Slow Computer, high UPC Usage

Well I've been noticing everytime I start to play my music on, I can hear the music become slower and then it would go back to normal, then slow again. I checked the windows task manager to see whats causing the slowness and nothing seems to be the problem. Yet I see the performance cpu usage jumping constantly with out any programs running. I followed the intructions before this entire process and nothing seemed to help. I thought It was the browser and switched to Orca and it still had the same impact. My computer is old and outdated but it was working perfectly before, I dont play any games on my computer, I just listen to music, use guitarpro, internet, and thats pretty much it. So hopefully This works out and thank you for your time.


DDS (Ver_09-09-29.01) - NTFSx86
Run by Pharmaecopia at 14:44:36.18 on Fri 10/02/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.76 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pharmaecopia\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [nForce Tray Options] sstray.exe /r
mRun: [CHotkey] zHotkey.exe
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: aol.com\free
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242609220281
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131-win.cab
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pharma~1\applic~1\mozilla\firefox\profiles\fsbcax48.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-02 14:42 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-10-02 14:42 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-10-02 14:42 5,632 ac------ c:\windows\system32\dllcache\write.exe
2009-10-02 14:42 215,552 ac------ c:\windows\system32\dllcache\OLD6A3.tmp
2009-10-02 14:41 8,832 ac------ c:\windows\system32\dllcache\wmiacpi.sys
2009-10-02 14:41 154,624 ac------ c:\windows\system32\dllcache\wlluc48.sys
2009-10-02 14:41 34,890 ac------ c:\windows\system32\dllcache\wlandrv2.sys
2009-10-02 14:41 119,808 ac------ c:\windows\system32\dllcache\winmine.exe
2009-10-02 14:39 20,608 ac------ c:\windows\system32\dllcache\usbuhci.sys
2009-10-02 14:38 149,376 ac------ c:\windows\system32\dllcache\tffsport.sys
2009-10-02 14:37 9,600 ac------ c:\windows\system32\dllcache\sonymc.sys
2009-10-02 14:36 161,568 ac------ c:\windows\system32\dllcache\sgsmusb.sys
2009-10-02 14:35 19,584 ac------ c:\windows\system32\dllcache\rasirda.sys
2009-10-02 14:34 5,504 ac------ c:\windows\system32\dllcache\perc2hib.sys
2009-10-02 14:33 2,023,936 ac------ c:\windows\system32\dllcache\OLD471.tmp
2009-10-02 14:33 51,552 ac------ c:\windows\system32\dllcache\ntgrip.sys
2009-10-02 14:33 38,912 ac------ c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-10-02 14:33 9,344 ac------ c:\windows\system32\dllcache\ntapm.sys
2009-10-02 14:33 7,552 ac------ c:\windows\system32\dllcache\nsmmc.sys
2009-10-02 14:33 28,672 ac------ c:\windows\system32\dllcache\nscirda.sys
2009-10-02 14:33 126,080 ac------ c:\windows\system32\dllcache\nm5a2wdm.sys
2009-10-02 14:33 87,040 ac------ c:\windows\system32\dllcache\nm6wdm.sys
2009-10-02 14:33 32,840 ac------ c:\windows\system32\dllcache\ngrpci.sys
2009-10-02 14:33 132,695 ac------ c:\windows\system32\dllcache\netwlan5.sys
2009-10-02 14:31 2,944 ac------ c:\windows\system32\dllcache\msmpu401.sys
2009-10-02 14:31 22,016 ac------ c:\windows\system32\dllcache\msircomm.sys
2009-10-02 14:31 1,875,968 ac------ c:\windows\system32\dllcache\msir3jp.lex
2009-10-02 14:31 98,304 ac------ c:\windows\system32\dllcache\msir3jp.dll
2009-10-02 14:31 126,976 ac------ c:\windows\system32\dllcache\mshearts.exe
2009-10-02 14:31 35,200 ac------ c:\windows\system32\dllcache\msgame.sys
2009-10-02 14:31 6,016 ac------ c:\windows\system32\dllcache\msfsio.sys
2009-10-02 14:29 34,688 ac------ c:\windows\system32\dllcache\lbrtfdc.sys
2009-10-02 14:28 16,000 ac------ c:\windows\system32\dllcache\ini910u.sys
2009-10-02 14:27 10,129,408 ac------ c:\windows\system32\dllcache\hwxkor.dll
2009-10-02 14:26 907,456 ac------ c:\windows\system32\dllcache\hcf_msft.sys
2009-10-02 14:25 137,088 ac------ c:\windows\system32\dllcache\essm2e.sys
2009-10-02 14:24 28,062 ac------ c:\windows\system32\dllcache\dp83820.sys
2009-10-02 14:23 117,760 ac------ c:\windows\system32\dllcache\d100ib5.sys
2009-10-02 14:22 21,530 ac------ c:\windows\system32\dllcache\ce2n5.sys
2009-10-02 14:21 11,008 ac------ c:\windows\system32\dllcache\brusbmdm.sys
2009-10-02 14:20 77,568 ac------ c:\windows\system32\dllcache\ati.sys
2009-10-02 14:18 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-10-02 14:18 2,145,280 ac------ c:\windows\system32\dllcache\OLD28.tmp
2009-10-02 12:06 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-10-02 12:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-02 11:24 <DIR> --d----- c:\program files\Uniblue
2009-10-01 14:43 <DIR> --dsh--- C:\found.000
2009-09-29 03:46 <DIR> --d----- c:\windows\pss
2009-09-21 00:39 <DIR> --d----- c:\program files\common files\Common Share
2009-09-21 00:39 <DIR> --d----- c:\program files\OJOsoft
2009-09-20 23:55 <DIR> --d----- c:\docume~1\pharma~1\applic~1\Xilisoft Corporation
2009-09-20 23:54 <DIR> --d----- c:\program files\Xilisoft

==================== Find3M ====================

2009-10-02 09:38 5,632 a--sh--- c:\program files\Thumbs.db
2009-09-01 19:26 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-09-01 19:26 499,712 a------- c:\windows\system32\msvcp71.dll
2009-09-01 19:26 348,160 a------- c:\windows\system32\msvcr71.dll
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-05-27 00:06 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051820090525\index.dat
2009-05-27 00:06 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009052720090528\index.dat

============= FINISH: 14:45:39.25 ===============

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explaination about the tool. No input is needed, the scan is running.
• Notepad will open with the results.
• Follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Hey and no problem for the wait. The problem grew into my computer not wanting to reboot. It wouldnt let me go into safe mode or anything. It would just reach to where the windows logo was loading and then it would reboot. So I decided to restore my computer. So i did and everything is working, intill yesterday a blue screen poped up and shutdown my computer. i didnt know what I said cause someone esle told it me it happened twice last night. Thats what happened last time, I have yet to install the service pack 3 yet, so that might be the cause. Once I get that blue screen again, ill comeback and find out what I can do to fix this. As of now, computer is a o k. Thanks

Since this issue appears to be resolved ... this Topic has been closed.

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.

Reopened by user request.

Thanks for reopening my topic. Seems like my computer is having the same UPU usage keeps jumping up and down for no reason. Causing my computer to slow down when Im playing music for surfing the net. Here are my files and thank you again for your time.

DDS (Ver_09-10-26.01) - NTFSx86
Run by Stinkfist at 14:45:29.76 on Mon 11/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.148 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Stinkfist\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=14986&l=dis
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [nForce Tray Options] sstray.exe /r
mRun: [CHotkey] zHotkey.exe
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: aol.com\free
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255407866378
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255407853300
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131-win.cab
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\stinkf~1\applic~1\mozilla\firefox\profiles\bypqf74w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-11-09 01:23:52 0 d-----w- c:\program files\a-squared Free
2009-11-07 01:12:46 0 d-----w- c:\docume~1\stinkf~1\applic~1\AVS4YOU
2009-11-07 01:12:45 0 d-----w- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-11-07 01:07:43 0 d-----w- c:\program files\common files\AVSMedia
2009-11-07 01:07:24 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-11-07 01:07:23 0 d-----w- c:\program files\AVS4YOU
2009-11-05 19:16:06 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-11-03 09:53:48 54156 ---ha-w- c:\windows\QTFont.qfn
2009-11-03 09:53:48 1409 ----a-w- c:\windows\QTFont.for
2009-10-27 06:46:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Native Instruments
2009-10-27 06:45:07 0 d-----w- c:\program files\common files\Native Instruments
2009-10-26 21:41:49 0 d-sh--w- c:\documents and settings\stinkfist\PrivacIE
2009-10-23 09:28:10 819200 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-23 09:28:10 77824 ----a-w- c:\windows\system32\xvid.ax
2009-10-23 09:28:10 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-23 09:28:10 0 d-----w- c:\program files\Xvid
2009-10-22 02:00:51 0 d-sh--w- c:\documents and settings\stinkfist\IETldCache
2009-10-22 00:08:28 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-22 00:08:27 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-22 00:08:27 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-22 00:08:27 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-22 00:08:27 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-22 00:08:26 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-17 22:21:16 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-10-17 22:21:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-17 22:21:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-17 22:21:14 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-10-15 20:36:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-10-15 20:36:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-15 20:21:50 605 ----a-w- c:\documents and settings\stinkfist\plugin131_02.trace
2009-10-15 20:21:48 0 d-----w- c:\documents and settings\stinkfist\.java
2009-10-15 02:39:58 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2009-10-14 08:26:35 0 d-----w- c:\program files\Guitar Pro 5
2009-10-14 06:59:31 0 d-----w- c:\docume~1\stinkf~1\applic~1\BitTorrent
2009-10-13 23:59:22 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-10-13 10:12:52 0 d-----w- c:\program files\Ask.com
2009-10-13 10:12:42 0 d-----w- c:\program files\BitTorrent
2009-10-13 09:55:35 0 d-----w- c:\program files\common files\Adobe Systems Shared
2009-10-13 07:15:04 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-13 07:11:01 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-13 07:10:56 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-13 07:10:50 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-13 07:10:45 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-10-13 07:10:40 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-13 07:10:27 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-13 07:09:36 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2009-10-13 07:09:32 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-13 07:09:27 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-10-13 07:08:21 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-13 07:08:20 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-13 07:08:20 1203922 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2009-10-13 06:59:00 0 d-----w- c:\windows\system32\scripting
2009-10-13 06:58:58 0 d-----w- c:\windows\system32\en
2009-10-13 06:58:58 0 d-----w- c:\windows\l2schemas
2009-10-13 06:54:28 0 d-----w- c:\windows\network diagnostic
2009-10-13 06:44:21 276992 ------w- c:\windows\system32\wmphoto.dll
2009-10-13 06:44:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-10-13 06:44:10 712704 ------w- c:\windows\system32\windowscodecs.dll
2009-10-13 06:44:10 346112 ------w- c:\windows\system32\windowscodecsext.dll
2009-10-13 06:44:02 53248 ------w- c:\windows\system32\tsgqec.dll
2009-10-13 06:44:02 50688 ------w- c:\windows\system32\tspkg.dll
2009-10-13 06:42:59 33792 ------w- c:\windows\system32\mmcperf.exe
2009-10-13 06:41:53 136192 ------w- c:\windows\system32\aaclient.dll
2009-10-13 05:59:21 0 d-----w- c:\program files\Windows Media Connect 2
2009-10-13 05:57:57 0 d-----w- c:\windows\system32\LogFiles
2009-10-13 05:52:57 0 d-----w- c:\windows\ie8updates
2009-10-13 05:50:40 0 dc-h--w- c:\windows\ie8
2009-10-13 05:49:28 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-13 05:47:13 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000001-00000000-00000007-00001102-00000002-80661102}.dat
