grsnwr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Total Commander\\TOTALCMD.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-23 114768]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-23 20560]
R2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [2007-06-10 331870]
R3 AMD64CA;AMD64CA;c:\windows\system32\drivers\AMD64CAx86.sys [2009-02-02 8368]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-02 97536]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2007-06-10 110160]
S2 gupdate1c9418e3760f0d2;Google Update Service (gupdate1c9418e3760f0d2);c:\program files\Google\Update\GoogleUpdate.exe [2008-11-08 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06f3f439-a2a5-11dd-a0ef-54eb93d7d210}]
\Shell\AutoRun\command - E:\Xkey_launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{229f6dc0-dbff-11dd-a1a6-54eb93d7d210}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26095182-36bf-11dd-9fee-54eb93d7d210}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cc1f714-e20c-11dd-a1bb-54eb93d7d210}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92d9d1a9-e072-11dd-a1b3-54eb93d7d210}]
\Shell\AutoRun\command - F:\DPFMate.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d6eeed9-cb7e-11dd-a163-54eb93d7d210}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3815df8-0bdc-11de-a246-54eb93d7d210}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-03-17 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [11/08/2008 06:38 AM]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080327
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxps://tango.huji.ac.il/sre/ICSScanner.cab
DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://tango.huji.ac.il/SNX/CSHELL/extender.cab
FF - ProfilePath - c:\documents and settings\Ehud\Application Data\Mozilla\Firefox\Profiles\nunzkg4k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.igoogle.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\Ehud\Application Data\Mozilla\Firefox\Profiles\nunzkg4k.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}\components\mintray-9178506d-2005072516-trunk.dll
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 14:57:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:29,24,9f,cc,5e,92,ca,7b,ec,18,38,c9,3e,b2,b1,8d,95,46,b2,00,1e,
a7,dc,a8,4d,3d,a4,78,2c,41,ca,6d,df,7b,2c,bd,0f,73,03,93,23,7c,4b,69,32,1c,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:29,24,9f,cc,5e,92,ca,7b,ec,18,38,c9,3e,b2,b1,8d,95,46,b2,00,1e,
a7,dc,a8,4d,3d,a4,78,2c,41,ca,6d,df,7b,2c,bd,0f,73,03,93,23,7c,4b,69,32,1c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 03/17/2009 14:58:57
ComboFix-quarantined-files.txt 2009-03-17 18:58:55
ComboFix2.txt 2009-03-17 17:39:24

Pre-Run: 13,491,249,152 bytes free
Post-Run: 13,561,626,624 bytes free

213 --- E O F --- 2009-03-12 04:39:01


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:01:36, on 17/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\AMD64_CPU_Assistant\AMD64CPUAssistant.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\vn3427.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080327
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallb...mb&ibd=2080327
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [AMD64 CPU Assistant] "C:\Program Files\AMD64_CPU_Assistant\AMD64CPUAssistant.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1208970416953
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://tango.huji.ac.il/sre/ICSScanner.cab
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://tango.huji.ac.il/SNX/CSHELL/extender.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: grsnwr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Google Update Service (gupdate1c9418e3760f0d2) (gupdate1c9418e3760f0d2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9046 bytes