win32/Rootkit.Agent.ODG trojan - ESET

Hello.
Sorry for the delay.

The Combofix log looks good, no malware that I can see.

I'm gonna put down your issue to all the un-needed stuff you have running in the background, hogging your processor.

Post a new Hijack This log please.

[edit]
Ah, Origin jumps back online.

Malwarebytes' Anti-Malware 1.36
Database version: 2099
Windows 5.1.2600 Service Pack 3

09/05/2009 1:23:36 PM
mbam-log-2009-05-09 (13-23-36).txt

Scan type: Quick Scan
Objects scanned: 80679
Time elapsed: 2 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8a674191-42f3-429d-ab8e-8bee15132409}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.148,85.255.112.108 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please post a new HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:31:30 PM, on 09/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Administrator\Desktop\hijackgpthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241839540734
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 7122 bytes

DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 13:39:37.01 on 09/05/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.519 [GMT -4:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=pavilion&pf=desktop
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\cooliris.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
EB: {8F4902B6-6C04-4ade-8052-AA58578A21BD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241839540734
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 93336]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [2004-8-10 3584]

=============== Created Last 30 ================

2009-05-09 13:18 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-09 13:18 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-09 13:18 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-09 11:12 --d-h--- c:\windows\PIF
2009-05-09 10:39 --d----- c:\documents and settings\administrator\Tracing
2009-05-09 10:16 --d----- c:\program files\Microsoft Office Outlook Connector
2009-05-09 10:16 --d----- c:\program files\Windows Live SkyDrive
2009-05-09 10:10 --d----- c:\program files\common files\Windows Live
2009-05-09 10:03 --d----- c:\program files\Microsoft
2009-05-08 23:15 --d----- c:\docume~1\admini~1\applic~1\Windows Search
2009-05-08 23:13 --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-05-07 20:19 --d----- c:\program files\MSECache
2009-05-06 22:20 161,792 a------- c:\windows\SWREG.exe
2009-05-06 22:20 98,816 a------- c:\windows\sed.exe
2009-05-05 23:19 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-05 22:52 --d----- c:\program files\DivX
2009-05-05 22:52 --d----- c:\program files\common files\DivX Shared
2009-05-05 21:29 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-04 23:57 --d----- c:\program files\Microsoft Visual Studio 8
2009-05-04 23:57 --d----- c:\windows\SHELLNEW
2009-05-04 23:01 --d----- c:\program files\iPod
2009-05-04 23:01 --d----- c:\program files\iTunes
2009-05-04 23:01 --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-04 23:00 --d----- c:\program files\Bonjour
2009-05-04 22:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-05-04 22:59 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-03 22:57 --d----- c:\docume~1\admini~1\applic~1\Windows Desktop Search
2009-05-03 22:57 --d----- c:\program files\Windows Desktop Search
2009-05-03 22:57 --d----- c:\windows\system32\GroupPolicy
2009-05-03 22:56 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-05-03 22:56 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-05-03 22:56 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
2009-05-03 13:12 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-05-03 12:50 --d----- c:\windows\system32\XPSViewer
2009-05-03 12:50 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-05-03 12:50 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-03 12:50 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-03 12:50 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-03 12:50 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-05-03 12:50 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-05-03 12:50 117,760 -------- c:\windows\system32\prntvpt.dll
2009-05-03 12:50 --d----- C:\fa4ac064455a00574fa4fa
2009-05-03 12:25 --d----- c:\docume~1\admini~1\applic~1\WinBatch
2009-05-03 12:04 --d----- c:\program files\LSI SoftModem
2009-05-03 12:01 5,632 a------- c:\windows\system32\ptpusb.dll
2009-05-03 12:01 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-05-03 12:01 159,232 a------- c:\windows\system32\ptpusd.dll
2009-05-03 12:01 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-05-03 11:54 --d----- c:\program files\PicLensIE
2009-05-03 11:49 --dsh--- c:\documents and settings\administrator\PrivacIE
