ComboFix 08-03-27.1 - T 2008-03-29 7:07:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.695 [GMT 8:00]
Running from: C:\Documents and Settings\T\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))
.
2008-03-29 02:00 . 2008-03-29 02:00 <DIR> d-------- C:\_OTMoveIt
2008-03-29 01:29 . 2008-03-29 01:29 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-29 01:08 . 2008-03-29 02:18 <DIR> d-------- C:\SDFix
2008-03-28 21:44 . 2008-03-28 21:44 <DIR> d-------- C:\Documents and Settings\T\Application Data\Uniblue
2008-03-28 18:52 . 2008-03-28 21:53 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-28 16:42 . 2008-03-28 16:22 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-28 16:19 . 2008-03-28 17:39 <DIR> d-------- C:\Documents and Settings\T\.housecall6.6
2008-03-28 13:06 . 2008-03-28 13:06 118,116 -r-hs---- C:\lhwdcgcb.bat
2008-03-28 13:06 . 2008-03-28 13:06 268 --ah----- C:\sqmdata08.sqm
2008-03-28 13:06 . 2008-03-28 13:06 244 --ah----- C:\sqmnoopt08.sqm
2008-03-28 00:28 . 2008-03-27 22:35 114,977 -r-hs---- C:\ff1q0gw.bat
2008-03-19 16:51 . 2008-03-19 16:51 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-03-18 14:14 . 2008-03-18 14:14 <DIR> d-------- C:\Program Files\Skype
2008-03-18 14:14 . 2008-03-25 15:28 <DIR> d-------- C:\Documents and Settings\T\Application Data\skypePM
2008-03-18 14:14 . 2008-03-18 14:14 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-18 14:13 . 2008-03-18 14:14 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-11 20:11 . 2008-03-21 19:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-11 20:11 . 2008-03-11 20:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-11 20:09 . 2008-03-11 20:10 <DIR> d-------- C:\Program Files\QuickTime
2008-03-11 20:09 . 2008-03-11 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-10 17:37 . 2008-03-10 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-10 17:34 . 2008-03-28 21:52 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-10 17:23 . 2008-03-10 17:23 <DIR> d-------- C:\Program Files\Accelrys
2008-03-10 17:19 . 2008-03-10 17:19 <DIR> d-------- C:\Program Files\SFScholarToolbar
2008-03-10 17:18 . 2000-03-10 10:05 863,744 --a------ C:\WINDOWS\system32\Cw3245mt.dll
2008-03-10 17:18 . 2000-03-10 10:05 271,872 --a------ C:\WINDOWS\system32\Cxf0332b.dll
2008-03-10 17:18 . 2000-03-10 10:05 260,096 --a------ C:\WINDOWS\system32\Cxf0332a.dll
2008-03-10 17:18 . 2007-05-16 10:30 118,784 --a------ C:\WINDOWS\system32\SciFiSoft.dll
2008-03-10 17:18 . 2000-03-10 10:05 25,088 --a------ C:\WINDOWS\system32\Cxf0332c.dll
2008-03-10 17:17 . 2008-03-10 17:18 <DIR> d-------- C:\Program Files\SFSCHLR
2008-03-09 02:42 . 2008-03-09 02:42 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-09 02:41 . 2008-03-09 02:43 <DIR> d-------- C:\Program Files\Windows Live
2008-03-09 02:41 . 2008-03-09 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-03 22:30 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-03-03 22:30 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-03-02 04:13 . 2008-03-02 04:13 <DIR> d-------- C:\Program Files\DownloadToolz
2008-02-28 19:14 . 2008-02-28 19:14 38 --a------ C:\WINDOWS\avisplitter.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 23:10 1,009,696 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-28 23:09 14,438,176 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-28 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-28 19:08 202,508 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-28 19:08 103,892 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-28 19:01 --------- d-----w C:\Program Files\FlashGet
2008-03-28 05:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-28 01:46 --------- d-----w C:\Documents and Settings\T\Application Data\Skype
2008-03-27 17:37 --------- d-----w C:\Documents and Settings\T\Application Data\U3
2008-03-27 12:23 --------- d-----w C:\Documents and Settings\T\Application Data\foobar2000
2008-03-18 06:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-03-13 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-12 07:40 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-03-10 09:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-05 17:01 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-27 14:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\hpqwmi
2008-02-26 22:08 --------- d-----w C:\Program Files\eREAD6.0
2008-02-17 14:28 --------- d-----w C:\Program Files\foobar2000
2008-02-09 09:37 65,257 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-02-09 09:37 6,106 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-02-09 09:37 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-02-04 16:46 --------- d-----w C:\Program Files\BitComet
2008-02-04 16:38 --------- d-----w C:\Program Files\Veoh Networks
2008-02-01 19:01 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-31 16:51 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 23:02 200768]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2007-01-29 23:02 200768 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2004-11-05 13:52 233534 C:\Program Files\HPQ\Default Settings\cpqset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-12-03 13:24 290816 C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2005-01-23 02:31 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2005-01-21 13:40 790528 C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2005-01-23 02:36 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 20:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kava]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-14 00:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 20:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-04 20:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RSD_HDDThermo]
C:\Program Files\HDD Thermometer\HDD Thermometer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-01-04 01:53 36972 C:\Program Files\Java\jre1.5.0\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-11-05 02:38 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-11-05 02:40 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-11 00:35 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2007-12-03 13:21 3461120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\SAS\\SAS 9.1\\sas.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14142:TCP"= 14142:TCP:BitComet 14142 TCP
"14142:UDP"= 14142:UDP:BitComet 14142 UDP
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 20:00]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{058e41bb-bdb0-11dc-ab3f-0012f08f2a82}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2fadbdd-ba6d-11dc-ab36-0012f08f2a82}]
\Shell\AutoRun\command - F:\wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb4d9c85-c70e-11dc-ab44-0012f08f2a82}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb4d9da9-c70e-11dc-ab44-0012f08f2a82}]
\Shell\AutoRun\command - F:\ff1q0gw.bat
\Shell\explore\Command - F:\ff1q0gw.bat
\Shell\open\Command - F:\ff1q0gw.bat
.
Contents of the 'Scheduled Tasks' folder
"2008-03-28 09:16:22 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-25 10:13:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 07:10:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-29 7:11:28
ComboFix-quarantined-files.txt 2008-03-28 23:11:10
Pre-Run: 1,223,487,488 bytes free
Post-Run: 1,212,829,696 bytes free
.
2008-03-13 19:03:29 --- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 07:21, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...o&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: SciFinder Scholar Bar - {4e16a8fb-0521-46d1-aa2c-d0fc7abf6af9} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe