Help plz, explorer 100% cpu combofix log inclosed
Please support our Viruses, Spyware and other Nasties advertiser: Programming Forums
 |
Ok, so in the last couple days I've noticed my computer slowing down, when I look in task manager, MSN messenger is using 99% of my CPU, if I end task it, then explorer takes 99% of my cpu, then I need to restart. I scanned with bitdefender and found a few things, the things that couldn't be fixed were listed as:
adware.command.A
adware.purityscan.JA
generic.zeno.e5f12f0c
trojan.downloader.agent.zex
trojan.generic.107114
trojan.patched.BD
I also did a scan with combo fix and hijack this and these are the logs, any help would be greatly appreciated.
ComboFix 08-04-14.2 - Shane Leedham 2008-04-15 14:43:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1.#QNAN [GMT -4:00]
Running from: F:\Documents and Settings\Shane Leedham\Desktop\Downloads\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\Documents and Settings\LocalService\Application Data\NetMon
F:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
F:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
F:\Documents and Settings\Shane Leedham\My Documents\SMANTE~1
F:\Documents and Settings\Shane Leedham\My Documents\SMANTE~1\w?aclt.exe
F:\Documents and Settings\Shane Leedham\Start Menu\Programs\Outerinfo
F:\Documents and Settings\Shane Leedham\Start Menu\Programs\Outerinfo\Terms.lnk
F:\Documents and Settings\Shane Leedham\Start Menu\Programs\Outerinfo\Uninstall.lnk
F:\Documents and Settings\Shane Leedham\Start Menu\Programs\Startup\DW_Start.lnk
F:\Program Files\Common Files\wnsxs~1
F:\Program Files\Common Files\wnsxs~1\mmc.exe
F:\Program Files\Common Files\wnsxs~1\W?nSxS\
F:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
F:\Program Files\outerinfo
F:\Program Files\outerinfo\FF\chrome.manifest
F:\Program Files\outerinfo\FF\components\FF.dll
F:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
F:\Program Files\outerinfo\FF\install.rdf
F:\Program Files\outerinfo\Terms.rtf
F:\WINDOWS\msnimport.exe
F:\WINDOWS\pskt.ini
F:\WINDOWS\sstem~1
F:\WINDOWS\system32\fhgihggh.ini
F:\WINDOWS\system32\fhgihggh.ini2
F:\WINDOWS\system32\msnav32.ax
F:\WINDOWS\system32\qbisndno.ini
F:\WINDOWS\system32\qbqe.dll
F:\WINDOWS\system32\rmiqnfts.ini
F:\WINDOWS\system32\wzwtncq.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.
2008-04-15 05:30 . 2008-04-15 05:30 110,623 --a------ F:\WINDOWS\system32\xhbmhjif.dll
2008-04-15 05:30 . 2008-04-15 05:30 100,522 --a------ F:\WINDOWS\system32\stfnqimr.dll
2008-04-15 05:27 . 2008-04-15 05:27 105,561 --a------ F:\WINDOWS\system32\yreofety.dll
2008-04-15 05:27 . 2008-04-15 05:27 3,648 --a------ F:\WINDOWS\system32\toajxmrm.dll
2008-04-15 05:19 . 2008-04-15 14:45 121 --a------ F:\WINDOWS\bdagent.INI
2008-04-15 05:17 . 2008-04-15 05:17 <DIR> d-------- F:\Program Files\BitDefender
2008-04-15 05:17 . 2008-04-15 05:17 <DIR> d-------- F:\Documents and Settings\Shane Leedham\Application Data\BitDefender
2008-04-15 05:16 . 2008-04-15 05:17 <DIR> d-------- F:\Program Files\Common Files\BitDefender
2008-04-15 05:03 . 2008-04-15 05:03 15,086 --a------ F:\WINDOWS\system32\FreePokerBonus.ico
2008-04-15 05:02 . 2008-04-15 05:02 34,099 --a------ F:\WINDOWS\system32\rqrpnnnm.dll
2008-04-15 05:01 . 2008-04-15 05:01 110,623 --a------ F:\WINDOWS\system32\xvbwddfm.dll
2008-04-15 04:59 . 2008-04-15 04:59 105,561 --a------ F:\WINDOWS\system32\kicrwquw.dll
2008-04-15 04:59 . 2008-04-15 04:59 3,648 --a------ F:\WINDOWS\system32\anoskmho.dll
2008-04-15 04:58 . 2008-04-15 04:58 396,267 --a------ F:\WINDOWS\system32\hgghighf.dll
2008-04-15 04:53 . 2008-04-15 14:26 <DIR> d-------- F:\WINDOWS\U2hhbmUgTGVlZGhhbQ
2008-04-15 04:53 . 2008-04-15 04:53 <DIR> d-------- F:\WINDOWS\system32\fom2
2008-04-15 04:53 . 2008-04-15 06:13 <DIR> d-------- F:\WINDOWS\system32\cb4
2008-04-15 04:53 . 2008-04-15 04:53 <DIR> d-------- F:\WINDOWS\system32\bharebio01
2008-04-15 04:53 . 2008-04-15 04:53 34,099 --a------ F:\WINDOWS\system32\awtronlj.dll
2008-04-14 17:47 . 2008-04-14 17:47 <DIR> d-------- F:\Program Files\Windows Live
2008-04-14 17:47 . 2008-04-14 17:47 <DIR> d--hsc--- F:\Program Files\Common Files\WindowsLiveInstaller
2008-04-13 23:08 . 2008-04-13 23:08 <DIR> d-------- F:\Program Files\Spybot - Search & Destroy
2008-04-07 13:36 . 2008-04-07 13:36 <DIR> d-------- F:\Program Files\DotA Gaming Network