2009-05-03 11:49 --dsh--- c:\documents and settings\administrator\IECompatCache
2009-05-03 11:40 --dsh--- c:\documents and settings\administrator\IETldCache
2009-05-03 11:36 --d----- c:\windows\ie8updates
2009-05-03 11:36 102,400 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-05-03 11:35 -cd-h--- c:\windows\ie8
2009-05-03 11:22 --d----- C:\temp
2009-05-03 11:19 --dsh--- c:\documents and settings\administrator\UserData
2009-05-03 00:52 516,096 -------- c:\windows\system32\ati2sgag.exe
2009-05-03 00:47 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-05-03 00:47 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-05-03 00:46 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll
2009-05-03 00:46 8,704 a------- c:\windows\system32\kbdjpn.dll
2009-05-03 00:46 6,144 ac------ c:\windows\system32\dllcache\kbd106.dll
2009-05-03 00:46 6,144 a------- c:\windows\system32\kbd106.dll
2009-05-03 00:28 --d----- c:\windows\system32\scripting
2009-05-03 00:28 --d----- c:\windows\l2schemas
2009-05-03 00:28 --d----- c:\windows\system32\en
2009-05-03 00:28 --d----- c:\windows\system32\bits
2009-05-03 00:23 --d----- c:\windows\ServicePackFiles
2009-05-03 00:20 --d----- c:\windows\network diagnostic
2009-05-03 00:04 14,854,144 a------- c:\windows\RTHDCPL.EXE
2009-05-03 00:04 266,240 a------- c:\windows\system32\RTSndMgr.CPL
2009-05-03 00:04 --d----- c:\windows\system32\RTCOM
2009-05-03 00:04 40,960 -------- c:\windows\system32\ChCfg.exe
2009-05-03 00:04 --d----- c:\program files\Realtek
2009-05-03 00:04 487,424 -------- c:\windows\RtlExUpd.dll
2009-05-02 23:38 --d----- c:\program files\ESET
2009-05-02 23:23 --d----- c:\program files\MSXML 4.0
2009-05-02 22:08 --d----- c:\windows\system32\NtmsData
2009-05-02 21:59 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-05-02 21:59 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-05-02 21:56 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-05-02 21:56 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-05-02 21:56 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-05-02 21:56 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-05-02 21:56 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-02 21:56 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-05-02 21:56 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-05-02 21:56 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-05-02 21:56 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-05-02 21:56 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-02 21:56 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-02 21:56 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-02 21:53 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-05-02 21:53 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-05-02 21:52 1,396 a------- c:\windows\system32\wpa.bak
2009-05-02 21:52 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-05-02 21:51 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-05-02 21:48 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-05-02 21:47 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-05-02 21:47 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-02 15:47 --d----- c:\windows\system32\PreInstall
2009-05-02 15:47 --d-h--- c:\windows\$hf_mig$
2009-05-02 15:32 --d----- c:\program files\common files\InterVideo
2009-05-02 15:27 200,704 a------- c:\windows\system32\ATIDEMGR.dll
2009-05-02 15:27 9,054 a------- c:\windows\system32\atifglpf.xml
2009-05-02 15:21 --d----- c:\windows\system32\SoftwareDistribution
2009-05-02 15:17 14,336 ac------ c:\windows\system32\dllcache\tsprof.exe
2009-05-02 15:16 14,848 ac------ c:\windows\system32\dllcache\flattemp.exe
2009-05-02 15:15 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-05-02 15:15 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-05-02 15:15 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-05-02 15:15 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-05-02 15:15 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-05-02 15:15 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-05-02 15:11 11,452 a------- c:\windows\system32\mypixdx.chm
2009-05-02 15:11 --d----- c:\program files\Windows Plus
2009-05-02 15:11 1,742,336 a------- c:\windows\system32\mypixdx.scr
2009-05-02 15:11 7,093,760 a------- c:\windows\system32\space.scr
2009-05-02 15:11 4,396,544 a------- c:\windows\system32\wpgldfsh.scr
2009-05-02 15:11 3,343,360 a------- c:\windows\system32\nature.scr
2009-05-02 15:11 5,068,800 a------- c:\windows\system32\davinci.scr
2009-05-02 15:11 85,504 a------- c:\windows\system32\mhn.dll
2009-05-02 15:11 11,008 a------- c:\windows\system32\drivers\mhndrv.sys
2009-05-02 15:11 8,704 a------- c:\windows\system32\igdetect.dll
2009-05-02 15:11 9,728 ac------ c:\windows\system32\dllcache\wmm2eres.dll
