Once in a while when I'm on my computer, I'll find that it suddenly starts running extremely slowly. When I open up the task manager to see what is eating up all my resources, I find that one of the svchosts is utilizing a very good chunk (90% usually) of cpu usage. I don't really download random things and I run several anti spyware programs so I'm wondering how I got infected again (if it is indeed an infection). Below is my HJT log, thanks in advance for the help! There are several things in the task manager process list that I also don't recognize, so perhaps one of them could be the problem.

Logfile of HijackThis v1.99.1
Scan saved at 7:32:14 PM, on 4/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\HJT\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Microsoft] iusr.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunServices: [Microsoft] iusr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Microsoft] iusr.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\k1\Application Data\Mozilla\Firefox\Profiles\qkkpc4bt.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\k1\Application Data\Mozilla\Firefox\Profiles/qkkpc4bt.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173671425296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173672475046
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Thanks in advance for the help!

Hello velathawen,

First you should know that you're actually doing more harm than good by running 2 Anti Virus programs. (Nod32 and Norton) When you do this both programs compete for resources, and the end result is neither does it's best and can cause system instability. I recommend that you choose the one you want to keep, update it, disable the other one, and use it as an on demand only scan occasionally.

Reboot your computer after the scan finishes. Report anything bad it finds

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Thanks,
tea

NOD32 refuses to let me download the file and quarantines it every time. Is there a way to allow the sdfix somewhere else?

Can you restore from the quarantine, or choose to allow the file? I'm not familiar with that aspect of Nod32.

I got it working:


SDFix: Version 1.76

Run by k1 - 04/05/2007 Thu - 13:41:04.46

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\Documents and Settings\k1\Desktop\SDFix

Safe Mode:
Checking Services:





Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found...




ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Documents and Settings\\k1\\My Documents\\Programs\\utorrent.exe"="C:\\Documents and Settings\\k1\\My Documents\\Programs\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.10.6448-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Warcraft III\\war3.exe"="C:\\Program Files\\Warcraft III\\war3.exe:*:Enabled:Warcraft III"
"C:\\WINDOWS\\system32\\iusr.exe"="C:\\WINDOWS\\system32\\iusr.exe:*:Enabled:iusr"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


Remaining Files:
---------------


Checking For Files with Hidden Attributes :

C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\k1\My Documents\School\Psych 307 - IO Psych\~WRL0309.tmp
C:\Documents and Settings\k1\My Documents\School\Psych 307 - IO Psych\~WRL0918.tmp
C:\Documents and Settings\k1\My Documents\School\Psych 307 - IO Psych\~WRL1714.tmp
C:\Documents and Settings\k1\My Documents\School\Psych 307 - IO Psych\~WRL3644.tmp

Finished


Below is my new HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 1:46:46 PM, on 4/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\conime.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\k1\Application Data\Mozilla\Firefox\Profiles\qkkpc4bt.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\k1\Application Data\Mozilla\Firefox\Profiles/qkkpc4bt.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173671425296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173672475046
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Also, I have already uninstalled norton, so I do not understand why some of the files are still on my computer. Another question I'd like to ask is why new processes are seen like the conime.exe in my process list when it wasn't there before.

Thanks

Hello,

No, that's fine. We'll do the CatchMe in this round. ComboFix has it incorporated automatically. :)

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea

By the way.......I'm still seeing entries for 2 AntiVirus programs. This really isn't good. :(

LOL...I'm posting while you're editing! Try this:

The Norton uninstall tool uninstalls ALL Norton 2004/2005/2006 products from your computer. It also uninstalls Norton Ghost 10.0/9.0/2003. http://service1.symantec.com/SUPPORT/tsgen...005033108162039

ComboFix Log:

"k1" - 07-04-06 11:04:16 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Program Files\Mozilla Firefox"


((((((((((((((((((((((((((((((( Files Created from 2007-03-06 to 2007-04-06 ))))))))))))))))))))))))))))))))))