2008-04-05 15:41 . 2008-04-15 14:48 54,156 --ah----- F:\WINDOWS\QTFont.qfn
2008-04-05 15:41 . 2008-04-05 15:41 1,409 --a------ F:\WINDOWS\QTFont.for
2008-04-05 15:40 . 2008-04-05 15:40 <DIR> d-------- F:\Program Files\iTunes
2008-04-05 15:40 . 2008-04-05 15:40 <DIR> d-------- F:\Program Files\iPod
2008-04-05 15:39 . 2008-04-05 15:39 <DIR> d-------- F:\Program Files\QuickTime
2008-03-29 00:37 . 2008-03-29 00:37 90,112 --a------ F:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-29 00:37 . 2008-03-29 00:37 57,344 --a------ F:\WINDOWS\system32\QuickTime.qts
2008-03-28 14:53 . 2008-03-28 14:53 <DIR> d--h----- F:\WINDOWS\PIF
2008-03-28 14:38 . 2008-03-29 03:02 <DIR> d-------- F:\Program Files\DOSBox-0.72
2008-03-28 04:50 . 2008-03-28 04:51 297 --a------ F:\WINDOWS\SIERRA.INI
2008-03-26 04:08 . 2008-03-26 04:08 <DIR> d-------- F:\Program Files\RhinoSoft.com
2008-03-26 03:17 . 2008-03-26 03:17 <DIR> d-------- F:\Program Files\SmartFTP Client
2008-03-26 03:17 . 2008-03-26 03:17 <DIR> d-------- F:\Documents and Settings\Shane Leedham\Application Data\SmartFTP
2008-03-26 03:16 . 2008-03-26 03:16 <DIR> d-------- F:\Program Files\SmartFTP Client 3.0 Setup Files
2008-03-26 02:11 . 2008-03-26 04:07 <DIR> d-------- F:\Program Files\GuildFTPd
2008-03-22 18:01 . 2008-03-22 19:46 <DIR> d-------- F:\Documents and Settings\Shane Leedham\Application Data\Bioshock
2008-03-22 17:58 . 2007-05-16 17:45 3,497,832 --a------ F:\WINDOWS\system32\d3dx9_34.dll
2008-03-22 17:58 . 2007-05-16 17:45 1,124,720 --a------ F:\WINDOWS\system32\D3DCompiler_34.dll
2008-03-22 17:58 . 2007-05-16 17:45 443,752 --a------ F:\WINDOWS\system32\d3dx10_34.dll
2008-03-22 17:58 . 2007-05-31 20:30 266,088 --a------ F:\WINDOWS\system32\xactengine2_8.dll
2008-03-22 17:58 . 2007-01-24 16:27 255,848 --a------ F:\WINDOWS\system32\xactengine2_6.dll
2008-03-22 17:58 . 2006-12-08 13:02 251,672 --a------ F:\WINDOWS\system32\xactengine2_5.dll
2008-03-22 17:58 . 2007-05-31 20:29 18,280 --a------ F:\WINDOWS\system32\x3daudio1_2.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 09:19 --------- d-----w F:\Program Files\FlashGet
2008-04-15 09:17 --------- d-----w F:\Documents and Settings\All Users\Application Data\BitDefender
2008-04-14 22:49 --------- d-----w F:\Program Files\Mozilla Thunderbird
2008-04-14 21:48 --------- d-----w F:\Program Files\MSN Messenger
2008-04-14 21:47 --------- d-----w F:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-14 17:46 --------- d--h--w F:\Program Files\InstallShield Installation Information
2008-04-14 03:24 --------- d-----w F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-09 05:56 --------- d-----w F:\Program Files\Microsoft Silverlight
2008-04-02 00:13 --------- d-----w F:\Documents and Settings\All Users\Application Data\Logitech
2008-03-26 06:55 --------- d-----w F:\Documents and Settings\Shane Leedham\Application Data\Hamachi
2008-03-10 03:50 --------- d--h--w F:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-03-10 03:46 --------- d-----w F:\Program Files\Stardock Games
2008-03-09 21:05 22,328 ----a-w F:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-03 22:57 --------- d-----w F:\Program Files\Teamspeak2_RC2
2008-03-02 10:08 --------- d-----w F:\Program Files\Common Files\Blizzard Entertainment
2008-02-29 01:52 --------- d-----w F:\Program Files\VentSrv
2008-02-29 00:41 --------- d-----w F:\Documents and Settings\Shane Leedham\Application Data\Ventrilo
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16141B8C-A855-4D10-B570-12F8078B7A56}]
2008-04-15 04:58 396267 --a------ F:\WINDOWS\system32\hgghighf.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81c1b1a9-926b-4acc-9b0f-9bdd0f2b828b}]
2008-04-15 05:30 110623 --a------ F:\WINDOWS\system32\xhbmhjif.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}]
2008-04-15 04:53 34099 --a------ F:\WINDOWS\system32\awtronlj.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="F:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Active Desktop Calendar"="F:\Program Files\Active Desktop Calendar\ADC.exe" [2007-06-07 12:38 3670016]
"LogitechSoftwareUpdate"="F:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"DAEMON Tools Lite"="F:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 06:02 482760]
"AdobeUpdater"="F:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
