Thread: A warning icon says i have spyware/malware but...
View Single Post
Old 09-21-2006, 01:54 AM   #13 (permalink)
winter
Registered User
 
Join Date: Sep 2006
Posts: 13
OS: Windows xp media center


Combo Fix

Mohd Albakry - 06-09-21 17:52:36.82 Service Pack 2
ComboFix 06.09.21 - Running from: "C:\Documents and Settings\Mohd Albakry\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-08-21 to 2006-09-21 ))))))))))))))))))))))))))))))))))


2006-09-11 18:49 299,520 --a------ C:\WINDOWS\uninst.exe
2006-09-11 18:49 0 -rahs---- C:\MSDOS.SYS
2006-09-11 18:49 0 -rahs---- C:\IO.SYS
2006-09-09 03:02 23,040 --------- C:\WINDOWS\kb913800.exe
2006-09-09 00:31 2,829 --a------ C:\WINDOWS\War3Unin.pif
2006-09-09 00:31 139,264 --a------ C:\WINDOWS\War3Unin.exe
2006-09-08 22:47 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2006-09-08 22:47 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2006-09-08 22:47 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2006-09-08 22:47 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2006-09-08 22:47 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-09-08 22:47 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-09-08 22:47 76,288 --a------ C:\WINDOWS\system32\uniime.dll
2006-09-08 22:47 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2006-09-08 22:47 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2006-09-08 22:47 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2006-09-08 22:47 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2006-09-08 22:47 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2006-09-08 22:47 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2006-09-08 22:47 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2006-09-08 22:47 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2006-09-08 22:47 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2006-09-08 22:47 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2006-09-08 22:47 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-09-08 22:47 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-09-08 22:47 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-09-08 22:47 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2006-09-08 22:47 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2006-09-08 22:47 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2006-09-08 22:47 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
2006-09-08 22:47 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-09-08 22:47 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2006-09-08 22:47 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2006-09-08 22:47 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
2006-09-08 22:47 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-21 15:36 -------- d-------- C:\Program Files\mIRC
2006-09-21 12:08 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-21 12:08 -------- d-------- C:\Program Files\Common Files
2006-09-21 12:08 -------- d-------- C:\Documents and Settings\Mohd Albakry\Application Data\AdobeUM
2006-09-21 12:08 -------- d-------- C:\Documents and Settings\Mohd Albakry\Application Data\Adobe
2006-09-21 10:32 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-19 23:54 -------- d-------- C:\Documents and Settings\Mohd Albakry\Application Data\Sun
2006-09-19 13:16 -------- d-------- C:\Program Files\Hijackthis
2006-09-19 00:30 -------- d-------- C:\Program Files\DIGStream
2006-09-19 00:05 -------- d-------- C:\Program Files\CCleaner
2006-09-18 19:13 -------- d-------- C:\Documents and Settings\Mohd Albakry\Application Data\Lavasoft
2006-09-18 18:05 -------- d-------- C:\Program Files\Windows Defender
2006-09-18 01:53 -------- d-------- C:\Documents and Settings\Mohd Albakry\Application Data\Hamachi
2006-09-17 02:36 10578 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2006-09-17 02:36 -------- d-------- C:\Program Files\Hamachi
2006-09-16 01:03 -------- d---s---- C:\Documents and Settings\Mohd Albakry\Application Data\Microsoft
2006-09-13 18:34 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-13 18:34 -------- d-------- C:\Program Files\Razer
2006-09-12 17:09 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-09-12 17:05 -------- d-------- C:\Documents and Settings\Mohd Albakry\Application Data\CyberLink
2006-09-12 16:54 -------- d-------- C:\Program Files\Lionhead Studios
2006-09-11 21:19 -------- d-------- C:\Program Files\MSN Messenger
2006-09-11 20:40 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-11 18:49 -------- d-------- C:\Program Files\LucasArts
2006-09-11 18:32 -------- d-------- C:\Program Files\WinRAR
2006-09-11 18:27 -------- d-------- C:\Program Files\PowerISO
2006-09-10 17:58 -------- d-------- C:\Program Files\Combined Community Codec Pack
2006-09-10 15:55 -------- d-------- C:\Program Files\BitComet
2006-09-09 03:13 -------- d-------- C:\Program Files\Internet Explorer
2006-09-09 03:11 -------- d-------- C:\Program Files\Outlook Express
2006-09-09 03:11 -------- d-------- C:\Program Files\Common Files\System
2006-09-09 00:20 -------- d-------- C:\Program Files\QuickTime
2006-09-09 00:20 -------- d-------- C:\Documents and Settings\Mohd Albakry\Application Data\Apple Computer
2006-09-09 00:19 -------- d-------- C:\Program Files\iTunes
2006-09-09 00:19 -------- d-------- C:\Program Files\iPod
2006-09-09 00:15 -------- d-------- C:\Documents and Settings\Mohd Albakry\Application Data\AVG7