2007-04-03 19:29 <DIR> d-------- C:\Program Files\HJT
2007-04-03 17:15 <DIR> d-------- C:\Program Files\Skype
2007-04-03 17:15 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-04-03 17:15 <DIR> d-------- C:\DOCUME~1\k1\APPLIC~1\Skype
2007-04-03 17:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-03-28 20:45 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-03-28 20:45 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-03-28 20:45 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-03-27 03:02 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-03-27 03:02 <DIR> d-------- C:\a55cd414a10770fccda32e58813a
2007-03-26 13:22 96,352 -ra------ C:\WINDOWS\system32\drivers\Z550mdm.sys
2007-03-26 13:22 9,264 -ra------ C:\WINDOWS\system32\drivers\Z550mdfl.sys
2007-03-26 13:22 87,824 -ra------ C:\WINDOWS\system32\drivers\Z550mgmt.sys
2007-03-26 13:22 85,696 -ra------ C:\WINDOWS\system32\drivers\Z550obex.sys
2007-03-26 13:22 60,800 -ra------ C:\WINDOWS\system32\drivers\Z550bus.sys
2007-03-26 13:22 6,208 -ra------ C:\WINDOWS\system32\drivers\Z550cmnt.sys
2007-03-26 13:22 6,208 -ra------ C:\WINDOWS\system32\drivers\Z550cm.sys
2007-03-26 13:22 5,840 -ra------ C:\WINDOWS\system32\drivers\Z550whnt.sys
2007-03-26 13:22 5,840 -ra------ C:\WINDOWS\system32\drivers\Z550wh.sys
2007-03-26 13:22 <DIR> d-------- C:\Program Files\Disc2Phone
2007-03-26 13:12 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-03-26 13:07 <DIR> d-------- C:\DOCUME~1\k1\APPLIC~1\Teleca
2007-03-26 13:07 <DIR> d-------- C:\DOCUME~1\k1\APPLIC~1\Sony Ericsson
2007-03-26 13:05 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-03-26 13:05 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2007-03-26 13:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
2007-03-26 13:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
2007-03-26 12:59 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-03-25 14:02 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2007-03-25 13:58 <DIR> d-------- C:\Program Files\WinPcap
2007-03-25 13:57 <DIR> d-------- C:\Program Files\WC3Banlist
2007-03-24 02:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-03-24 02:21 <DIR> d-------- C:\Program Files\Lavasoft
2007-03-24 02:21 <DIR> d-------- C:\DOCUME~1\k1\APPLIC~1\Lavasoft
2007-03-22 03:45 <DIR> d-------- C:\Program Files\illusion
2007-03-18 18:32 <DIR> d-------- C:\Program Files\minori
2007-03-17 15:35 <DIR> d-------- C:\Program Files\Ventrilo
2007-03-17 15:34 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-03-16 15:36 <DIR> d-------- C:\DOCUME~1\k1\APPLIC~1\AdobeUM
2007-03-16 15:36 <DIR> d-------- C:\DOCUME~1\k1\APPLIC~1\AdobeAUM
2007-03-16 15:34 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-03-16 15:34 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-03-16 15:34 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-03-13 11:03 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-03-13 11:02 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-03-13 11:02 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-03-13 10:58 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-03-13 09:37 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2007-03-13 09:36 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-03-13 09:36 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-03-13 09:17 <DIR> d-------- C:\DOCUME~1\k1\APPLIC~1\Symantec
2007-03-13 09:06 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-03-13 09:06 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-03-13 09:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-03-13 09:03 <DIR> d-------- C:\Program Files\PowerISO
2007-03-13 08:58 75,847 --a------ C:\WINDOWS\War3Unin.dat
2007-03-13 08:58 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-03-13 08:58 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-03-13 08:56 <DIR> d-------- C:\Program Files\Warcraft III
2007-03-13 08:53 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2007-03-13 08:53 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-03-13 08:52 646,392 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-03-13 08:00 <DIR> d-------- C:\Program Files\Ventrilo Ver 2.3
2007-03-13 08:00 <DIR> d-------- C:\DOCUME~1\k1\APPLIC~1\Ventrilo
2007-03-12 23:34 <DIR> d-------- C:\DOCUME~1\k1\APPLIC~1\Adobe
2007-03-12 23:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
2007-03-12 23:33 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-03-12 23:14 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-03-12 22:55 51,745 --a------ C:\WINDOWS\system32\TTACodecs-uninstall.exe
2007-03-12 13:35 <DIR> d-------- C:\Program Files\Monkey's Audio
2007-03-12 13:33 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-03-12 13:33 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-03-12 13:33 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-12 13:33 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-03-12 13:33 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-03-12 13:32 <DIR> d-------- C:\Program Files\Winamp
2007-03-12 13:09 <DIR> d--hs---- C:\RECYCLER
2007-03-12 13:08 <DIR> d-------- C:\DOCUME~1\k1\APPLIC~1\WinRAR
2007-03-12 12:40 <DIR> d-------- C:\DOCUME~1\k1\APPLIC~1\Media Player Classic
2007-03-12 12:30 <DIR> d-------- C:\WINDOWS\Sun
2007-03-12 12:30 <DIR> d-------- C:\DOCUME~1\k1\APPLIC~1\Sun
2007-03-12 01:04 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2007-03-12 01:01 <DIR> d-------- C:\Program Files\Java
2007-03-12 01:01 <DIR> d-------- C:\Program Files\Common Files\Java
2007-03-12 01:00 <DIR> d-------- C:\DOCUME~1\k1\APPLIC~1\uTorrent
2007-03-12 00:55 1,289 --a------ C:\WINDOWS\mozver.dat
2007-03-12 00:48 <DIR> d-------- C:\DOCUME~1\k1\APPLIC~1\Viewpoint
2007-03-12 00:44 <DIR> d-------- C:\DOCUME~1\k1\APPLIC~1\acccore
2007-03-12 00:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-03-12 00:43 <DIR> d-------- C:\Program Files\World of Warcraft
2007-03-12 00:43 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2007-03-12 00:43 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-03-12 00:43 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-03-12 00:43 <DIR> d-------- C:\Program Files\AIM6
2007-03-12 00:43 <DIR> d-------- C:\DOCUME~1\k1\Contacts
2007-03-12 00:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-03-12 00:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-03-12 00:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-03-12 00:42 335 --a------ C:\WINDOWS\nsreg.dat
2007-03-12 00:42 <DIR> d-------- C:\Program Files\MSN Messenger