"SpybotSD TeaTimer"="F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 F:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-07-26 10:16 77824 F:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="F:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe" [2003-09-16 19:01 32881]
"NvMediaCenter"="F:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016]
"Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"zBrowser Launcher"="F:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33 892928]
"LVCOMSX"="F:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="F:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="F:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"UltraMon"="F:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 21:27 304640]
"HP Software Update"="F:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 F:\WINDOWS\KHALMNPR.Exe]
"Easy Synchronization"="F:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 13:00 53248]
"Bluetooth Connection Assistant"="LBTWIZ.exe" []
"QuickTime Task"="F:\Program Files\QuickTime\QTTask.exe" [2008-03-29 00:37 413696]
"iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 11:36 267048]
"{99-91-16-61-DW}"="F:\WINDOWS\system32\fom2\cegmgr76.exe" [ ]
"BitDefender Antiphishing Helper"="F:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="F:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-16 17:45 360448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Easy Synchronization"="F:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 13:00 53248]
F:\Documents and Settings\Shane Leedham\Start Menu\Programs\Startup\
My_AutoWarkey_Script.lnk - F:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2007-05-31 12:35:12 235520]
Warkeys Update.lnk - F:\Program Files\Warkeys\update\Warkeys Update.exe [2006-08-03 16:54:12 225411]
F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - F:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [00:00:00 561213]
HP Digital Imaging Monitor.lnk - F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Java SATARaid.lnk - C:\Program Files\Silicon Image\SI3114\run.bat [2007-06-04 23:05:59 92]
Logitech SetPoint.lnk - F:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-28 02:16:33 784912]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= F:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll [2005-10-05 13:00 69632]
"{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}"= F:\WINDOWS\system32\awtronlj.dll [2008-04-15 04:53 34099]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtronlj]
awtronlj.dll 2008-04-15 04:53 34099 F:\WINDOWS\system32\awtronlj.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
f:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 f:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 F:\WINDOWS\system32\hgghighf
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnsyslog]
F:\WINDOWS\msnlogm.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\FlashGet\\flashget.exe"=
"F:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\Silicon Image\\SI3114\\SiITray.exe"=
"F:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"F:\\Program Files\\Messenger\\msmsgs.exe"=
"H:\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"H:\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"F:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"F:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"F:\\Program Files\\iTunes\\iTunes.exe"=
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2100:TCP"= 2100:TCP:ftp
R2 UltraMonUtility;UltraMon Utility Driver;F:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 21:22]
R3 UltraMonMirror;UltraMonMirror;F:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 21:23]
S3 LCcfltr;Logitech USB Filter Driver;F:\WINDOWS\system32\Drivers\LCcFltr.Sys [2004-03-03 09:50]
S3 NPF;NetGroup Packet Filter Driver;F:\WINDOWS\system32\drivers\npf.sys [2005-08-02 17:10]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-14 18:24:05 F:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- F:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: F:\WINDOWS\system32\winlogon.exe
-> F:\WINDOWS\system32\awtronlj.dll
PROCESS: F:\WINDOWS\explorer.exe
-> F:\WINDOWS\system32\nview.dll
-> F:\WINDOWS\system32\iaxcanhm.dll
.
------------------------ Other Running Processes ------------------------
.
F:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
F:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Logitech\Easy Synchronization\servicestub.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\Program Files\VentSrv\ventrilo_svc.exe
F:\Program Files\VentSrv\ventrilo_srv.exe
F:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
F:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
F:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\Logitech\SetPoint\LBTWiz.exe
F:\WINDOWS\system32\msiexec.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Logitech\Video\FxSvr2.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
F:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
F:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
F:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Silicon Image\SI3114\SiITray.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-04-15 14:53:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-15 18:53:04
Pre-Run: 4,984,778,752 bytes free
Post-Run: 6,002,204,672 bytes free
THIS IS THE HIJACK THIS LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:54 PM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
F:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Logitech\Easy Synchronization\servicestub.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\VentSrv\ventrilo_svc.exe
F:\Program Files\VentSrv\ventrilo_srv.exe
F:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
F:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
F:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\Logitech\iTouch\iTouch.exe
F:\WINDOWS\system32\LVCOMSX.EXE
F:\Program Files\Logitech\Video\LogiTray.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
F:\Program Files\Logitech\SetPoint\LBTWiz.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
F:\Program Files\Active Desktop Calendar\ADC.exe
F:\Program Files\DAEMON Tools Lite\daemon.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Logitech\Video\FxSvr2.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
F:\Program Files\Windows Live\Messenger\usnsvc.exe
F:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Silicon Image\SI3114\SiITray.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\explorer.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/nhl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - F:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LVCOMSX] F:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] F:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] F:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [UltraMon] "F:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy Synchronization] F:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{99-91-16-61-DW}] F:\WINDOWS\system32\fom2\cegmgr76.exe DWram
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "F:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "F:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\RunOnce: [Easy Synchronization] F:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] F:\Program Files\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "F:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [AdobeUpdater] F:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: My_AutoWarkey_Script.lnk = F:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Startup: Warkeys Update.lnk = F:\Program Files\Warkeys\update\Warkeys Update.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Java SATARaid.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download All with FlashGet - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - F:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - F:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - F:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - F:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - F:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Logitech Easy Synchronization - Unknown owner - F:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - F:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ventrilo - Unknown owner - F:\Program Files\VentSrv\ventrilo_svc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - F:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - F:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 10035 bytes
adware.command.A
adware.purityscan.JA
generic.zeno.e5f12f0c
trojan.downloader.agent.zex
trojan.generic.107114
trojan.patched.BD
I also did a scan with combo fix and hijack this and these are the logs, any help would be greatly appreciated.