2009-10-13 05:47:13 288 ----a-w- c:\windows\system32\DVCState-{00000001-00000000-00000007-00001102-00000002-80661102}.dat
2009-10-13 05:47:13 17456 ----a-w- c:\windows\system32\BMXStateBkp-{00000001-00000000-00000007-00001102-00000002-80661102}.rfx
2009-10-13 05:47:13 17456 ----a-w- c:\windows\system32\BMXState-{00000001-00000000-00000007-00001102-00000002-80661102}.rfx
2009-10-13 05:47:13 1080 ----a-w- c:\windows\system32\settingsbkup.sfm
2009-10-13 05:47:13 1080 ----a-w- c:\windows\system32\settings.sfm
2009-10-13 05:46:51 3376451 ----a-w- c:\windows\{00000001-00000000-00000007-00001102-00000002-80661102}.BAK
2009-10-13 05:27:52 3376451 ----a-w- c:\windows\{00000001-00000000-00000007-00001102-00000002-80661102}.CDF
2009-10-13 05:26:29 0 d-----w- c:\windows\system32\wbem\AutoRecover
2009-10-13 05:24:59 29004 ----a-w- c:\windows\system32\BMXCtrlState-{00000001-00000000-00000007-00001102-00000002-80661102}.rfx
2009-10-13 05:24:59 29004 ----a-w- c:\windows\system32\BMXBkpCtrlState-{00000001-00000000-00000007-00001102-00000002-80661102}.rfx
2009-10-13 05:20:14 0 d-----w- c:\windows\peernet
2009-10-13 05:20:13 0 d-----w- c:\windows\provisioning
2009-10-13 05:17:20 0 d-----w- c:\windows\ServicePackFiles
2009-10-13 05:15:33 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-10-13 05:15:32 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-10-13 05:15:32 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-10-13 05:15:31 3712 ----a-w- c:\windows\system32\drivers\ctljystk.sys
2009-10-13 05:14:53 0 ----a-w- c:\windows\MEMORY.DMP
2009-10-13 05:11:37 0 d-----w- c:\windows\EHome
2009-10-13 05:05:32 11264 ------w- c:\windows\system32\spnpinst.exe
2009-10-13 05:05:31 7208 ------w- c:\windows\system32\secupd.sig
2009-10-13 05:05:31 67866 ------w- c:\windows\system32\drivers\netwlan5.img
2009-10-13 05:05:31 4569 ------w- c:\windows\system32\secupd.dat
2009-10-13 04:48:56 647872 ------w- c:\windows\system32\Mscomct2.ocx
2009-10-13 04:48:56 41984 ------w- c:\windows\Ctregrun.exe
2009-10-13 04:47:26 90112 ------w- c:\windows\Updreg.EXE
2009-10-13 04:47:19 84992 ------w- c:\windows\system32\SFCVRT32.DLL
2009-10-13 04:47:19 53552 ------w- c:\windows\CTCCW.DLL
2009-10-13 04:47:19 24976 ------w- c:\windows\CTRES.DLL
2009-10-13 04:47:19 231 ------w- c:\windows\AC3API.INI
2009-10-13 04:47:18 82432 ------w- c:\windows\system32\CTWFLT32.DLL
2009-10-13 04:47:18 26768 ------w- c:\windows\system32\CTL3D.DLL
2009-10-13 04:47:17 1048576 ------w- c:\windows\system32\SFMAN.DAT
2009-10-13 04:47:11 0 d-----w- c:\windows\system32\Defaults
2009-10-13 04:45:58 49152 ----a-w- c:\windows\CTDCRES.DLL
2009-10-13 04:43:06 0 d-----w- C:\Media
2009-10-13 04:41:59 73728 ----a-w- c:\windows\system32\CTDrmRes.dll
2009-10-13 04:40:28 15840 ------w- c:\windows\system32\drivers\PFMODNT.SYS
2009-10-13 04:37:43 44032 ----a-w- c:\windows\system32\CTSVCCDA.EXE
2009-10-13 04:37:43 25088 ----a-w- c:\windows\system32\CTSVCCTL.EXE
2009-10-13 04:33:38 0 d-----w- c:\program files\Creative
2009-10-13 04:27:05 0 d-----w- c:\windows\system32\PreInstall
2009-10-13 04:27:04 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-13 04:27:02 0 d--h--w- c:\windows\$hf_mig$
2009-10-13 04:26:26 0 d-----w- c:\windows\system32\bits
2009-10-13 04:26:09 8192 ------w- c:\windows\system32\bitsprx2.dll
2009-10-13 04:26:09 7168 ------w- c:\windows\system32\bitsprx3.dll
2009-10-13 04:26:09 438784 ----a-w- c:\windows\system32\xpob2res.dll
2009-10-13 04:26:09 354304 ----a-w- c:\windows\system32\winhttp.dll
2009-10-13 04:26:09 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2009-10-13 04:25:26 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-13 04:25:26 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-10-13 04:23:24 0 d-sh--w- c:\documents and settings\stinkfist\UserData
2009-10-13 04:19:59 2 ----a-w- c:\windows\msoffice.ini
2009-10-13 04:19:03 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-10-13 04:19:01 0 d-----w- C:\WUTemp
2009-10-13 04:18:42 0 d-----w- c:\docume~1\stinkf~1\applic~1\Symantec
2009-10-13 04:17:27 0 d-----w- c:\program files\Program Shortcuts

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 21:00:38 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-08-23 21:00:38 426496 ------w- c:\windows\system32\imapi2.dll

============= FINISH: 14:46:01.00 ===============

Hello, ABumInABox and again
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:

• Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
• If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
• Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
• Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
• Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
• Please set your system to show all files.
  Click Start, open My Computer, select the Tools menu and click Folder Options.
  Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
  Uncheck: Hide file extensions for known file types
  Uncheck the Hide protected operating system files (recommended) option.
  Click Yes to confirm.

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Bittorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."








Step 1

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<info.txt (<

Step 2

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
• Now click the Scan button. If you see a rootkit warning window, click OK.
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
• Click the Copy button and paste the results into your next reply.
• Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.