2009-05-02 15:10 7,680 ac------ c:\windows\system32\dllcache\inetmgr.exe
2009-05-02 15:07 28,672 a------- c:\windows\system32\vidcap.ax
2009-05-02 15:02 13,753 a----r-- c:\windows\SET92.tmp
2009-05-02 15:02 1,086,058 a----r-- c:\windows\SET86.tmp
2009-05-02 15:02 106,147 a----r-- c:\windows\SET85.tmp
2009-05-02 14:50 53,760 a------- c:\windows\system32\vfwwdm32.dll
2009-05-02 14:46 297,344 a------- c:\windows\system32\drivers\cx88enc.sys
2009-05-02 14:46 160,128 a------- c:\windows\system32\drivers\cx88vid.sys
2009-05-02 14:46 57,344 a------- c:\windows\system32\cxtvrate.dll
2009-05-02 14:46 49,152 a------- c:\windows\system32\prxypage.ax
2009-05-02 14:46 40,270 a------- c:\windows\system32\cpnotify.ax
2009-05-02 14:46 30,976 a------- c:\windows\system32\drivers\cx88tune.sys
2009-05-02 14:46 9,344 a------- c:\windows\system32\drivers\cxavxbar.sys
2009-05-02 14:26 221,184 a------- c:\windows\system32\wmpns.dll
2009-05-02 13:03 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-02 12:57 --d----- c:\windows\pss
2009-05-02 12:47 0 a------- c:\windows\frontpg.ini
2009-05-02 12:44 --d----- c:\windows\IIS Temporary Compressed Files
2009-05-02 12:27 --d----- c:\windows\system32\appmgmt
2009-05-02 10:55 --d----- c:\windows\Provisioning
2009-05-02 10:55 --d----- c:\windows\PeerNet
2009-05-02 10:55 --d----- c:\windows\java
2009-05-02 05:22 182 a------- c:\windows\system\hpsysdrv.DAT
2009-05-02 05:20 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2009-05-02 05:20 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-05-02 05:19 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-05-02 05:11 9,710,592 a------- c:\windows\RTLCPL.EXE
2009-05-02 05:11 3,966,976 a------- c:\windows\system32\drivers\RtkHDAud.sys
2009-05-02 05:11 2,807,808 a------- c:\windows\ALCWZRD.EXE
2009-05-02 05:11 299,008 a------- c:\windows\system32\ALSNDMGR.CPL
2009-05-02 05:11 86,016 a------- c:\windows\SOUNDMAN.EXE
2009-05-02 05:11 69,632 a------- c:\windows\ALCMTR.EXE
2009-05-02 05:10 --d----- c:\windows\I386
2009-05-02 05:02 --d--r-- c:\documents and settings\all users\Documents
2009-05-02 05:01 --d--r-- c:\windows\Offline Web Pages
2009-05-02 05:01 -cdshr-- c:\windows\system32\dllcache
2009-05-02 04:32 59,904 ac------ c:\windows\system32\dllcache\wbemdisp.tlb
2009-05-02 04:31 364,544 ac------ c:\windows\system32\dllcache\npdsplay.dll
2009-05-02 04:30 12,876 a------- c:\windows\system32\korean.uce
2009-05-02 04:29 176,157 ac------ c:\windows\system32\dllcache\dgrpsetu.dll
2009-05-02 04:25 227,840 ac------ c:\windows\system32\dllcache\avtapi.dll
2009-05-02 04:25 73,216 ac------ c:\windows\system32\dllcache\avwav.dll
2009-05-02 04:25 16,384 ac------ c:\windows\system32\dllcache\avmeter.dll
2009-05-02 04:25 227,840 a------- c:\windows\system32\avtapi.dll
2009-05-02 04:25 73,216 a------- c:\windows\system32\avwav.dll
2009-05-02 04:25 69,584 a------- c:\windows\system\AVICAP.DLL
2009-05-02 04:25 16,384 a------- c:\windows\system32\avmeter.dll
2009-05-02 04:25 11,264 ac------ c:\windows\system32\dllcache\atrace.dll
2009-05-02 04:25 11,264 a------- c:\windows\system32\atrace.dll
2009-05-02 04:25 64,512 ac------ c:\windows\system32\dllcache\acctres.dll
2009-05-02 04:25 68,608 a------- c:\windows\system32\access.cpl
2009-05-02 04:25 64,512 a------- c:\windows\system32\acctres.dll
2009-05-02 02:35 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-05-02 02:35 125,690 a------- c:\windows\system32\LoopyMusic.wav
2009-05-02 02:35 60,416 a------- c:\windows\ALCFDRTM.VER
2009-05-02 02:33 --dshr-- C:\cmdcons
2009-05-02 02:33 --d----- c:\windows\setup.pss
2009-05-02 02:29 --d----- c:\windows\system32\Lang
2009-05-02 02:29 4,036 a--shr-- c:\windows\system32\drivers\HP_PC098A-ABA M1070N_YW_Pavi_QMXK433_E43NAhmEPT6_4_IPuffer_SASUSTeK Computer INC._V1.xx_B3.28_T060123_WXP1_L409_M1024_J500_7Intel_8Pentium 4_92.8_111063044_N10EC8139_P_Z11C1048C_K_A_U80862658_G10025B60_O_DBNQ7665.MRK
2009-05-02 02:28 21,060 a------- c:\windows\system32\drivers\iviaspi.sys
2009-05-02 02:28 10,368 a------- c:\windows\system32\drivers\pfc.sys
2009-05-02 02:27 204,800 a------- c:\windows\system32\IVIresizeW7.dll
2009-05-02 02:27 200,704 a------- c:\windows\system32\IVIresizeA6.dll
2009-05-02 02:27 192,512 a------- c:\windows\system32\IVIresizeP6.dll
2009-05-02 02:27 192,512 a------- c:\windows\system32\IVIresizeM6.dll
2009-05-02 02:27 188,416 a------- c:\windows\system32\IVIresizePX.dll
2009-05-02 02:27 20,480 a------- c:\windows\system32\IVIresize.dll
2009-05-02 02:27 --d----- c:\program files\common files\Sonic
2009-05-02 02:27 --d----- c:\program files\common files\SureThing Shared
2009-05-02 02:27 --d----- c:\program files\Sonic
2009-05-02 02:27 --d----- c:\program files\RecordNow!
2009-05-02 02:26 --d----- c:\program files\ATI Technologies

