Svchost.exe is maxing out the CPU after I login to windows. This problem started occurring after I upgraded from SP2 to SP3 In addition, my taskbar seems to flash the theme from Royal Noir to XP Classic and back to Royal Noir after I manually terminate svchost.exe from the Task Manager. However this is a secondary issue, my primary concerning is getting svchost.exe to behave normally.

Here is a fresh HJT log:

Please remove uTorrent with Add/Remove Programs. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.

Please refer to this topic:
/t204179-P2P_programs_we_ask_that_you_remove_first.html
(Don't put it back until after your cleaning is completed.)


P2P apps must be completely removed before we will help you.


After you've done that, please post a fresh log below. Thanks.

_________________

Microsoft MVP Consumer Security 2006, 2007 & 2008

Here is the fresh log that you requested, thanks!

Deckard's System Scanner v20071014.68
Run by nka on 2008-05-18 21:34:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as nka.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:58 PM, on 5/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
C:\Program Files\allSnap\allSnap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\nka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.....;/www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {DAB46A0D-8939-4056-B80C-028DCE8999EF} - (no file)
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] "C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: allSnap.lnk = C:\Program Files\allSnap\allSnap.exe
O4 - Startup: AutorunsDisabled
O4 - Startup: HFS.lnk = C:\Program Files\hfs\hfs.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: spoolsv.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install...ds/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1205010357593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1205131801375
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist Express Customer - C:\Program Files\Citrix\GoToAssist Express Customer\80\g2ax_winlogon.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist Express Customer - Unknown owner - C:\Program Files\Citrix\GoToAssist Express Customer\80\g2ax_service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 12151 bytes

-- Files created between 2008-04-18 and 2008-05-18 -----------------------------

2008-05-18 21:33:36 686630 --a------ C:\dss.exe
2008-05-18 11:38:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-18 11:38:40 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-18 11:38:30 0 d-------- C:\WINDOWS\LastGood
2008-05-18 11:14:02 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-17 12:04:50 0 d-------- C:\Program Files\King Kong Software
2008-05-17 11:28:15 0 d-------- C:\Documents and Settings\nka\Application Data\DonationCoder
2008-05-17 11:27:51 0 d-------- C:\Documents and Settings\All Users\Application Data\DonationCoder
2008-05-17 10:49:03 147456 --a------ C:\WINDOWS\system32\bsratwmv.dll
2008-05-17 10:49:03 585728 --a------ C:\WINDOWS\system32\bsratswf.dll
2008-05-17 10:48:59 0 d-------- C:\Program Files\Bulent's Screen Recorder 4
2008-05-15 10:37:50 0 d-------- C:\Documents and Settings\nka\Application Data\Digsby
2008-05-15 10:23:40 0 d-------- C:\Program Files\Digsby
2008-05-15 09:07:47 0 d-------- C:\Documents and Settings\nka\Application Data\Grisoft
2008-05-15 09:04:18 0 d-------- C:\Program Files\Trend Micro
2008-05-14 20:51:30 0 d-------- C:\Program Files\FlashGet
2008-05-13 10:55:34 0 d-------- C:\Documents and Settings\All Users\Application Data\eboostr
2008-05-11 00:54:53 0 d-------- C:\Documents and Settings\nka\Application Data\vlc
2008-05-10 13:51:26 0 d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-05-10 13:51:17 0 d-------- C:\Program Files\Orb Networks
2008-05-10 12:37:59 0 d-------- C:\Documents and Settings\nka\Application Data\Mozilla
2008-05-10 12:37:08 0 d-------- C:\Documents and Settings\nka\Application Data\MiniDm
2008-05-09 11:17:46 0 d-------- C:\Documents and Settings\nka\.AnywherePEViewer
2008-05-09 11:16:42 0 d-------- C:\Program Files\Anywhere PE Viewer 0.1.7
2008-05-06 15:23:09 0 d-------- C:\Documents and Settings\nka\.LocalCooling
2008-05-06 15:22:59 0 d-------- C:\Program Files\Uniblue
2008-05-06 09:32:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
2008-05-06 09:27:12 0 d-------- C:\Documents and Settings\All Users\Application Data\VideoSpin
2008-05-02 11:11:56 0 d-------- C:\XP_CD_Source <XP_CD_~1>
2008-05-02 11:07:27 0 d-------- C:\Program Files\nLite
2008-05-01 13:03:27 0 d-------- C:\WINDOWS\Prefetch
2008-05-01 12:52:20 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-01 11:59:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2008-05-01 11:47:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sunbelt Software
2008-05-01 11:43:42 0 d-------- C:\sp3.errors <SP3~1.ERR>
2008-05-01 11:38:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Thunderbird
2008-05-01 11:20:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Notepad++
2008-05-01 11:08:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-01 11:07:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-01 01:04:02 0 d-------- C:\Program Files\Windows Resource Kits
2008-05-01 00:35:39 0 d-------- C:\WINDOWS\system32\scripting
2008-05-01 00:35:38 0 d-------- C:\WINDOWS\l2schemas
2008-05-01 00:35:37 0 d-------- C:\WINDOWS\system32\en
2008-05-01 00:35:36 0 d-------- C:\WINDOWS\system32\bits
2008-05-01 00:27:49 0 d-------- C:\WINDOWS\network diagnostic
2008-04-29 21:57:08 0 d-------- C:\Documents and Settings\nka\Application Data\IEPro
2008-04-29 21:56:25 0 d-------- C:\Program Files\IEPro
2008-04-28 10:22:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-04-27 01:17:50 0 d--h----- C:\Documents and Settings\nka\Recent
2008-04-26 23:35:49 0 d-------- C:\Program Files\Siber Systems
2008-04-18 15:31:31 0 d-------- C:\Program Files\Evernote
2008-04-18 15:30:41 0 d-------- C:\Documents and Settings\nka\Application Data\InstallShield