2007-03-12 00:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-03-12 00:39 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-03-12 00:33 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-03-12 00:32 <DIR> d-------- C:\WINDOWS\Prefetch
2007-03-12 00:20 <DIR> d-------- C:\WINDOWS\provisioning
2007-03-12 00:20 <DIR> d-------- C:\WINDOWS\peernet
2007-03-12 00:19 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-03-12 00:17 <DIR> d-------- C:\WINDOWS\EHome
2007-03-12 00:13 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-03-12 00:13 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-03-12 00:04 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-03-11 23:58 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-03-11 23:58 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-11 23:58 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-03-11 23:58 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-03-11 23:56 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2007-03-11 23:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-03-11 23:52 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-11 23:52 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-03-11 23:52 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-03-11 23:52 <DIR> d-------- C:\WINDOWS\system32\bits
2007-03-11 23:51 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-03-11 23:51 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-03-11 23:51 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-03-11 23:51 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-03-11 23:50 <DIR> d--hs---- C:\DOCUME~1\k1\UserData
2007-03-11 23:50 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-03-11 23:49 991,744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2007-03-11 23:49 96,768 --a------ C:\WINDOWS\system32\drmstor.dll
2007-03-11 23:49 937,984 --------- C:\WINDOWS\system32\WMNetMgr.dll
2007-03-11 23:49 757,248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2007-03-11 23:49 603,648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2007-03-11 23:49 542,720 --a------ C:\WINDOWS\system32\blackbox.dll
2007-03-11 23:49 4,096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2007-03-11 23:49 4,096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2007-03-11 23:49 4,096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2007-03-11 23:49 4,096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2007-03-11 23:49 4,096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2007-03-11 23:49 4,096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2007-03-11 23:49 4,096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2007-03-11 23:49 258,296 --a------ C:\WINDOWS\system32\drmclien.dll
2007-03-11 23:49 222,208 --a------ C:\WINDOWS\system32\wmasf.dll
2007-03-11 23:49 211,456 --a------ C:\WINDOWS\system32\qasf.dll
2007-03-11 23:49 179,712 --a------ C:\WINDOWS\system32\msnetobj.dll
2007-03-11 23:49 157,184 --a------ C:\WINDOWS\system32\wmidx.dll
2007-03-11 23:49 11,264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2007-03-11 23:49 100,864 --a------ C:\WINDOWS\system32\logagent.exe
2007-03-11 23:49 1,329,152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2007-03-11 23:49 1,117,696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2007-03-11 23:49 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-03-11 23:49 <DIR> d-------- C:\WINDOWS\system32\windows media
2007-03-11 23:49 <DIR> d-------- C:\Program Files\Windows Media Components
2007-03-11 23:48 292,288 --a------ C:\WINDOWS\system32\drivers\USIUDF.sys
2007-03-11 23:48 27,232 --a------ C:\WINDOWS\system32\drivers\ULCDRHlp.sys
2007-03-11 23:45 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-03-11 23:45 <DIR> d-------- C:\Program Files\Ulead Systems
2007-03-11 23:45 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2007-03-11 23:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
2007-03-11 23:40 917,504 --a------ C:\WINDOWS\system\CMDS3D3.DLL
2007-03-11 23:40 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-11 23:40 789,568 --a------ C:\WINDOWS\system32\drivers\cmuda3.sys
2007-03-11 23:40 712,704 --a------ C:\WINDOWS\system32\AUDIO3D3.DLL
2007-03-11 23:40 712,704 --a------ C:\WINDOWS\system32\a3d.dll
2007-03-11 23:40 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-11 23:40 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-11 23:40 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-11 23:40 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-11 23:40 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2007-03-11 23:40 32,768 --a------ C:\WINDOWS\system32\UDAPROP3.DLL
2007-03-11 23:40 28,672 --a------ C:\WINDOWS\system32\CMRMDRV3.DLL
2007-03-11 23:40 28,672 --a------ C:\WINDOWS\CMIPCIRmDriver.dll
2007-03-11 23:40 258,048 --a------ C:\WINDOWS\CMIPCIUninstall.exe
2007-03-11 23:40 221,184 --a------ C:\WINDOWS\system32\CMRMDRV3.exe
2007-03-11 23:40 212,992 --a------ C:\WINDOWS\CmiRmRedundDir.exe
2007-03-11 23:40 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-11 23:40 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-11 23:40 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-03-11 23:40 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-11 23:40 102,400 --a------ C:\WINDOWS\system32\CMUDA3.DLL
2007-03-11 23:40 <DIR> d-------- C:\Program Files\C-Media PCI 3D Audio
2007-03-11 23:39 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-03-11 23:38 8,192 -ra------ C:\WINDOWS\system32\bdco1.dll
2007-03-11 23:38 63,744 -ra------ C:\WINDOWS\system32\drivers\nvatabus.sys
2007-03-11 23:38 56,320 -ra------ C:\WINDOWS\system32\drivers\nvnrm.sys
2007-03-11 23:38 33,280 -ra------ C:\WINDOWS\system32\drivers\NVENETFD.sys
2007-03-11 23:38 31,744 -ra------ C:\WINDOWS\system32\nvconrm.dll
2007-03-11 23:38 291,328 -ra------ C:\WINDOWS\system32\idecoi.dll
2007-03-11 23:38 29,696 -ra------ C:\WINDOWS\system32\NVCOG.DLL
2007-03-11 23:38 21,120 -ra------ C:\WINDOWS\system32\drivers\nv_agp.SYS
2007-03-11 23:38 198,656 -ra------ C:\WINDOWS\system32\fdco1.dll
2007-03-11 23:38 190,848 -ra------ C:\WINDOWS\system32\drivers\nvsnpu.sys
2007-03-11 23:38 163,840 --a------ C:\WINDOWS\system32\NVUninst.exe
2007-03-11 23:38 159,744 --a------ C:\WINDOWS\system32\nvunrm.exe
2007-03-11 23:38 159,744 --a------ C:\WINDOWS\system32\nvugart.exe
2007-03-11 23:38 159,744 --------- C:\WINDOWS\system32\nvuide.exe
2007-03-11 23:38 12,928 -ra------ C:\WINDOWS\system32\drivers\nvnetbus.sys