Cont from previous (2):
==================== Find3M ====================

2009-05-03 00:34 92,627 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-03 00:30 356,352 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabs4en\plugin\bin\jsharpde\client_motkt.dll
2009-05-02 15:12 27,580 a------- c:\windows\system32\emptyregdb.dat
2009-03-25 06:29 130,432 a------- c:\windows\system32\drivers\Rtnicxp.sys
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-13 13:28 357,101 a------- c:\windows\reset.exe
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 12:18 73,728 a------- c:\windows\system32\RtNicProp32.dll
2009-02-27 00:56 177,152 a------- c:\windows\system32\SETA00.tmp
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2004-01-15 18:51 0 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 13:39:55.17 ===============

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  SET92.tmp
  SET86.tmp
  SET85.tmp
  
  
  :processes
  sed.exe
  
  
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

========== FILES ==========
File/Folder SET92.tmp not found.
File/Folder SET86.tmp not found.
File/Folder SET85.tmp not found.
========== PROCESSES ==========
Unable to kill process: sed.exe

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05092009_232303

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\windows\SET92.tmp
  c:\windows\SET85.tmp
  c:\windows\SET86.tmp
  
  
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.




1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
c:\windows\sed.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

3. Please copy/paste the content of c:\avenger.txt into your reply.

========== FILES ==========
c:\windows\SET92.tmp moved successfully.
c:\windows\SET85.tmp moved successfully.
c:\windows\SET86.tmp moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05092009_235313

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\sed.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

How are things on your end? Is the computer running smoother?

oh yea .. it is getting better every time..
(as in no shut down problems now or starting problems; no problem with search engines or going to the windows update website and installing updates, so freezing or anything like it.. thx very much) but is it all done? and "Belahzur" replied once stating:
"I'm gonna put down your issue to all the un-needed stuff you have running in the background, hogging your processor."
are these processes still hogging my processor? could you please help me with what programs should be deleted from my system esp startup processes.. Thx a lot, Origin, for the same.