explorer.exe using 99% of my CPU! (HJT log included)

**deimona** · 2009-08-12, 18:29

Okay here's the combo fix log and HJT as you asked.

Combo Fix:

ComboFix 09-08-10.06 - user 08/12/2009 16:14.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1022.444 [GMT 3:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\user\LOCALS~1\Temp\E_N4
c:\docume~1\user\LOCALS~1\Temp\E_N4\cnvpe.fne
c:\docume~1\user\LOCALS~1\Temp\E_N4\dp1.fne
c:\docume~1\user\LOCALS~1\Temp\E_N4\eAPI.fne
c:\docume~1\user\LOCALS~1\Temp\E_N4\HtmlView.fne
c:\docume~1\user\LOCALS~1\Temp\E_N4\internet.fne
c:\docume~1\user\LOCALS~1\Temp\E_N4\krnln.fnr
c:\docume~1\user\LOCALS~1\Temp\E_N4\shell.fne
c:\docume~1\user\LOCALS~1\Temp\E_N4\spec.fne
c:\windows\desktop
c:\windows\Installer\34cdf.msi
c:\windows\system32\atrfrwvo.ini
c:\windows\system32\bHQpVGgh.ini
c:\windows\system32\bHQpVGgh.ini2
c:\windows\system32\bpukjsaf.ini
c:\windows\system32\fstsuaiq.ini
c:\windows\system32\hyfidveo.ini
c:\windows\system32\OUFikUvw.ini
c:\windows\system32\OUFikUvw.ini2
c:\windows\system32\pgegjwsn.ini
c:\windows\system32\tmp.reg
c:\windows\system32\wdjbmnt.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 )))))))))))))))))))))))))))))))
.