2007-03-11 23:38 110,592 --------- C:\WINDOWS\system32\nvusmb.exe
2007-03-11 23:38 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-03-11 23:38 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-03-11 23:37 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-03-11 23:36 85,376 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-03-11 23:36 83,456 --a------ C:\WINDOWS\system32\dpvsetup.exe
2007-03-11 23:36 825,344 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-03-11 23:36 82,432 --a------ C:\WINDOWS\system32\dmscript.dll
2007-03-11 23:36 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2007-03-11 23:36 733,696 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-03-11 23:36 71,680 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2007-03-11 23:36 70,656 --a------ C:\WINDOWS\system32\amstream.dll
2007-03-11 23:36 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-03-11 23:36 619,008 --a------ C:\WINDOWS\system32\dx7vb.dll
2007-03-11 23:36 61,440 --a------ C:\WINDOWS\system32\dmcompos.dll
2007-03-11 23:36 61,440 --------- C:\WINDOWS\system32\Autorun.exe
2007-03-11 23:36 60,928 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2007-03-11 23:36 59,904 --a------ C:\WINDOWS\system32\devenum.dll
2007-03-11 23:36 57,344 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-03-11 23:36 562,176 --a------ C:\WINDOWS\system32\qedit.dll
2007-03-11 23:36 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-03-11 23:36 50,688 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-03-11 23:36 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2007-03-11 23:36 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-03-11 23:36 48,640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-03-11 23:36 44,544 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-03-11 23:36 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-03-11 23:36 4,352 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-03-11 23:36 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-11 23:36 385,024 --a------ C:\WINDOWS\system32\qdvd.dll
2007-03-11 23:36 375,296 --a------ C:\WINDOWS\system32\dpnet.dll
2007-03-11 23:36 367,616 --a------ C:\WINDOWS\system32\dsound.dll
2007-03-11 23:36 363,520 --a------ C:\WINDOWS\system32\psisdecd.dll
2007-03-11 23:36 35,840 --a------ C:\WINDOWS\system32\dmloader.dll
2007-03-11 23:36 35,328 --a------ C:\WINDOWS\system32\mciqtz32.dll
2007-03-11 23:36 35,328 --a------ C:\WINDOWS\system32\dpnhpast.dll
2007-03-11 23:36 30,208 --a------ C:\WINDOWS\system32\dplaysvr.exe
2007-03-11 23:36 3,584 --a------ C:\WINDOWS\system32\dpnlobby.dll
2007-03-11 23:36 3,584 --a------ C:\WINDOWS\system32\dpnaddr.dll
2007-03-11 23:36 28,672 --a------ C:\WINDOWS\system32\dmband.dll
2007-03-11 23:36 279,040 --a------ C:\WINDOWS\system32\qdv.dll
2007-03-11 23:36 27,136 --a------ C:\WINDOWS\system32\ddrawex.dll
2007-03-11 23:36 266,240 --a------ C:\WINDOWS\system32\ddraw.dll
2007-03-11 23:36 23,552 --a------ C:\WINDOWS\system32\dpmodemx.dll
2007-03-11 23:36 229,888 --a------ C:\WINDOWS\system32\dplayx.dll
2007-03-11 23:36 212,480 --a------ C:\WINDOWS\system32\dpvoice.dll
2007-03-11 23:36 21,504 --a------ C:\WINDOWS\system32\dpvacm.dll
2007-03-11 23:36 204,288 --a------ C:\WINDOWS\system32\mswebdvd.dll
2007-03-11 23:36 20,480 --a------ C:\WINDOWS\system32\encapi.dll
2007-03-11 23:36 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-03-11 23:36 192,512 --a------ C:\WINDOWS\system32\qcap.dll
2007-03-11 23:36 19,456 --a------ C:\WINDOWS\system32\dswave.dll
2007-03-11 23:36 19,328 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2007-03-11 23:36 181,760 --a------ C:\WINDOWS\system32\dsdmo.dll
2007-03-11 23:36 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2007-03-11 23:36 18,432 --a------ C:\WINDOWS\system32\dpnsvr.exe
2007-03-11 23:36 17,408 --a------ C:\WINDOWS\system32\msyuv.dll
2007-03-11 23:36 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2007-03-11 23:36 15,360 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2007-03-11 23:36 15,360 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2007-03-11 23:36 140,928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-03-11 23:36 14,336 --a------ C:\WINDOWS\system32\msdmo.dll
2007-03-11 23:36 116,736 --a------ C:\WINDOWS\system32\dpvvox.dll
2007-03-11 23:36 11,776 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2007-03-11 23:36 11,136 --a------ C:\WINDOWS\system32\drivers\slip.sys
2007-03-11 23:36 105,984 --a------ C:\WINDOWS\system32\dmstyle.dll
2007-03-11 23:36 104,448 --a------ C:\WINDOWS\system32\dmusic.dll
2007-03-11 23:36 103,424 --a------ C:\WINDOWS\system32\dmsynth.dll
2007-03-11 23:36 10,880 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-03-11 23:36 1,689,088 --a------ C:\WINDOWS\system32\d3d9.dll
2007-03-11 23:36 1,428,480 --a------ C:\WINDOWS\system32\msvidctl.dll
2007-03-11 23:36 1,298,432 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-03-11 23:36 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2007-03-11 23:36 1,227,264 --a------ C:\WINDOWS\system32\dx8vb.dll
2007-03-11 23:36 1,179,648 --a------ C:\WINDOWS\system32\d3d8.dll
2007-03-11 23:35 3,407,872 --ah----- C:\DOCUME~1\k1\NTUSER.DAT
2007-03-11 23:35 <DIR> d--hs---- C:\WINDOWS\Installer
2007-03-11 23:34 786,432 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-03-11 23:34 786,432 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-03-11 23:34 <DIR> d--hs---- C:\System Volume Information
2007-03-11 23:32 229,376 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-03-11 23:32 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-11 23:32 0 -rahs---- C:\MSDOS.SYS
2007-03-11 23:32 0 -rahs---- C:\IO.SYS
2007-03-11 23:32 0 --a------ C:\CONFIG.SYS
2007-03-11 23:32 0 --a------ C:\AUTOEXEC.BAT