ComboFix 08-04-14.2 - Shane Leedham 2008-04-15 14:43:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1.#QNAN [GMT -4:00]
Running from: F:\Documents and Settings\Shane Leedham\Desktop\Downloads\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\Documents and Settings\LocalService\Application Data\NetMon
F:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
F:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
F:\Documents and Settings\Shane Leedham\My Documents\SMANTE~1
F:\Documents and Settings\Shane Leedham\My Documents\SMANTE~1\w?aclt.exe
F:\Documents and Settings\Shane Leedham\Start Menu\Programs\Outerinfo
F:\Documents and Settings\Shane Leedham\Start Menu\Programs\Outerinfo\Terms.lnk
F:\Documents and Settings\Shane Leedham\Start Menu\Programs\Outerinfo\Uninstall.lnk
F:\Documents and Settings\Shane Leedham\Start Menu\Programs\Startup\DW_Start.lnk
F:\Program Files\Common Files\wnsxs~1
F:\Program Files\Common Files\wnsxs~1\mmc.exe
F:\Program Files\Common Files\wnsxs~1\W?nSxS\
F:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
F:\Program Files\outerinfo
F:\Program Files\outerinfo\FF\chrome.manifest
F:\Program Files\outerinfo\FF\components\FF.dll
F:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
F:\Program Files\outerinfo\FF\install.rdf
F:\Program Files\outerinfo\Terms.rtf
F:\WINDOWS\msnimport.exe
F:\WINDOWS\pskt.ini
F:\WINDOWS\sstem~1
F:\WINDOWS\system32\fhgihggh.ini
F:\WINDOWS\system32\fhgihggh.ini2
F:\WINDOWS\system32\msnav32.ax
F:\WINDOWS\system32\qbisndno.ini
F:\WINDOWS\system32\qbqe.dll
F:\WINDOWS\system32\rmiqnfts.ini
F:\WINDOWS\system32\wzwtncq.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.
2008-04-15 05:30 . 2008-04-15 05:30 110,623 --a------ F:\WINDOWS\system32\xhbmhjif.dll
2008-04-15 05:30 . 2008-04-15 05:30 100,522 --a------ F:\WINDOWS\system32\stfnqimr.dll
2008-04-15 05:27 . 2008-04-15 05:27 105,561 --a------ F:\WINDOWS\system32\yreofety.dll
2008-04-15 05:27 . 2008-04-15 05:27 3,648 --a------ F:\WINDOWS\system32\toajxmrm.dll
2008-04-15 05:19 . 2008-04-15 14:45 121 --a------ F:\WINDOWS\bdagent.INI
2008-04-15 05:17 . 2008-04-15 05:17 <DIR> d-------- F:\Program Files\BitDefender
2008-04-15 05:17 . 2008-04-15 05:17 <DIR> d-------- F:\Documents and Settings\Shane Leedham\Application Data\BitDefender
2008-04-15 05:16 . 2008-04-15 05:17 <DIR> d-------- F:\Program Files\Common Files\BitDefender
2008-04-15 05:03 . 2008-04-15 05:03 15,086 --a------ F:\WINDOWS\system32\FreePokerBonus.ico
2008-04-15 05:02 . 2008-04-15 05:02 34,099 --a------ F:\WINDOWS\system32\rqrpnnnm.dll
2008-04-15 05:01 . 2008-04-15 05:01 110,623 --a------ F:\WINDOWS\system32\xvbwddfm.dll
2008-04-15 04:59 . 2008-04-15 04:59 105,561 --a------ F:\WINDOWS\system32\kicrwquw.dll
2008-04-15 04:59 . 2008-04-15 04:59 3,648 --a------ F:\WINDOWS\system32\anoskmho.dll
2008-04-15 04:58 . 2008-04-15 04:58 396,267 --a------ F:\WINDOWS\system32\hgghighf.dll
2008-04-15 04:53 . 2008-04-15 14:26 <DIR> d-------- F:\WINDOWS\U2hhbmUgTGVlZGhhbQ
2008-04-15 04:53 . 2008-04-15 04:53 <DIR> d-------- F:\WINDOWS\system32\fom2
2008-04-15 04:53 . 2008-04-15 06:13 <DIR> d-------- F:\WINDOWS\system32\cb4
2008-04-15 04:53 . 2008-04-15 04:53 <DIR> d-------- F:\WINDOWS\system32\bharebio01
2008-04-15 04:53 . 2008-04-15 04:53 34,099 --a------ F:\WINDOWS\system32\awtronlj.dll
2008-04-14 17:47 . 2008-04-14 17:47 <DIR> d-------- F:\Program Files\Windows Live
2008-04-14 17:47 . 2008-04-14 17:47 <DIR> d--hsc--- F:\Program Files\Common Files\WindowsLiveInstaller
2008-04-13 23:08 . 2008-04-13 23:08 <DIR> d-------- F:\Program Files\Spybot - Search & Destroy
2008-04-07 13:36 . 2008-04-07 13:36 <DIR> d-------- F:\Program Files\DotA Gaming Network
2008-04-05 15:41 . 2008-04-15 14:48 54,156 --ah----- F:\WINDOWS\QTFont.qfn
2008-04-05 15:41 . 2008-04-05 15:41 1,409 --a------ F:\WINDOWS\QTFont.for
2008-04-05 15:40 . 2008-04-05 15:40 <DIR> d-------- F:\Program Files\iTunes
2008-04-05 15:40 . 2008-04-05 15:40 <DIR> d-------- F:\Program Files\iPod
2008-04-05 15:39 . 2008-04-05 15:39 <DIR> d-------- F:\Program Files\QuickTime
2008-03-29 00:37 . 2008-03-29 00:37 90,112 --a------ F:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-29 00:37 . 2008-03-29 00:37 57,344 --a------ F:\WINDOWS\system32\QuickTime.qts