2006-09-09 00:14 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-09 00:14 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-09-09 00:14 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-09 00:14 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-09 00:14 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-09-09 00:14 -------- d-------- C:\Program Files\Grisoft
2006-09-08 23:15 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-08 23:05 -------- d-------- C:\Documents and Settings\Mohd Albakry\Application Data\Macromedia
2006-09-08 23:05 -------- d-------- C:\Documents and Settings\Mohd Albakry\Application Data\HP
2006-09-08 23:00 -------- d-------- C:\Program Files\WIDCOMM
2006-09-08 23:00 -------- d-------- C:\Program Files\HP Pavilion Webcam Demo
2006-09-08 22:59 -------- d-------- C:\Program Files\Hewlett-Packard
2006-08-21 22:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 19:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 19:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 16:00 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-16 16:00 -------- d--h----- C:\Program Files\Uninstall Information
2006-08-16 16:00 -------- d-------- C:\Program Files\xerox
2006-08-16 16:00 -------- d-------- C:\Program Files\Windows Plus
2006-08-16 16:00 -------- d-------- C:\Program Files\Windows NT
2006-08-16 16:00 -------- d-------- C:\Program Files\Sonic
2006-08-16 16:00 -------- d-------- C:\Program Files\NetMeeting
2006-08-16 16:00 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-16 16:00 -------- d-------- C:\Program Files\MSN
2006-08-16 16:00 -------- d-------- C:\Program Files\Movie Maker
2006-08-16 16:00 -------- d-------- C:\Program Files\microsoft frontpage
2006-08-16 16:00 -------- d-------- C:\Program Files\Messenger
2006-08-16 16:00 -------- d-------- C:\Program Files\Java
2006-08-16 16:00 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-16 16:00 -------- d-------- C:\Program Files\Common Files\TiVo Shared
2006-08-16 16:00 -------- d-------- C:\Program Files\Common Files\SureThing Shared
2006-08-16 16:00 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-08-16 16:00 -------- d-------- C:\Program Files\Common Files\Sonic Shared
2006-08-16 16:00 -------- d-------- C:\Program Files\Common Files\Services
2006-08-16 16:00 -------- d-------- C:\Program Files\Common Files\ODBC
2006-08-16 16:00 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-08-16 16:00 -------- d-------- C:\Program Files\Common Files\Java
2006-08-16 16:00 -------- d-------- C:\Program Files\Common Files\HP
2006-08-16 16:00 -------- d-------- C:\Documents and Settings\Mohd Albakry\Application Data\Identities
2006-08-16 03:09 -------- d-------- C:\Program Files\HPQ
2006-08-16 03:08 -------- d-------- C:\Program Files\Common Files\LightScribe
2006-08-16 03:07 -------- d-------- C:\Program Files\Oberon Media
2006-08-16 02:55 -------- d-------- C:\Program Files\Common Files\Oberon Media
2006-08-16 02:51 -------- d-------- C:\Program Files\Online Services
2006-08-16 02:51 -------- d-------- C:\Program Files\muvee Technologies
2006-08-16 02:51 -------- d-------- C:\Program Files\Common Files\muvee Technologies
2006-08-16 02:50 -------- d-------- C:\Program Files\Google
2006-08-16 02:40 -------- d-------- C:\Program Files\Hp
2006-08-16 02:37 -------- d-------- C:\Program Files\Adobe
2006-08-16 02:30 -------- d-------- C:\Program Files\Synaptics
2006-08-16 02:29 -------- d-------- C:\Program Files\Microsoft Works
2006-08-16 02:28 -------- d-------- C:\Program Files\Microsoft Office
2006-08-16 02:28 -------- d-------- C:\Program Files\Microsoft Money 2005
2006-08-16 02:27 -------- d-------- C:\Program Files\RGB
2006-08-16 02:24 -------- d-------- C:\Program Files\GemMaster
2006-08-16 02:24 -------- d-------- C:\Program Files\ESPNMotion
2006-08-16 02:24 -------- d-------- C:\Program Files\EnglishOtto
2006-08-16 02:23 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-08-16 02:21 -------- d-------- C:\Program Files\CONEXANT
2006-08-16 02:11 -------- d-------- C:\Program Files\Windows Media Player
2006-08-16 02:08 -------- d-------- C:\Program Files\Intel
2006-07-29 21:11 30601 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 23:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 18:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-06-22 15:06 69120 --a------ C:\WINDOWS\system32\ciodm.dll
2006-06-22 15:06 1435648 --a------ C:\WINDOWS\system32\query.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"MsmqIntCert"="regsvr32 /s mqrt.dll"
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"QlbCtrl"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,48,65,77,6c,65,\
74,74,2d,50,61,63,6b,61,72,64,5c,48,50,20,51,75,69,63,6b,20,4c,61,75,6e,63,\
68,20,42,75,74,74,6f,6e,73,5c,51,6c,62,43,74,72,6c,2e,65,78,65,20,2f,53,74,\
61,72,74,00
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe"
"Reminder"="C:\\Windows\\CREATOR\\Remind_XP.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"Krait"="C:\\Program Files\\Razer\\Krait\\razerhid.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: Thu 09/21/2006 17:53:12.54
ComboFix.txt
=======================================

Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 5:54:19 PM, on 9/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Razer\Krait\razerhid.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe
C:\Program Files\Razer\Krait\razerofa.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8515C301-F140-4802-8891-3980B0B94805}: NameServer = 10.1.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
winter is offline