-- Find3M Report ---------------------------------------------------------------

2008-05-18 21:37:22 0 d-------- C:\Program Files\PeerGuardian2
2008-05-18 19:34:58 0 d-------- C:\Program Files\Citrix
2008-05-18 18:37:49 0 d-------- C:\Documents and Settings\nka\Application Data\TeraCopy
2008-05-18 18:37:40 0 d-------- C:\Program Files\LogMeIn
2008-05-18 18:33:51 0 d-------- C:\Program Files\hfs
2008-05-18 16:55:08 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-17 16:03:37 0 d-------- C:\Program Files\SmartCapture
2008-05-17 16:03:37 0 d-------- C:\Documents and Settings\nka\Application Data\DeskSoft
2008-05-17 15:13:25 0 d-------- C:\Program Files\Notepad++
2008-05-17 15:13:24 0 d-------- C:\Program Files\ScreenshotCaptor
2008-05-17 14:09:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-17 11:28:15 58 --a------ C:\WINDOWS\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2008-05-15 23:19:26 0 d-------- C:\Program Files\iPod
2008-05-15 23:19:07 0 d-------- C:\Program Files\Common Files
2008-05-15 11:20:46 0 d-------- C:\Documents and Settings\nka\Application Data\Skype
2008-05-14 19:00:52 0 d-------- C:\Program Files\Google
2008-05-13 19:11:14 0 d-------- C:\Program Files\Trillian
2008-05-12 22:33:51 0 d-------- C:\Program Files\Photo DVD Maker Professional
2008-05-11 15:00:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-11 00:51:56 0 d-------- C:\Program Files\VideoLAN
2008-05-10 10:00:58 0 d-------- C:\Program Files\Bonjour
2008-05-09 18:56:11 0 d-------- C:\Documents and Settings\nka\Application Data\Apple Computer
2008-05-07 20:18:07 0 d-------- C:\Program Files\YPOPs
2008-05-06 09:27:12 0 d-------- C:\Program Files\Pinnacle
2008-05-05 07:17:40 0 d-------- C:\Program Files\DAEMON Tools Pro
2008-05-03 20:16:13 0 d-------- C:\Program Files\Wireless LAN
2008-05-03 20:09:15 0 d-------- C:\Program Files\Softland
2008-05-03 18:12:21 39006 --a------ C:\Documents and Settings\nka\Application Data\Comma Separated Values (Windows).ADR
2008-05-01 12:56:42 0 d-------- C:\Program Files\Messenger
2008-05-01 12:56:11 0 d-------- C:\Program Files\Movie Maker
2008-05-01 12:51:32 0 d-------- C:\Program Files\Windows NT
2008-05-01 11:39:03 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-28 23:56:45 0 d-------- C:\Program Files\Foxit Software
2008-04-22 00:58:57 12992 --a------ C:\Documents and Settings\nka\Application Data\Comma Separated Values (Windows).CAL
2008-04-21 07:59:12 310 --a------ C:\Documents and Settings\nka\Application Data\APUSet.xml
2008-04-21 07:59:04 6109 --a------ C:\Documents and Settings\nka\Application Data\PrimoPDFSet.xml
2008-04-20 00:14:36 0 d-------- C:\Documents and Settings\nka\Application Data\Hamachi
2008-04-16 16:09:00 0 d-------- C:\Documents and Settings\nka\Application Data\SolidDocuments
2008-04-16 16:05:08 0 d-------- C:\Program Files\UltraVNC
2008-04-16 15:29:01 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-16 04:56:22 0 d-------- C:\Program Files\PDFCreator
2008-04-14 14:56:05 0 d-------- C:\Program Files\TightVNC
2008-04-14 11:15:15 0 d-------- C:\Program Files\Hamachi
2008-04-14 10:42:26 0 d-------- C:\Documents and Settings\nka\Application Data\Notepad++
2008-04-13 23:14:00 0 d-------- C:\Documents and Settings\nka\Application Data\Softland
2008-04-12 23:10:28 0 d-------- C:\Program Files\Lookout Software
2008-04-12 15:57:59 0 d-------- C:\Program Files\TagScanner
2008-04-11 00:59:22 0 d-------- C:\Program Files\activePDF
2008-04-10 19:19:15 0 d-------- C:\Program Files\Tenable
2008-04-10 18:03:39 0 d-------- C:\Program Files\MSXML 4.0
2008-04-10 17:58:29 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-10 15:40:47 0 d-------- C:\Program Files\SolidDocuments
2008-04-10 15:39:52 0 d-------- C:\Documents and Settings\nka\Application Data\Spam Monitor
2008-04-10 15:39:52 0 d-------- C:\Documents and Settings\nka\Application Data\Songbird
2008-04-06 22:35:42 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-06 14:55:03 0 d-------- C:\Program Files\TI Education
2008-04-06 14:54:28 0 d-------- C:\Program Files\Common Files\TI Shared
2008-04-04 02:09:21 0 d-------- C:\Program Files\Microsoft
2008-04-03 03:14:53 0 d-------- C:\Program Files\iTunes
2008-04-03 03:07:08 0 d-------- C:\Program Files\QuickTime
2008-04-01 20:00:00 0 d-------- C:\Program Files\Apple Software Update
2008-04-01 19:17:48 0 d-------- C:\Program Files\Windows Desktop Search
2008-04-01 01:21:33 0 d-------- C:\Documents and Settings\nka\Application Data\PandoraRip
2008-03-30 22:19:57 0 d-------- C:\Program Files\Parallax Software
2008-03-30 01:28:50 0 d-------- C:\Documents and Settings\nka\Application Data\Windows Search
2008-03-30 01:02:40 0 d-------- C:\Program Files\7-Zip
2008-03-28 20:39:54 0 d-------- C:\Program Files\iTunes Art Importer
2008-03-28 02:11:22 0 d-------- C:\Program Files\WinISO
2008-03-28 00:44:37 0 d-------- C:\Program Files\MagicISO