Please post back with:

• Gmer-Logfile
• Both RSIT-Logfiles

Thanks Tom for your help, much appreciated. Here is my gmer.log file. I wasnt sure what you meant by Minimize and Maximize, so I post both logs and attached them.

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-10 14:14:15
Windows 5.1.2600 Service Pack 3
Running: s7ephxsh.exe; Driver: C:\DOCUME~1\STINKF~1\LOCALS~1\Temp\awloikow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\a-squared Free\a2service.exe[396] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0045495D C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)

---- EOF - GMER 1.0.15 ----




Logfile of random's system information tool 1.06 (written by random/random)
Run by Stinkfist at 2009-11-10 13:12:04
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 115 GB (75%) free of 153 GB
Total RAM: 447 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:20 PM, on 11/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Stinkfist\Desktop\RSIT.exe
C:\Program Files\trend micro\Stinkfist.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14986&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Sunkist2k] c:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1255407866378
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1255407853300
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 5790 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-10-06 5058560]
"nwiz"=nwiz.exe /install []
"nForce Tray Options"=sstray.exe /r []
"CHotkey"=C:\WINDOWS\zHotkey.exe [2003-06-03 496640]
"Sunkist2k"=c:\Program Files\Multimedia Card Reader\shwicon2k.exe [2003-11-19 139264]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2003-08-28 24576]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"Jet Detection"=C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=C:\WINDOWS\System32\NVMCTRAY.DLL [2003-10-06 49152]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"Microsoft Works Update Detection"=c:\Program Files\Microsoft Works\WkDetect.exe [2000-07-13 28739]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-11-10 13:12:08 ----D---- C:\Program Files\trend micro
2009-11-10 13:12:04 ----D---- C:\rsit
2009-11-09 14:48:30 ----A---- C:\RootRepeal report 11-09-09 (14-48-30).txt
2009-11-08 17:23:52 ----D---- C:\Program Files\a-squared Free
2009-11-06 17:12:46 ----D---- C:\Documents and Settings\Stinkfist\Application Data\AVS4YOU
2009-11-06 17:12:45 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2009-11-06 17:07:43 ----D---- C:\Program Files\Common Files\AVSMedia
2009-11-06 17:07:24 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-11-06 17:07:23 ----D---- C:\Program Files\AVS4YOU
2009-11-05 11:16:06 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-11-03 14:07:49 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-03 14:07:49 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-03 14:07:49 ----A---- C:\WINDOWS\system32\java.exe
2009-10-26 22:46:10 ----D---- C:\Documents and Settings\All Users\Application Data\Native Instruments
2009-10-26 22:45:07 ----D---- C:\Program Files\Common Files\Native Instruments
2009-10-26 22:35:39 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2009-10-26 22:35:12 ----D---- C:\Program Files\WinZip
2009-10-23 01:28:10 ----D---- C:\Program Files\Xvid
2009-10-23 01:28:10 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-10-23 01:28:10 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-10-19 19:08:43 ----D---- C:\WINDOWS\Minidump
2009-10-19 02:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-10-17 14:21:16 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-10-17 14:21:14 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-10-15 12:38:13 ----D---- C:\WINDOWS\Sun
2009-10-15 12:36:11 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-15 12:35:47 ----D---- C:\Program Files\Java
2009-10-15 12:35:16 ----D---- C:\Documents and Settings\Stinkfist\Application Data\Sun
2009-10-15 02:03:55 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$
2009-10-15 02:03:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-15 02:02:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-10-15 02:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-15 02:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-10-15 02:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-15 02:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-10-15 02:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-15 02:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-15 02:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-15 02:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-10-15 02:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-10-15 02:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-10-15 02:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-15 02:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-15 02:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-10-15 02:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-15 02:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-14 00:26:35 ----D---- C:\Program Files\Guitar Pro 5
2009-10-13 22:59:31 ----D---- C:\Documents and Settings\Stinkfist\Application Data\BitTorrent
2009-10-13 02:12:52 ----D---- C:\Program Files\Ask.com
2009-10-13 02:12:42 ----D---- C:\Program Files\BitTorrent
2009-10-13 02:08:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$
2009-10-13 02:07:53 ----D---- C:\Program Files\Google
2009-10-13 02:07:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-10-13 02:07:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-10-13 02:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-10-13 02:07:18 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-10-13 02:07:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-10-13 02:07:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-10-13 02:06:55 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-10-13 02:06:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-10-13 02:06:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-10-13 02:06:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-10-13 02:06:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-10-13 02:06:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-10-13 02:06:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-10-13 02:06:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-10-13 02:05:56 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-10-13 02:05:45 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-10-13 02:05:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-10-13 02:05:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-10-13 02:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-10-13 02:05:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-10-13 02:05:07 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-10-13 02:05:06 ----SHD---- C:\Config.Msi
2009-10-13 02:04:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-10-13 02:04:18 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-10-13 02:04:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-10-13 02:03:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-10-13 02:03:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-10-13 02:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-10-13 02:03:18 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-10-13 02:02:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-10-13 02:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-10-13 02:02:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-10-13 02:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-10-13 02:02:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-10-13 02:02:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-10-13 02:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-10-13 02:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-10-13 02:02:00 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-10-13 02:01:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-10-13 02:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-10-13 02:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-10-13 02:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-10-13 02:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-10-13 02:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-10-13 01:55:35 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2009-10-13 01:54:10 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-12 23:08:21 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-10-12 23:05:34 ----D---- C:\WINDOWS\Prefetch