2009-08-11 21:48 . 2009-08-11 21:50 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-08-11 17:26 . 2009-08-11 17:26 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-10 16:24 . 2009-08-10 16:24 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-08-10 16:24 . 2009-08-10 16:24 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-08-10 16:24 . 2009-08-10 16:24 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-08-10 16:24 . 2009-08-10 17:05 -------- d-----w- c:\documents and settings\user\Application Data\Spyware Terminator
2009-08-10 16:24 . 2009-08-12 09:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-08-10 16:24 . 2009-08-10 17:14 -------- d-----w- c:\program files\Spyware Terminator
2009-08-10 15:49 . 2008-12-11 05:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-10 15:49 . 2009-04-03 07:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-10 15:49 . 2008-12-18 08:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-10 15:49 . 2009-08-10 15:49 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-10 15:49 . 2008-12-10 08:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-10 15:48 . 2009-08-10 15:49 -------- d-----w- c:\program files\Spyware Doctor
2009-08-10 15:48 . 2009-08-10 15:48 -------- d-----w- c:\documents and settings\user\Application Data\PC Tools
2009-08-10 15:48 . 2009-08-10 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-08-09 13:53 . 2009-08-09 13:57 -------- d-----w- c:\documents and settings\user\.housecall6.6
2009-08-08 18:32 . 2009-08-08 18:38 -------- d-----w- c:\program files\BHODemon 2
2009-08-03 15:37 . 2009-08-03 15:40 -------- d-----w- c:\program files\Unlocker
2009-08-03 15:26 . 2009-08-03 15:26 -------- d-----w- C:\VundoFix Backups
2009-07-30 12:07 . 2009-08-12 12:39 -------- d-----w- c:\documents and settings\user\Application Data\HPAppData
2009-07-30 11:49 . 2009-07-30 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-07-30 11:47 . 2009-07-30 11:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\HP
2009-07-30 11:41 . 2007-10-30 09:25 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-07-30 11:41 . 2007-10-30 09:25 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-07-30 11:41 . 2009-07-30 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-07-30 11:40 . 2007-11-08 14:56 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-07-30 11:40 . 2007-10-20 15:25 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2009-07-30 11:40 . 2007-10-30 09:25 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-07-30 11:40 . 2007-10-30 09:25 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2009-07-30 11:40 . 2007-10-30 09:25 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-07-30 11:40 . 2007-10-21 16:45 581632 ----a-r- c:\windows\system32\hpotscl6.dll
2009-07-30 11:40 . 2007-10-21 16:45 303104 ----a-r- c:\windows\system32\hpovst15.dll
2009-07-30 11:40 . 2007-10-21 16:45 729088 ----a-r- c:\windows\system32\hpowiax7.dll
2009-07-30 11:35 . 2009-07-30 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-07-30 11:35 . 2009-07-30 11:35 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-07-30 11:31 . 2009-07-30 11:49 157529 ----a-w- c:\windows\hpoins28.dat
2009-07-30 11:31 . 2007-12-13 00:01 932 ------w- c:\windows\hpomdl28.dat
2009-07-29 13:09 . 2009-03-06 14:00 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-07-29 13:09 . 2009-02-09 10:01 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-07-29 13:09 . 2009-02-09 10:01 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-07-29 13:09 . 2009-02-06 10:22 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-07-29 13:09 . 2009-02-06 09:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-07-29 13:09 . 2009-02-06 09:41 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-29 13:09 . 2005-07-26 04:20 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2009-07-29 13:09 . 2009-02-09 10:01 617984 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-07-29 13:09 . 2009-02-09 10:01 715264 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-07-29 12:29 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-07-29 11:34 . 2009-07-29 11:34 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2009-07-29 11:34 . 2009-08-03 10:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-29 11:34 . 2009-08-03 10:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-29 11:34 . 2009-07-29 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-29 11:34 . 2009-08-11 17:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 21:38 . 2009-07-28 17:56 -------- d--h--w- c:\windows\system32\0F6226
2009-07-27 21:38 . 2009-07-27 21:54 -------- d--h--w- c:\windows\system32\76682F
2009-07-27 21:38 . 2009-08-11 19:12 -------- d--h--w- c:\windows\system32\5A8DCC
2009-07-27 21:38 . 2009-07-30 18:40 -------- d--h--w- c:\windows\system32\ACF7EF
2009-07-21 13:44 . 2009-08-12 12:31 -------- d-----w- c:\program files\NOS
2009-07-21 13:44 . 2009-08-12 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-11 21:31 . 2008-11-16 01:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-11 21:31 . 2008-11-16 01:39 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-11 21:31 . 2008-11-16 01:39 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-11 21:31 . 2008-11-16 01:39 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-11 20:11 . 2008-08-07 11:11 -------- d-----w- c:\program files\UtopiaBOX 2.02
2009-08-11 20:11 . 2008-06-17 18:49 -------- d-----w- c:\program files\Pharaoh
2009-08-11 19:42 . 2007-01-30 00:36 -------- d-----w- c:\program files\NetWaiting
2009-08-11 19:42 . 2007-01-30 00:36 -------- d-----w- c:\program files\Microsoft Works
2009-08-11 19:42 . 2008-11-18 18:05 -------- d-----w- c:\program files\limewire
2009-08-11 19:41 . 2007-04-21 11:57 -------- d-----w- c:\program files\FLVPlayer
2009-08-10 15:50 . 2007-07-10 18:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-09 13:42 . 2008-01-22 15:20 -------- d--h--w- c:\documents and settings\user\Application Data\GetRightToGo
2009-08-08 15:58 . 2009-02-03 19:51 -------- d-----w- c:\program files\KGB Archiver
2009-07-30 20:54 . 2008-11-16 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-30 12:15 . 2007-01-30 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-07-30 12:15 . 2007-01-29 10:30 -------- d--h--w- c:\documents and settings\user\Application Data\HP
2009-07-12 13:53 . 2008-08-30 12:26 -------- d-----w- c:\program files\Lucasarts
2009-07-12 13:53 . 2007-01-30 00:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-03 20:25 . 2008-07-31 09:13 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-29 16:12 . 2004-08-04 21:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 21:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-28 18:07 . 2009-06-28 18:07 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-28 18:06 . 2007-01-29 14:44 -------- d-----w- c:\program files\Common Files\Real
2009-06-28 18:06 . 2003-02-21 19:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-23 11:42 . 2009-04-27 23:11 -------- d-----w- c:\program files\EA Games
2009-06-23 10:00 . 2009-06-23 10:00 -------- d-----w- c:\program files\iXi Tools
2009-06-22 23:27 . 2009-06-22 23:27 10134 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-06-16 14:55 . 2005-10-18 05:14 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2005-10-18 05:14 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 01:19 . 2009-06-12 01:19 152576 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-03 19:27 . 2005-08-30 11:54 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 08:33 . 2008-11-26 11:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-19 21:16 . 2007-11-22 16:53 1014 ----a-w- c:\windows\eReg.dat
2009-05-19 21:12 . 2009-05-19 21:12 0 ----a-w- c:\windows\system32\_r_a_p_.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-08-10 3055616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-11 1948440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-28 198160]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-20 1519616]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-02 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2007-1-29 102400]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Microsoft Firewall Client Management.lnk - c:\windows\Installer\{199B7F78-69B7-47C5-8D4B-A3ED1391FB6B}\NewShortcut1_8C7A59A89ABE459A9A9308C281A4A264.exe [2007-11-2 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-11 21:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\Program Files\\Anno 1701\\Anno1701.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24387:TCP"= 24387:TCP:BitComet 24387 TCP
"24387:UDP"= 24387:UDP:BitComet 24387 UDP