2007-03-11 23:32 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-03-11 23:32 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-03-11 23:32 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-03-11 23:32 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-03-11 23:32 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-03-11 23:31 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-03-11 23:31 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-03-11 23:31 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-03-11 23:31 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-03-11 23:31 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-11 23:31 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-03-11 23:30 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-11 23:30 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-11 23:30 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-11 23:30 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-11 23:30 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-11 23:30 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-11 23:30 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-11 23:30 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-03-11 23:30 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-11 23:30 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-03-11 23:30 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-03-11 23:30 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-11 23:30 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-03-11 23:30 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-03-11 23:30 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-11 23:30 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-11 23:30 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-03-11 23:30 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-03-11 23:30 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-11 23:30 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-11 23:30 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-11 23:30 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-03-11 23:30 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-11 23:30 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-11 23:30 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-03-11 23:30 <DIR> d---s---- C:\WINDOWS\Tasks
2007-03-11 23:30 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-03-11 23:30 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-03-11 23:30 <DIR> d-------- C:\WINDOWS\srchasst
2007-03-11 23:30 <DIR> d-------- C:\WINDOWS\PCHealth
2007-03-11 23:30 <DIR> d-------- C:\Program Files\Movie Maker
2007-03-11 23:30 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-03-11 23:29 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-03-11 23:29 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-03-11 23:29 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-03-11 23:29 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-03-11 23:29 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-11 23:29 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-03-11 23:29 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-03-11 23:29 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-03-11 23:29 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-03-11 23:29 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-11 23:29 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-11 23:29 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-11 23:29 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-03-11 23:29 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-03-11 23:29 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-03-11 23:29 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-11 23:29 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-11 23:29 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-11 23:29 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-03-11 23:29 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-03-11 23:29 <DIR> d-------- C:\WINDOWS\Registration
2007-03-11 23:29 <DIR> d-------- C:\Program Files\Online Services
2007-03-11 23:29 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-03-11 23:29 <DIR> d-------- C:\Program Files\Messenger
2007-03-11 23:28 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-03-11 23:28 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-11 23:28 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-11 23:28 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-03-11 23:28 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-11 23:28 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-03-11 23:28 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-03-11 23:28 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-11 23:28 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-11 23:28 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-11 23:28 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-11 23:28 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-03-11 23:28 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-03-11 23:28 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-03-11 23:28 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-03-11 23:28 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-11 23:28 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-03-11 23:28 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-03-11 23:28 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-03-11 23:28 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-11 23:28 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-11 23:28 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-11 23:28 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-03-11 23:28 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-03-11 23:28 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-03-11 23:28 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-11 23:28 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-11 23:28 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-03-11 23:28 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-11 23:28 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-03-11 23:28 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-03-11 23:28 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-03-11 23:28 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-03-11 23:28 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-03-11 23:28 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-03-11 23:28 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-03-11 23:28 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-11 23:28 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-03-11 23:28 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-03-11 23:28 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-11 23:28 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-03-11 23:28 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-03-11 23:28 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-03-11 23:28 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-03-11 23:28 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-03-11 