2009-10-12 22:59:00 ----D---- C:\WINDOWS\system32\scripting
2009-10-12 22:58:58 ----D---- C:\WINDOWS\system32\en
2009-10-12 22:58:58 ----D---- C:\WINDOWS\l2schemas
2009-10-12 22:54:28 ----D---- C:\WINDOWS\network diagnostic
2009-10-12 22:44:21 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-10-12 22:44:12 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-10-12 22:44:10 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-10-12 22:44:10 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-10-12 22:44:03 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-10-12 22:44:02 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-10-12 22:44:02 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-10-12 22:43:51 ----N---- C:\WINDOWS\system32\setupn.exe
2009-10-12 22:43:47 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-10-12 22:43:46 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-10-12 22:43:45 ----N---- C:\WINDOWS\system32\qutil.dll
2009-10-12 22:43:44 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-10-12 22:43:44 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-10-12 22:43:44 ----N---- C:\WINDOWS\system32\qagent.dll
2009-10-12 22:43:43 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-10-12 22:43:40 ----N---- C:\WINDOWS\system32\onex.dll
2009-10-12 22:43:31 ----N---- C:\WINDOWS\system32\napstat.exe
2009-10-12 22:43:31 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-10-12 22:43:31 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-10-12 22:43:30 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-10-12 22:43:30 ----N---- C:\WINDOWS\system32\msxml6.dll
2009-10-12 22:43:27 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-10-12 22:43:27 ----N---- C:\WINDOWS\system32\mssha.dll
2009-10-12 22:42:59 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-10-12 22:42:59 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-10-12 22:42:58 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-10-12 22:42:58 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-10-12 22:42:43 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-10-12 22:42:43 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-10-12 22:42:42 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-10-12 22:42:42 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-10-12 22:42:42 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-10-12 22:42:42 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-10-12 22:42:25 ----A---- C:\WINDOWS\005073_.tmp
2009-10-12 22:42:24 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-10-12 22:42:24 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-10-12 22:42:24 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-10-12 22:42:24 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-10-12 22:42:23 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-10-12 22:42:23 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-10-12 22:42:23 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-10-12 22:42:23 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-10-12 22:42:20 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-10-12 22:42:20 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-10-12 22:42:20 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-10-12 22:42:20 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-10-12 22:42:20 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-10-12 22:42:19 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-10-12 22:42:19 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-10-12 22:42:17 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-10-12 22:42:17 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-10-12 22:42:16 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-10-12 22:42:12 ----N---- C:\WINDOWS\system32\credssp.dll
2009-10-12 22:42:05 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-10-12 22:42:05 ----N---- C:\WINDOWS\system32\azroles.dll
2009-10-12 22:41:53 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-10-12 22:00:06 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-10-12 21:59:42 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-10-12 21:59:38 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-10-12 21:59:21 ----D---- C:\Program Files\Windows Media Connect 2
2009-10-12 21:59:10 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-10-12 21:58:24 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-10-12 21:57:57 ----D---- C:\WINDOWS\system32\LogFiles
2009-10-12 21:57:48 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-10-12 21:52:57 ----D---- C:\WINDOWS\ie8updates
2009-10-12 21:52:11 ----D---- C:\WINDOWS\WBEM
2009-10-12 21:50:40 ----HDC---- C:\WINDOWS\ie8
2009-10-12 21:50:40 ----D---- C:\WINDOWS\system32\en-US
2009-10-12 21:46:51 ----N---- C:\WINDOWS\{00000001-00000000-00000007-00001102-00000002-80661102}.BAK
2009-10-12 21:46:14 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2009-10-12 21:46:08 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2009-10-12 21:46:01 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2009-10-12 21:45:55 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2009-10-12 21:45:49 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2009-10-12 21:45:42 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2009-10-12 21:45:36 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$
2009-10-12 21:45:29 ----HDC---- C:\WINDOWS\$NtUninstallKB917734_WMP9$
2009-10-12 21:45:09 ----D---- C:\Documents and Settings\Stinkfist\Application Data\Macromedia
2009-10-12 21:44:59 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2009-10-12 21:44:52 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2009-10-12 21:44:45 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2009-10-12 21:44:40 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2009-10-12 21:44:34 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2009-10-12 21:44:28 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2009-10-12 21:44:21 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2009-10-12 21:44:16 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2009-10-12 21:44:04 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2009-10-12 21:43:39 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2009-10-12 21:42:17 ----A---- C:\WINDOWS\system32\MRT.exe
2009-10-12 21:42:08 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2009-10-12 21:42:02 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2009-10-12 21:41:47 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2009-10-12 21:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2009-10-12 21:41:34 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2009-10-12 21:41:25 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2009-10-12 21:41:02 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2009-10-12 21:40:57 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2009-10-12 21:40:52 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2009-10-12 21:40:46 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2009-10-12 21:40:39 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2009-10-12 21:40:33 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2009-10-12 21:40:26 ----HDC---- C:\WINDOWS\$NtUninstallKB873333$
2009-10-12 21:40:21 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2009-10-12 21:40:16 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2009-10-12 21:40:10 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2009-10-12 21:40:04 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2009-10-12 21:39:58 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2009-10-12 21:39:53 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2009-10-12 21:39:46 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2009-10-12 21:39:39 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2009-10-12 21:39:32 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2009-10-12 21:39:24 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2009-10-12 21:39:18 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2009-10-12 21:39:05 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2009-10-12 21:38:58 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2009-10-12 21:38:49 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2009-10-12 21:38:39 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2009-10-12 21:38:29 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2009-10-12 21:38:18 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2009-10-12 21:37:22 ----D---- C:\Documents and Settings\Stinkfist\Application Data\Help