2008-03-28 14:53 . 2008-03-28 14:53 <DIR> d--h----- F:\WINDOWS\PIF
2008-03-28 14:38 . 2008-03-29 03:02 <DIR> d-------- F:\Program Files\DOSBox-0.72
2008-03-28 04:50 . 2008-03-28 04:51 297 --a------ F:\WINDOWS\SIERRA.INI
2008-03-26 04:08 . 2008-03-26 04:08 <DIR> d-------- F:\Program Files\RhinoSoft.com
2008-03-26 03:17 . 2008-03-26 03:17 <DIR> d-------- F:\Program Files\SmartFTP Client
2008-03-26 03:17 . 2008-03-26 03:17 <DIR> d-------- F:\Documents and Settings\Shane Leedham\Application Data\SmartFTP
2008-03-26 03:16 . 2008-03-26 03:16 <DIR> d-------- F:\Program Files\SmartFTP Client 3.0 Setup Files
2008-03-26 02:11 . 2008-03-26 04:07 <DIR> d-------- F:\Program Files\GuildFTPd
2008-03-22 18:01 . 2008-03-22 19:46 <DIR> d-------- F:\Documents and Settings\Shane Leedham\Application Data\Bioshock
2008-03-22 17:58 . 2007-05-16 17:45 3,497,832 --a------ F:\WINDOWS\system32\d3dx9_34.dll
2008-03-22 17:58 . 2007-05-16 17:45 1,124,720 --a------ F:\WINDOWS\system32\D3DCompiler_34.dll
2008-03-22 17:58 . 2007-05-16 17:45 443,752 --a------ F:\WINDOWS\system32\d3dx10_34.dll
2008-03-22 17:58 . 2007-05-31 20:30 266,088 --a------ F:\WINDOWS\system32\xactengine2_8.dll
2008-03-22 17:58 . 2007-01-24 16:27 255,848 --a------ F:\WINDOWS\system32\xactengine2_6.dll
2008-03-22 17:58 . 2006-12-08 13:02 251,672 --a------ F:\WINDOWS\system32\xactengine2_5.dll
2008-03-22 17:58 . 2007-05-31 20:29 18,280 --a------ F:\WINDOWS\system32\x3daudio1_2.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 09:19 --------- d-----w F:\Program Files\FlashGet
2008-04-15 09:17 --------- d-----w F:\Documents and Settings\All Users\Application Data\BitDefender
2008-04-14 22:49 --------- d-----w F:\Program Files\Mozilla Thunderbird
2008-04-14 21:48 --------- d-----w F:\Program Files\MSN Messenger
2008-04-14 21:47 --------- d-----w F:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-14 17:46 --------- d--h--w F:\Program Files\InstallShield Installation Information
2008-04-14 03:24 --------- d-----w F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-09 05:56 --------- d-----w F:\Program Files\Microsoft Silverlight
2008-04-02 00:13 --------- d-----w F:\Documents and Settings\All Users\Application Data\Logitech
2008-03-26 06:55 --------- d-----w F:\Documents and Settings\Shane Leedham\Application Data\Hamachi
2008-03-10 03:50 --------- d--h--w F:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-03-10 03:46 --------- d-----w F:\Program Files\Stardock Games
2008-03-09 21:05 22,328 ----a-w F:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-03 22:57 --------- d-----w F:\Program Files\Teamspeak2_RC2
2008-03-02 10:08 --------- d-----w F:\Program Files\Common Files\Blizzard Entertainment
2008-02-29 01:52 --------- d-----w F:\Program Files\VentSrv
2008-02-29 00:41 --------- d-----w F:\Documents and Settings\Shane Leedham\Application Data\Ventrilo
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16141B8C-A855-4D10-B570-12F8078B7A56}]
2008-04-15 04:58 396267 --a------ F:\WINDOWS\system32\hgghighf.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81c1b1a9-926b-4acc-9b0f-9bdd0f2b828b}]
2008-04-15 05:30 110623 --a------ F:\WINDOWS\system32\xhbmhjif.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}]
2008-04-15 04:53 34099 --a------ F:\WINDOWS\system32\awtronlj.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="F:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Active Desktop Calendar"="F:\Program Files\Active Desktop Calendar\ADC.exe" [2007-06-07 12:38 3670016]
"LogitechSoftwareUpdate"="F:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"DAEMON Tools Lite"="F:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 06:02 482760]
"AdobeUpdater"="F:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
"SpybotSD TeaTimer"="F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 F:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-07-26 10:16 77824 F:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="F:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe" [2003-09-16 19:01 32881]
"NvMediaCenter"="F:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016]
"Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"zBrowser Launcher"="F:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33 892928]