23:28 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-03-11 23:28 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-11 23:28 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-03-11 23:28 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-11 23:28 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-03-11 23:28 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-03-11 23:28 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-03-11 23:28 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-11 23:28 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-11 23:28 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-11 23:28 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-11 23:28 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-11 23:28 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-03-11 23:28 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-11 23:28 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-11 23:28 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-03-11 23:28 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-03-11 23:28 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-03-11 23:28 <DIR> d-------- C:\WINDOWS\system32\Com
2007-03-11 23:28 <DIR> d-------- C:\Program Files\Windows NT
2007-03-11 22:50 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-03-11 22:50 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-03-11 22:50 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-03-11 22:50 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-03-11 22:50 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-03-11 22:50 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-03-11 18:26 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2007-03-11 18:26 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2007-03-11 18:26 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2007-03-11 18:26 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2007-03-11 18:26 76,288 --a------ C:\WINDOWS\system32\uniime.dll
2007-03-11 18:26 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2007-03-11 18:26 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2007-03-11 18:26 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2007-03-11 18:26 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2007-03-11 18:26 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2007-03-11 18:26 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2007-03-11 18:26 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2007-03-11 18:26 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2007-03-11 18:26 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2007-03-11 18:26 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2007-03-11 18:26 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2007-03-11 18:26 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2007-03-11 18:26 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2007-03-11 18:25 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-03-11 18:25 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-03-11 18:25 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-03-11 18:25 6,144 -ra------ C:\WINDOWS\system32\kbdth3.dll
2007-03-11 18:25 6,144 -ra------ C:\WINDOWS\system32\kbdth2.dll
2007-03-11 18:25 6,144 -ra------ C:\WINDOWS\system32\kbdinpun.dll
2007-03-11 18:25 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-03-11 18:25 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-03-11 18:25 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-03-11 18:25 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2007-03-11 18:25 5,632 -ra------ C:\WINDOWS\system32\kbdvntc.dll
2007-03-11 18:25 5,632 -ra------ C:\WINDOWS\system32\kbdurdu.dll
2007-03-11 18:25 5,632 -ra------ C:\WINDOWS\system32\kbdth1.dll
2007-03-11 18:25 5,632 -ra------ C:\WINDOWS\system32\kbdth0.dll
2007-03-11 18:25 5,632 -ra------ C:\WINDOWS\system32\kbdsyr2.dll
2007-03-11 18:25 5,632 -ra------ C:\WINDOWS\system32\kbdsyr1.dll
2007-03-11 18:25 5,632 -ra------ C:\WINDOWS\system32\kbdintel.dll
2007-03-11 18:25 5,632 -ra------ C:\WINDOWS\system32\kbdintam.dll
2007-03-11 18:25 5,632 -ra------ C:\WINDOWS\system32\kbdinmar.dll
2007-03-11 18:25 5,632 -ra------ C:\WINDOWS\system32\kbdinkan.dll
2007-03-11 18:25 5,632 -ra------ C:\WINDOWS\system32\kbdinhin.dll
2007-03-11 18:25 5,632 -ra------ C:\WINDOWS\system32\kbdinguj.dll
2007-03-11 18:25 5,632 -ra------ C:\WINDOWS\system32\kbdindev.dll
2007-03-11 18:25 5,632 -ra------ C:\WINDOWS\system32\kbdheb.dll
2007-03-11 18:25 5,632 -ra------ C:\WINDOWS\system32\kbdfa.dll
2007-03-11 18:25 5,632 -ra------ C:\WINDOWS\system32\kbddiv2.dll
2007-03-11 18:25 5,632 -ra------ C:\WINDOWS\system32\kbddiv1.dll
2007-03-11 18:25 5,632 -ra------ C:\WINDOWS\system32\kbda3.dll
2007-03-11 18:25 5,632 -ra------ C:\WINDOWS\system32\kbda2.dll
2007-03-11 18:25 5,632 -ra------ C:\WINDOWS\system32\kbda1.dll
2007-03-11 18:25 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
2007-03-11 18:25 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-03-11 18:25 5,120 -ra------ C:\WINDOWS\system32\kbdgeo.dll
2007-03-11 18:25 5,120 -ra------ C:\WINDOWS\system32\kbdarmw.dll
2007-03-11 18:25 5,120 -ra------ C:\WINDOWS\system32\kbdarme.dll
2007-03-11 18:25 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-11 18:25 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2007-03-11 18:25 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
2007-03-11 18:24 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-11 18:24 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-03-11 18:24 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-11 18:24 <DIR> dr------- C:\Program Files
2007-03-11 18:24 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-03-11 18:24 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-03-11 18:23 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-11 18:23 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-03-11 18:23 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-11 18:23 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-11 18:23 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-11 18:23 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-03-11 18:23 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-11 18:23 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-03-11 18:23 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-11 18:23 69,120 --a------ C:\WINDOWS\notepad.exe
2007-03-11 18:23 68,768 --a------ C:\WINDOWS\system\mmsystem.dll