2009-10-12 21:27:47 ----D---- C:\Documents and Settings\Stinkfist\Application Data\Creative
2009-10-12 21:20:14 ----D---- C:\WINDOWS\peernet
2009-10-12 21:20:13 ----D---- C:\WINDOWS\provisioning
2009-10-12 21:17:20 ----D---- C:\WINDOWS\ServicePackFiles
2009-10-12 21:15:33 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-10-12 21:11:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-10-12 21:11:37 ----D---- C:\WINDOWS\EHome
2009-10-12 21:05:32 ----N---- C:\WINDOWS\system32\spnpinst.exe
2009-10-12 20:56:38 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-10-12 20:49:28 ----D---- C:\Documents and Settings\Stinkfist\Application Data\Mozilla
2009-10-12 20:48:56 ----N---- C:\WINDOWS\Ctregrun.exe
2009-10-12 20:47:26 ----N---- C:\WINDOWS\Updreg.EXE
2009-10-12 20:47:19 ----N---- C:\WINDOWS\system32\SFCVRT32.DLL
2009-10-12 20:47:19 ----N---- C:\WINDOWS\CTRES.DLL
2009-10-12 20:47:19 ----N---- C:\WINDOWS\CTCCW.DLL
2009-10-12 20:47:19 ----N---- C:\WINDOWS\AC3API.INI
2009-10-12 20:47:18 ----N---- C:\WINDOWS\system32\CTWFLT32.DLL
2009-10-12 20:47:18 ----N---- C:\WINDOWS\system32\CTL3D.DLL
2009-10-12 20:47:11 ----D---- C:\WINDOWS\system32\Defaults
2009-10-12 20:46:11 ----D---- C:\WINDOWS\system32\Data
2009-10-12 20:46:11 ----A---- C:\WINDOWS\system32\Emu10kx.ini
2009-10-12 20:46:11 ----A---- C:\WINDOWS\system32\ctzapxx.ini
2009-10-12 20:46:11 ----A---- C:\WINDOWS\INRES.DLL
2009-10-12 20:46:00 ----A---- C:\WINDOWS\system32\a3d.dll
2009-10-12 20:45:58 ----A---- C:\WINDOWS\CTDCRES.DLL
2009-10-12 20:45:57 ----A---- C:\WINDOWS\system32\SFMS32.DLL
2009-10-12 20:45:57 ----A---- C:\WINDOWS\system32\sfman32.dll
2009-10-12 20:45:57 ----A---- C:\WINDOWS\system32\REGPLIB.EXE
2009-10-12 20:45:57 ----A---- C:\WINDOWS\READREG.EXE
2009-10-12 20:45:56 ----A---- C:\WINDOWS\system32\PIAPROXY.DLL
2009-10-12 20:45:56 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-10-12 20:45:56 ----A---- C:\WINDOWS\system32\KILLAPPS.EXE
2009-10-12 20:45:56 ----A---- C:\WINDOWS\system32\KILL.INI
2009-10-12 20:45:56 ----A---- C:\WINDOWS\PSCONV.EXE
2009-10-12 20:45:56 ----A---- C:\WINDOWS\MIDIDEF.EXE
2009-10-12 20:45:55 ----A---- C:\WINDOWS\system32\ENSDEF.INI
2009-10-12 20:45:55 ----A---- C:\WINDOWS\system32\ENSDEF.EXE
2009-10-12 20:45:55 ----A---- C:\WINDOWS\system32\EAXAC3.DLL
2009-10-12 20:45:55 ----A---- C:\WINDOWS\DEVREG.DLL
2009-10-12 20:45:54 ----A---- C:\WINDOWS\system32\CTSPKHLP.DLL
2009-10-12 20:45:54 ----A---- C:\WINDOWS\system32\CTSCAL.DLL
2009-10-12 20:45:54 ----A---- C:\WINDOWS\system32\CTSBLFX.DLL
2009-10-12 20:45:54 ----A---- C:\WINDOWS\system32\CTOSUSER.DLL
2009-10-12 20:45:54 ----A---- C:\WINDOWS\system32\CTMMEP.DLL
2009-10-12 20:45:54 ----A---- C:\WINDOWS\system32\CTHELPER.EXE
2009-10-12 20:45:54 ----A---- C:\WINDOWS\system32\CTEMUPIA.DLL
2009-10-12 20:45:51 ----A---- C:\WINDOWS\system32\CTDPROXY.DLL
2009-10-12 20:45:50 ----A---- C:\WINDOWS\system32\CTDCIFCE.DLL
2009-10-12 20:45:50 ----A---- C:\WINDOWS\system32\CTDC0001.DLL
2009-10-12 20:45:50 ----A---- C:\WINDOWS\system32\CTDC0000.DLL
2009-10-12 20:45:49 ----A---- C:\WINDOWS\system32\CTAUDFX.DLL
2009-10-12 20:45:49 ----A---- C:\WINDOWS\system32\CTASIO.DLL
2009-10-12 20:45:49 ----A---- C:\WINDOWS\system32\CTAGENT.DLL
2009-10-12 20:45:48 ----A---- C:\WINDOWS\system32\COMMONFX.DLL
2009-10-12 20:45:47 ----A---- C:\WINDOWS\system32\AC3API.DLL
2009-10-12 20:45:21 ----A---- C:\WINDOWS\SBWIN.INI
2009-10-12 20:43:06 ----D---- C:\Media
2009-10-12 20:42:17 ----D---- C:\Documents and Settings\All Users\Application Data\Creative
2009-10-12 20:41:59 ----A---- C:\WINDOWS\system32\CTMERes.DLL
2009-10-12 20:41:59 ----A---- C:\WINDOWS\system32\CTIntRes.dll
2009-10-12 20:41:59 ----A---- C:\WINDOWS\system32\CTDrmRes.dll
2009-10-12 20:41:57 ----A---- C:\WINDOWS\system32\CTMedEng.DLL
2009-10-12 20:41:56 ----A---- C:\WINDOWS\system32\CTDRMUI.dll
2009-10-12 20:41:51 ----A---- C:\WINDOWS\system32\CTDetres.dll
2009-10-12 20:41:20 ----A---- C:\WINDOWS\system32\AHQCpURes.dll
2009-10-12 20:37:43 ----A---- C:\WINDOWS\system32\CTSVCCTL.EXE
2009-10-12 20:37:43 ----A---- C:\WINDOWS\system32\CTSVCCDA.EXE
2009-10-12 20:34:40 ----A---- C:\WINDOWS\system32\wstdecod.dll
2009-10-12 20:34:40 ----A---- C:\WINDOWS\system32\psisdecd.dll
2009-10-12 20:34:40 ----A---- C:\WINDOWS\system32\msyuv.dll
2009-10-12 20:34:39 ----A---- C:\WINDOWS\system32\qdvd.dll
2009-10-12 20:34:39 ----A---- C:\WINDOWS\system32\qdv.dll
2009-10-12 20:34:39 ----A---- C:\WINDOWS\system32\msvidctl.dll
2009-10-12 20:34:38 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2009-10-12 20:34:38 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2009-10-12 20:34:38 ----A---- C:\WINDOWS\system32\dxdiag.exe
2009-10-12 20:34:38 ----A---- C:\WINDOWS\system32\dmusic.dll
2009-10-12 20:34:38 ----A---- C:\WINDOWS\system32\dmime.dll
2009-10-12 20:34:38 ----A---- C:\WINDOWS\system32\d3d9.dll
2009-10-12 20:34:38 ----A---- C:\WINDOWS\system32\d3d8.dll
2009-10-12 20:34:37 ----A---- C:\WINDOWS\system32\dsound.dll
2009-10-12 20:34:37 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2009-10-12 20:34:37 ----A---- C:\WINDOWS\system32\dplayx.dll
2009-10-12 20:34:37 ----A---- C:\WINDOWS\system32\ddraw.dll
2009-10-12 20:33:38 ----D---- C:\Program Files\Creative
2009-10-12 20:30:54 ----D---- C:\Program Files\Mozilla Firefox
2009-10-12 20:27:05 ----D---- C:\WINDOWS\system32\PreInstall
2009-10-12 20:27:04 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-10-12 20:27:02 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-10-12 20:27:02 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-12 20:26:44 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-10-12 20:26:26 ----D---- C:\WINDOWS\system32\bits
2009-10-12 20:26:21 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2009-10-12 20:26:09 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2009-10-12 20:26:09 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2009-10-12 20:26:09 ----A---- C:\WINDOWS\system32\xpob2res.dll
2009-10-12 20:26:09 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-10-12 20:26:09 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-10-12 20:25:26 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-10-12 20:25:26 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-10-12 20:24:44 ----A---- C:\WINDOWS\system32\wups2.dll
2009-10-12 20:24:44 ----A---- C:\WINDOWS\system32\wups.dll
2009-10-12 20:24:44 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-10-12 20:24:44 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-10-12 20:24:44 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-10-12 20:24:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-10-12 20:24:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-10-12 20:24:23 ----D---- C:\WINDOWS\SoftwareDistribution
2009-10-12 20:19:59 ----A---- C:\WINDOWS\msoffice.ini
2009-10-12 20:19:03 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-10-12 20:19:01 ----D---- C:\WUTemp
2009-10-12 20:18:59 ----A---- C:\WINDOWS\system32\iuengine.dll
2009-10-12 20:18:42 ----SD---- C:\Documents and Settings\Stinkfist\Application Data\Microsoft
2009-10-12 20:18:42 ----D---- C:\Documents and Settings\Stinkfist\Application Data\Symantec
2009-10-12 20:18:42 ----D---- C:\Documents and Settings\Stinkfist\Application Data\InterTrust
2009-10-12 20:18:42 ----D---- C:\Documents and Settings\Stinkfist\Application Data\Identities
2009-10-12 20:18:42 ----D---- C:\Documents and Settings\Stinkfist\Application Data\CyberLink
2009-10-12 20:18:42 ----D---- C:\Documents and Settings\Stinkfist\Application Data\Adobe
2009-10-12 20:18:42 ----ASH---- C:\Documents and Settings\Stinkfist\Application Data\desktop.ini
2009-10-12 20:17:27 ----D---- C:\Program Files\Program Shortcuts