2008-03-27 23:54:17 0 d-------- C:\Documents and Settings\nka\Application Data\DAEMON Tools
2008-03-27 10:36:16 0 d-------- C:\Documents and Settings\nka\Application Data\DAEMON Tools Pro
2008-03-27 09:21:06 0 d-------- C:\Documents and Settings\nka\Application Data\LimeWire
2008-03-26 22:01:29 6335 --a------ C:\WINDOWS\mozver.dat
2008-03-24 00:07:24 0 d-------- C:\Program Files\Diskeeper Corporation
2008-03-23 11:30:11 0 d-------- C:\Program Files\AC3Filter
2008-03-22 23:25:07 0 d-------- C:\Program Files\FairUse Wizard 2
2008-03-21 00:18:10 0 d-------- C:\Program Files\Rosetta Stone
2008-03-19 18:21:12 0 d-------- C:\Program Files\FirefoxPortable
2008-03-18 21:42:15 0 d-------- C:\Program Files\PandoraRip
2008-03-18 13:11:08 0 d-------- C:\Program Files\SpaceMonger
2008-03-16 11:01:08 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-03-01 18:03:43 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-03-01 18:03:43 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-02-26 13:57:11 904 --a------ C:\Documents and Settings\nka\Application Data\DVDSubEdit.ini
2008-02-21 07:53:59 12896 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-02-21 07:45:26 3625 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [04/26/2004 04:21 PM]
"MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [09/21/2000 03:34 PM]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [03/19/2002 06:30 PM]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [03/16/2008 11:01 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [03/16/2008 01:09 PM]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/15/2005 02:48 PM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [08/03/2007 04:09 PM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [04/14/2008 05:42 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [09/18/2005 07:40 PM]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [04/26/2008 11:35 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\nka\Start Menu\Programs\Startup\
allSnap.lnk - C:\Program Files\allSnap\allSnap.exe [3/19/2004 11:02:14 PM]
HFS.lnk - C:\Program Files\hfs\hfs.exe [5/16/2008 4:16:58 AM]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 9:24:54 PM]
spoolsv.exe [9/17/2006 10:07:06 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableChangePassword"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoTeraCopy...RecycleBin"=1 (0x1)
"NoStartMenuPinnedList"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoRecentDocsMenu"=00000000
"NoInternetIcon"=1 (0x1)
"NoSMHelp"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"StartMenuLogOff"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVD Region-Free\DVDShell.dll [03/07/2004 05:58 PM 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
C:\Program Files\Citrix\GoToAssist Express Customer\80\g2ax_winlogon.dll 05/18/2008 07:34 PM 45368 C:\Program Files\Citrix\GoToAssist Express Customer\80\g2ax_winlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 11/15/2007 07:46 PM 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BounceBack Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BounceBack Launcher.lnk
backup=C:\WINDOWS\pss\BounceBack Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CallWave.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CallWave.lnk
backup=C:\WINDOWS\pss\CallWave.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IEEE 802.11g USB Wireless LAN Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\IEEE 802.11g USB Wireless LAN Utility.lnk
backup=C:\WINDOWS\pss\IEEE 802.11g USB Wireless LAN Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
backup=C:\WINDOWS\pss\LaunchU3.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SlimServer Tray Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SlimServer Tray Tool.lnk
backup=C:\WINDOWS\pss\SlimServer Tray Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^nka^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\nka\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^nka^Start Menu^Programs^Startup^YouTube Uploader.lnk]
path=C:\Documents and Settings\nka\Start Menu\Programs\Startup\YouTube Uploader.lnk
backup=C:\WINDOWS\pss\YouTube Uploader.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^nka^Start Menu^Programs^Startup^YPOPs.lnk]
path=C:\Documents and Settings\nka\Start Menu\Programs\Startup\YPOPs.lnk
backup=C:\WINDOWS\pss\YPOPs.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CJIMETIPSYNC]
C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
"C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]
C:\WINDOWS\MMKeybd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
"C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\imekrmig7.0]
"C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG9.0]
"C:\Program Files\Common Files\Microsoft Shared\IME\IMJP9\imjprmzb.exe" /RmZombie

