ComboFix 09-06-17.04 - Mariana ( Comp ) 06/18/2009 14:48.1 - FAT32x86
Microsoft Windows XP Professional  5.1.2600.2.1252.20.1033.18.479.230 [GMT 3:00]
Running from: c:\documents and settings\Mariana ( Comp )\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
	/wow section - STAGE 38
The system cannot find the path specified.
The system cannot find the path specified.
\Local was unexpected at this time.


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\MARIAN~1\LOCALS~1\Temp\E_N4
c:\documents and settings\All Users\Application Data\Starware316
c:\documents and settings\All Users\Application Data\Starware316\buttons\775_button_1b_def.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\Free_Credit_Score0.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Free_Music0.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\logo.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\logoxp.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Reference.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\referencexp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\Ringtones0.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Weather.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\WeatherHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\weatherxp.png
c:\documents and settings\All Users\Application Data\Starware316\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware316\contexts\Related.xml
c:\documents and settings\All Users\Application Data\Starware316\contexts\Travel.xml
c:\documents and settings\All Users\Application Data\Starware316\images\walertXP.bmp
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Configurator\Configurator.xml
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Configurator\Configurator.xml.backup
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Free_Music\Free_MusicOptions.xml
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Free_Music\Free_MusicOptions.xml.backup
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Layouts\ToolbarLayout.xml
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Manager\ManagerOptions.xml
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Manager\ManagerOptions.xml.backup
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Reference\ReferenceOptions.xml
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Ringtones\RingtonesOptions.xml
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Ringtones\RingtonesOptions.xml.backup
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Toolbar\TBProductsOptions.xml
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Weather\AlertArchive.xml
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Weather\WeatherOptions.xml
c:\documents and settings\Mariana ( Comp )\Application Data\Starware316\Weather\WeatherOptions.xml.backup
c:\program files\screensavers.com
c:\program files\Starware316
c:\docume~1\MARIAN~1\LOCALS~1\Temp\E_N4\cnvpe.fne
c:\docume~1\MARIAN~1\LOCALS~1\Temp\E_N4\dp1.fne
c:\docume~1\MARIAN~1\LOCALS~1\Temp\E_N4\krnln.fnr
c:\docume~1\MARIAN~1\LOCALS~1\Temp\E_N4\shell.fne
c:\docume~1\MARIAN~1\LOCALS~1\Temp\E_N4\spec.fne
c:\program files\screensavers.com\ActiveDesktop\bin\ActiveDesktopExe.exe
c:\program files\screensavers.com\SSSUninst.exe
c:\program files\Starware316\icons\star_16.ico
c:\program files\Starware316\Starware316Config.xml
c:\program files\Starware316\Starware316Uninstall.exe
c:\windows\IE4 Error Log.txt

.
(((((((((((((((((((((((((   Files Created from 2009-05-18 to 2009-06-18  )))))))))))))))))))))))))))))))
.

2009-06-17 12:52 . 2009-06-17 12:52	--------	d-----w-	c:\program files\Trend Micro
2009-06-17 11:20 . 2009-03-30 07:33	96104	----a-w-	c:\windows\system32\drivers\avipbb.sys
2009-06-17 11:20 . 2009-03-24 13:08	55640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2009-06-17 11:20 . 2009-02-13 09:29	22360	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2009-06-17 11:20 . 2009-02-13 09:17	45416	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2009-06-17 11:20 . 2009-06-17 11:20	--------	d-----w-	c:\program files\Avira
2009-06-17 11:20 . 2009-06-17 11:20	--------	d-----w-	c:\documents and settings\All Users\Application Data\Avira
2009-06-17 07:43 . 2009-06-17 07:43	410984	----a-w-	c:\windows\system32\deploytk.dll
2009-06-17 07:43 . 2009-06-17 07:43	--------	d-----w-	c:\program files\Java
2009-06-17 07:42 . 2009-06-17 07:42	152576	----a-w-	c:\documents and settings\Mariana ( Comp )\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-17 07:08 . 2009-06-11 07:05	3298072	----a-w-	c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-06-17 07:08 . 2009-06-11 07:05	829208	----a-w-	c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-06-17 07:08 . 2009-06-11 07:05	1261344	----a-w-	c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll
2009-06-11 07:18 . 2009-06-02 10:38	1004800	----a-w-	c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-11 07:06 . 2009-06-11 07:05	826344	----a-w-	c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-06-11 07:05 . 2009-06-11 07:05	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-11 07:05 . 2009-06-11 07:05	--------	d-----w-	c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-11 07:03 . 2009-06-11 07:03	1452312	----a-w-	c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-10 14:09 . 2009-06-10 14:10	--------	d--h--w-	c:\windows\system32\D624C3
2009-06-10 14:09 . 2009-06-10 14:10	--------	d--h--w-	c:\windows\system32\95C737
2009-06-10 14:09 . 2009-06-10 14:10	--------	d--h--w-	c:\windows\system32\27700D
2009-06-10 14:09 . 2009-06-10 14:10	--------	d--h--w-	c:\windows\system32\171350
2009-05-26 08:43 . 2009-05-26 08:43	--------	d-----w-	c:\documents and settings\Mariana ( Comp )\Local Settings\Application Data\WMTools Downloaded Files

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-17 07:07 . 2009-03-10 11:11	27784	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2009-06-11 07:05 . 2009-03-10 11:11	327688	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2009-05-02 11:16 . 2009-05-02 11:16	--------	d-----w-	c:\program files\FXDD - MetaTrader 4
2009-05-02 10:45 . 2009-05-02 10:45	--------	d-----w-	c:\program files\MetaTrader - Alpari (US) MultiTerminal
2009-04-30 08:08 . 2009-03-10 11:11	11952	----a-w-	c:\windows\system32\avgrsstx.dll
2009-04-30 08:08 . 2009-03-10 11:11	12552	----a-w-	c:\windows\system32\drivers\avgrkx86.sys
2009-04-30 08:08 . 2009-03-10 11:11	108552	----a-w-	c:\windows\system32\drivers\avgtdix.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 10:38	1004800	----a-w-	c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2006-05-30 542208]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-11 1948440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-17 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-03-03 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-30 08:08	11952	----a-w-	c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-04-30 12552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-06-11 327688]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-30 108552]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-17 108289]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-06-17 906520]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-30 298776]

.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - 
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-18 14:51
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-18 14:53
ComboFix-quarantined-files.txt  2009-06-18 11:53

Pre-Run: 3,632,988,160 bytes free
Post-Run: 3,685,277,696 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

216	--- E O F ---	2008-07-09 07:31






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:29:43 ?, on 18/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: EAF2E3.lnk = C:\WINDOWS\system32\27700D\EAF2E3.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/MARIAN~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 8788 bytes