2007-03-11 18:23 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-03-11 18:23 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-03-11 18:23 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-03-11 18:23 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-03-11 18:23 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-03-11 18:23 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-03-11 18:23 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-03-11 18:23 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-03-11 18:23 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-03-11 18:23 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-03-11 18:23 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-03-11 18:23 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-03-11 18:23 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-03-11 18:23 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-03-11 18:23 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-03-11 18:23 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-03-11 18:23 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-03-11 18:23 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-03-11 18:23 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-03-11 18:23 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-03-11 18:23 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-03-11 18:23 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-03-11 18:23 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-03-11 18:23 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-03-11 18:23 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-03-11 18:23 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-03-11 18:23 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-03-11 18:23 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-03-11 18:23 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-11 18:23 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-11 18:23 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-11 18:23 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-11 18:23 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-11 18:23 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-11 18:23 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-03-11 18:23 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-11 18:23 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-11 18:23 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-11 18:23 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-11 18:23 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-11 18:23 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-03-11 18:23 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-03-11 18:23 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-03-11 18:22 <DIR> d-------- C:\Documents and Settings
2007-03-11 18:18 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-03-11 18:18 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-03-11 18:18 <DIR> dr------- C:\WINDOWS\Web
2007-03-11 18:18 <DIR> d--h----- C:\WINDOWS\inf
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\WinSxS
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\twain_32
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\wins
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\spool
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\ras
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\npp
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\mui
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\IME
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\ias
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\export
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\config
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\3076
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\2052
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\1054
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\1042
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\1041
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\1037
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\1033
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\1031
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\1028
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32\1025
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system32
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\system
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\security
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\Resources
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\repair
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\mui
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\msapps
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\msagent
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\Media
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\java
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\ime
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\Help
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\Debug
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\Cursors
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\Config
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\AppPatch
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS\addins
2007-03-11 18:18 <DIR> d-------- C:\WINDOWS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-11 18:23 62 --ahs---- C:\DOCUME~1\k1\APPLIC~1\desktop.ini
2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-08 19:01 17408 --a------ C:\WINDOWS\system32\corpol.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FFTI"="C:\\Documents and Settings\\k1\\Application Data\\Mozilla\\Firefox\\Profiles\\qkkpc4bt.default\\extensions\\{B13721C7-F507-4982-B2E5-502A71474FED}\\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath=\"C:\\Documents and Settings\\k1\\Application Data\\Mozilla\\Firefox\\Profiles/qkkpc4bt.default\\extensions\\{B13721C7-F507-4982-B2E5-502A71474FED}\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"CmPCIaudio"="RunDll32 CMICNFG3.CPL,CMICtrlWnd"
"USIUDF_Eject_Monitor"="C:\\Program Files\\Common Files\\Ulead Systems\\DVD\\USISrv.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2abf185-d7f9-11db-8390-000000a00214}]
Shell\AutoRun\command F:\StartSetup.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c557ec-d161-11db-837d-000000a00214}]
Shell\AutoRun\command E:\StartSetup.exe