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSCMig]
C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBDaemon]
C:\WINDOWS\system32\KBDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
C:\WINDOWS\system32\LXSUPMON.EXE RUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft]
systern.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIMETIPSYNC]
C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop3Easy]
C:\Program Files\AderA Software\POP3 Easy\pop3easy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray]
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
"C:\Program Files\TightVNC\WinVNC.exe" -servicehelper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GoToAssist Express Customer"=3 (0x3)
"SBCSSvc"=3 (0x3)
"Nhksrv"=2 (0x2)
"NVSvc"=3 (0x3)
"IDriverT"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"AVG Anti-Spyware Guard"=2 (0x2)
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{268cdbbd-faeb-11da-a8ae-0007e970c5c8}]
AutoRun\command- O:\LAUNCHU3.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34413917-2caa-11db-a8c4-0011a3007702}]
AutoRun\command- G:\wd_windows_tools\setup.exe

*Newly Created Service* - GOTOASSIST_EXPRESS_CUSTOMER



-- End of Deckard's System Scanner: finished at 2008-05-18 21:37:35 ------------

extra.txt
Description:		Download
Filename:	extra.txt
Filesize:	32.06 KB
Downloaded:	166 Time(s)

You're Ready for cleaning.

At CastleCops we screen all HijackThis logs for errors, out-of-date versions, unupdated operating systems, omissions and P2P applications; getting you [READY] for cleaning by our 1st Responders and Security Experts. Now you wait for one of them to come help you.

_________________

Microsoft MVP Consumer Security 2006, 2007 & 2008

So do I hit READY and proceed from there, or wait for someone to contact me?

You wait for someone to come help you.

_________________

Microsoft MVP Consumer Security 2006, 2007 & 2008