"LVCOMSX"="F:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="F:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="F:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"UltraMon"="F:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 21:27 304640]
"HP Software Update"="F:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 F:\WINDOWS\KHALMNPR.Exe]
"Easy Synchronization"="F:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 13:00 53248]
"Bluetooth Connection Assistant"="LBTWIZ.exe" []
"QuickTime Task"="F:\Program Files\QuickTime\QTTask.exe" [2008-03-29 00:37 413696]
"iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 11:36 267048]
"{99-91-16-61-DW}"="F:\WINDOWS\system32\fom2\cegmgr76.exe" [ ]
"BitDefender Antiphishing Helper"="F:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="F:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-16 17:45 360448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Easy Synchronization"="F:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 13:00 53248]
F:\Documents and Settings\Shane Leedham\Start Menu\Programs\Startup\
My_AutoWarkey_Script.lnk - F:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2007-05-31 12:35:12 235520]
Warkeys Update.lnk - F:\Program Files\Warkeys\update\Warkeys Update.exe [2006-08-03 16:54:12 225411]
F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - F:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [00:00:00 561213]
HP Digital Imaging Monitor.lnk - F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Java SATARaid.lnk - C:\Program Files\Silicon Image\SI3114\run.bat [2007-06-04 23:05:59 92]
Logitech SetPoint.lnk - F:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-28 02:16:33 784912]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= F:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll [2005-10-05 13:00 69632]
"{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}"= F:\WINDOWS\system32\awtronlj.dll [2008-04-15 04:53 34099]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtronlj]
awtronlj.dll 2008-04-15 04:53 34099 F:\WINDOWS\system32\awtronlj.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
f:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 f:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 F:\WINDOWS\system32\hgghighf
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnsyslog]
F:\WINDOWS\msnlogm.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\FlashGet\\flashget.exe"=
"F:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\Silicon Image\\SI3114\\SiITray.exe"=
"F:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"F:\\Program Files\\Messenger\\msmsgs.exe"=
"H:\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"H:\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"F:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"F:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"F:\\Program Files\\iTunes\\iTunes.exe"=
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2100:TCP"= 2100:TCP:ftp
R2 UltraMonUtility;UltraMon Utility Driver;F:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 21:22]
R3 UltraMonMirror;UltraMonMirror;F:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 21:23]
S3 LCcfltr;Logitech USB Filter Driver;F:\WINDOWS\system32\Drivers\LCcFltr.Sys [2004-03-03 09:50]
S3 NPF;NetGroup Packet Filter Driver;F:\WINDOWS\system32\drivers\npf.sys [2005-08-02 17:10]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-14 18:24:05 F:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- F:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: F:\WINDOWS\system32\winlogon.exe
-> F:\WINDOWS\system32\awtronlj.dll
PROCESS: F:\WINDOWS\explorer.exe
-> F:\WINDOWS\system32\nview.dll
-> F:\WINDOWS\system32\iaxcanhm.dll
.
------------------------ Other Running Processes ------------------------
.
F:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
F:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Logitech\Easy Synchronization\servicestub.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\Program Files\VentSrv\ventrilo_svc.exe
F:\Program Files\VentSrv\ventrilo_srv.exe
F:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
F:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
F:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\Logitech\SetPoint\LBTWiz.exe
F:\WINDOWS\system32\msiexec.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Logitech\Video\FxSvr2.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
F:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
F:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
F:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Silicon Image\SI3114\SiITray.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-04-15 14:53:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-15 18:53:04
Pre-Run: 4,984,778,752 bytes free
Post-Run: 6,002,204,672 bytes free
THIS IS THE HIJACK THIS LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:54 PM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
F:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Logitech\Easy Synchronization\servicestub.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\VentSrv\ventrilo_svc.exe
F:\Program Files\VentSrv\ventrilo_srv.exe
F:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
F:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
F:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\Logitech\iTouch\iTouch.exe
F:\WINDOWS\system32\LVCOMSX.EXE
F:\Program Files\Logitech\Video\LogiTray.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
F:\Program Files\Logitech\SetPoint\LBTWiz.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
F:\Program Files\Active Desktop Calendar\ADC.exe
F:\Program Files\DAEMON Tools Lite\daemon.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Logitech\Video\FxSvr2.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
F:\Program Files\Windows Live\Messenger\usnsvc.exe
F:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Silicon Image\SI3114\SiITray.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\explorer.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/nhl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - F:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LVCOMSX] F:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] F:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] F:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [UltraMon] "F:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy Synchronization] F:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{99-91-16-61-DW}] F:\WINDOWS\system32\fom2\cegmgr76.exe DWram
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "F:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "F:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\RunOnce: [Easy Synchronization] F:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] F:\Program Files\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "F:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [AdobeUpdater] F:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: My_AutoWarkey_Script.lnk = F:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Startup: Warkeys Update.lnk = F:\Program Files\Warkeys\update\Warkeys Update.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Java SATARaid.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download All with FlashGet - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - F:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - F:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - F:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - F:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - F:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Logitech Easy Synchronization - Unknown owner - F:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - F:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ventrilo - Unknown owner - F:\Program Files\VentSrv\ventrilo_svc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - F:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - F:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 10035 bytes
Last edited by shane7 : Apr 15th, 2008 at 3:57 pm.
|
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Windows Explorer keeps closing
- Next Thread: nagging dll error, please help!
•
•
•
•
Views: 1365 | Replies: 0 | Currently Viewing: 1 (0 members and 1 guests)
Linear Mode