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/10/2009 6:49 PM 130936]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [7/5/2006 3:46 PM 63352]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/16/2008 4:39 AM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/16/2008 4:39 AM 108552]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8/10/2009 7:24 PM 142592]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/12/2009 12:31 AM 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/12/2009 12:31 AM 298776]
R2 FwcAgent;Firewall Client Agent;c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe [6/10/2004 3:00 AM 115544]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [7/31/2008 12:10 PM 206096]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/10/2009 6:49 PM 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-08-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0FAF4891-E95D-4C03-A388-A14C5C305759} - c:\windows\system32\wvUkiFUO.dll
Notify-WgaLogon - (no file)

.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 192.168.2.200:8080
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{18DD7274-43DF-4196-AEFC-EE9020D455A1} - c:\program files\FreshDevices\FreshDownload\fd.exe
LSP: c:\program files\Microsoft Firewall Client 2004\FwcWsp.dll
TCP: {3D4F5C7B-D6F1-4664-811F-4D5FB835B3FA} = 192.168.2.200
Name-Space Handler: ftp\FD - {3BF4771A-18F5-4EAB-80B7-AC254D3C7503} -
Name-Space Handler: http\FD - {3BF4771A-18F5-4EAB-80B7-AC254D3C7503} -
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-12 16:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ???hc??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1931326976-3242642446-1606852611-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1931326976-3242642446-1606852611-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:36,15,eb,c9,ff,ec,df,c2,01,25,cf,ad,25,47,b6,bc,a7,6a,c8,60,3f,82,87,
29,67,e6,59,e6,e7,3a,d0,4f,99,97,9b,23,c0,0d,a5,42,0a,1b,d7,9c,d2,eb,43,c7,\
"??"=hex:12,3b,d3,bf,0e,56,91,99,89,0e,2d,b9,8f,10,31,d3

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FDE52F6C-4102-5735-8131-2C63BF62CC95}\InProcServer32*]
"oabhpdckjmoafefbloommokcgdggim"=hex:69,61,6a,6a,70,68,65,70,66,65,66,6f,6e,6b,
68,61,67,61,00,00
"nabhfemehpcokmaaidlgakikojgb"=hex:69,61,6a,6a,70,68,67,70,68,65,69,61,6b,67,
6c,61,64,6f,00,00

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1268)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\Microsoft Firewall Client 2004\FwcMgmt.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-08-12 16:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-12 13:36

Pre-Run: 5,226,725,376 bytes free
Post-Run: 6,389,751,808 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

323 --- E O F --- 2009-07-30 00:04

-------------------------------------------------------------------

HJT LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:00 PM, on 8/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.200:8080
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 74BE16.lnk = C:\WINDOWS\system32\ACF7EF\74BE16.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Firewall Client Management.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: FreshDownload - {18DD7274-43DF-4196-AEFC-EE9020D455A1} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com...reqlab_srl.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n027p/EN/install/gtdownlr.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.3.7.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://play.battlefield-heroes.com/...r_4.0.15.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D4F5C7B-D6F1-4664-811F-4D5FB835B3FA}: NameServer = 192.168.2.200
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 13243 bytes

Thread: explorer.exe using 99% of my CPU! (HJT log included)

Thread Tools

Display

Threaded View

Posting Permissions