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-06 11:06:12
C:\ComboFix-quarantined-files.txt ... 07-04-06 11:06

Your log got cut off. Could you post a complete one please? :) How is it running?

Logfile of HijackThis v1.99.1
Scan saved at 11:10:43 AM, on 4/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Ventrilo Ver 2.3\Ventrilo.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\HJT\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\k1\Application Data\Mozilla\Firefox\Profiles\qkkpc4bt.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\k1\Application Data\Mozilla\Firefox\Profiles/qkkpc4bt.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173671425296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173672475046
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Sorry, didn't realize Since the clean up I haven't had that scvhost eating up all my resources thing! But I have noticed some new processes popping up and am a little worried about it

as an additional side note, i just restarted my computer and an "Application launcher" told me that settings failed to load.. should I be concerned/

Hello,
Which ones? I don't see any bad ones in your log.

i saw a conime.exe in my earlier hjt log but not in this one... so I'm guessing it was removed. But I would like to know if I was actually infected with a lot of stuff or not, and whether it was something that I did which caused this infection on my computer.

edit:

at the current time of posting, my scvhost is eating up my system resources again ~_~ 93%

Hello,

It could be that one of your programs is "phoning home" to update. Symantec is famous for this, among others.

That's weird because I set all my automatic updates to take place sometime at like 4 or 5 am when I'm not on the computer. My computer tends to do this only at night.. from like 7 pm onwards... I'm still pretty puzzled by this ~_~ and it's not one of those momentary eat up system resource things either.. It does this for like 30 - 40 minutes even if i restart my computer =(

Have you looked in Task Manager to see which process is eating it up while it's happening?

Yea i have.. it is an scvhost.exe under "SYSTEM" which always eats up my cpu usage

Hello,

Please go here and run Bit Defender 8 online scanner This uses IE only. Post the results in your reply, and let me know how your computer is running.

tea