======List of files/folders modified in the last 1 months======

2009-11-10 13:12:08 ----RD---- C:\Program Files
2009-11-10 10:24:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-10 10:24:36 ----D---- C:\WINDOWS\temp
2009-11-10 10:24:13 ----D---- C:\WINDOWS
2009-11-09 14:47:03 ----D---- C:\WINDOWS\system32\drivers
2009-11-09 04:13:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-08 03:01:30 ----SHD---- C:\WINDOWS\Installer
2009-11-08 03:01:18 ----D---- C:\WINDOWS\WinSxS
2009-11-06 17:07:43 ----D---- C:\Program Files\Common Files
2009-11-06 17:07:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-11-06 17:07:24 ----AD---- C:\WINDOWS\system32
2009-11-06 09:12:52 ----HD---- C:\WINDOWS\inf
2009-11-05 19:04:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-05 18:12:58 ----SD---- C:\WINDOWS\Tasks
2009-11-05 11:16:06 ----D---- C:\WINDOWS\Help
2009-11-02 13:16:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-26 22:53:14 ----D---- C:\Program Files\ICQ
2009-10-26 22:53:09 ----D---- C:\Program Files\Windows Media Player
2009-10-23 02:00:46 ----A---- C:\WINDOWS\imsins.BAK
2009-10-22 01:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-21 18:25:50 ----D---- C:\Program Files\Common Files\Adobe
2009-10-21 18:00:45 ----D---- C:\Program Files\Internet Explorer
2009-10-21 16:10:08 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-14 00:26:37 ----RSD---- C:\WINDOWS\Fonts
2009-10-13 14:30:00 ----A---- C:\WINDOWS\winamp.ini
2009-10-13 14:29:56 ----D---- C:\Program Files\Winamp
2009-10-13 14:26:01 ----D---- C:\WINDOWS\system32\wbem
2009-10-13 14:26:00 ----D---- C:\WINDOWS\AppPatch
2009-10-13 02:07:20 ----D---- C:\Program Files\Messenger
2009-10-13 02:05:43 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-10-13 02:03:47 ----D---- C:\Program Files\Outlook Express
2009-10-13 01:54:10 ----D---- C:\Program Files\Adobe
2009-10-12 23:12:49 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-10-12 23:06:11 ----A---- C:\WINDOWS\OEWABLog.txt
2009-10-12 23:05:38 ----A---- C:\WINDOWS\setuplog.txt
2009-10-12 23:05:05 ----D---- C:\WINDOWS\system32\Setup
2009-10-12 23:04:27 ----D---- C:\WINDOWS\security
2009-10-12 22:59:15 ----D---- C:\WINDOWS\ime
2009-10-12 22:59:01 ----D---- C:\WINDOWS\system32\usmt
2009-10-12 22:58:57 ----D---- C:\Program Files\Movie Maker
2009-10-12 22:56:23 ----D---- C:\WINDOWS\system32\Restore
2009-10-12 22:56:22 ----D---- C:\WINDOWS\system32\npp
2009-10-12 22:56:21 ----D---- C:\WINDOWS\msagent
2009-10-12 22:56:20 ----D---- C:\WINDOWS\srchasst
2009-10-12 22:56:19 ----D---- C:\Program Files\NetMeeting
2009-10-12 22:56:18 ----D---- C:\WINDOWS\system32\Com
2009-10-12 22:56:15 ----D---- C:\Program Files\Windows NT
2009-10-12 22:56:12 ----D---- C:\Program Files\Common Files\System
2009-10-12 22:55:58 ----D---- C:\WINDOWS\system32\oobe
2009-10-12 22:55:57 ----D---- C:\WINDOWS\system
2009-10-12 22:53:32 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-10-12 22:18:11 ----D---- C:\WINDOWS\Debug
2009-10-12 21:59:28 ----A---- C:\WINDOWS\win.ini
2009-10-12 21:52:13 ----D---- C:\WINDOWS\system32\config
2009-10-12 21:52:00 ----D---- C:\WINDOWS\Media
2009-10-12 21:28:46 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-12 21:25:40 ----SHD---- C:\System Volume Information
2009-10-12 21:21:30 ----RASH---- C:\boot.ini
2009-10-12 21:20:44 ----D---- C:\WINDOWS\system32\mui
2009-10-12 21:14:56 ----D---- C:\WINDOWS\repair
2009-10-12 21:14:36 ----RD---- C:\WINDOWS\Web
2009-10-12 21:14:13 ----RASH---- C:\NTDETECT.COM
2009-10-12 20:39:25 ----SHD---- C:\RECYCLER
2009-10-12 20:35:20 ----D---- C:\WINDOWS\system32\DirectX
2009-10-12 20:34:08 ----D---- C:\WINDOWS\RegisteredPackages
2009-10-12 20:32:50 ----D---- C:\Program Files\Common Files\InstallShield
2009-10-12 20:24:45 ----HD---- C:\Program Files\WindowsUpdate
2009-10-12 20:24:29 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-12 20:20:58 ----D---- C:\Program Files\BigFix
2009-10-12 20:20:07 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-10-12 20:20:06 ----D---- C:\Program Files\Common Files\AOL
2009-10-12 20:18:42 ----D---- C:\Documents and Settings
2009-10-12 20:16:58 ----D---- C:\WINDOWS\Registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-01-16 12970]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2003-10-14 186100]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-09-18 496800]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2003-08-28 6144]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2003-08-28 136448]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2003-08-28 145504]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2003-08-28 823456]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-13 1042816]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-13 210304]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 nvax;Service for NVIDIA® nForce™ Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-09-02 36864]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2003-08-15 72771]
R3 nvnforce;Service for NVIDIA® nForce™ Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-09-02 312704]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-08-28 113840]
R3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-13 679808]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys []
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2003-08-28 135696]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-10-01 1858144]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTSVCCDA.EXE [1999-12-13 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2003-10-06 81920]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-10-13 72704]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-23 136120]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.06 2009-11-10 13:12:30

======Uninstall list======

-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Audition 3.0-->msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
a-squared Free 4.5-->"C:\Program Files\a-squared Free\unins000.exe"
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManager\unins000.exe"
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
BitTorrent-->C:\Program Files\BitTorrent\uninst.exe
CompuServe-->C:\Program Files\Common Files\csshare\csunins_us.exe
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen Vision M-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}\SETUP.EXE" -l0x9 /remove
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
ICQ-->C:\PROGRA~1\ICQ\ICQUninstall.EXE
IOI Multimedia Card Reader-->c:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6262DC06-FC0A-4EF1-9876-AA92EDA3188C}
Java 2 Runtime Environment Standard Edition v1.3.1_02-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_02\Uninst.isu"
Java 2 Runtime Environment Standard Edition v1.3.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1\Uninst.isu"
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 6.0-->MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Multimedia Keyboard Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9
Netscape 6 (6.2.1)-->C:\WINDOWS\N6Uninst.exe /ua "6.2.1 (en)"
NVIDIA Display Driver-->C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Ethernet Driver-->C:\WINDOWS\System32\nvuenet.exe Uninstall C:\WINDOWS\System32\Nvenet.nvu,NVIDIA Ethernet Driver
NVIDIA nForce Drivers-->C:\WINDOWS\System32\NVUninst.exe Uninstall C:\WINDOWS\System32\NVU001.nvu,NVIDIA nForce Drivers
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F20&SUBSYS_200014F1
Sound Blaster Live!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\SETUP.EXE" -l0x9
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray-->"C:\WINDOWS\$NtUninstallKB952011$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip 14.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}
Xvid 1.2.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

======System event log======

Computer Name: PHARMAECOPIA
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 1188
Source Name: Tcpip
Time Written: 20091014000200.000000-420
Event Type: warning
User:

Computer Name: PHARMAECOPIA
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 1185
Source Name: Tcpip
Time Written: 20091013230201.000000-420
Event Type: warning
User:

Computer Name: PHARMAECOPIA
Event Code: 15200
Message: MTP USB Driver has cancelled the operation 0x1009

Record Number: 1042
Source Name: WPDMTPDriver
Time Written: 20091013010725.000000-420
Event Type: warning
User:

Computer Name: PHARMAECOPIA
Event Code: 15208
Message: MTP Protocol Driver has detected that the device 'Creative Technology Ltd, Creative Zen Vision:M, 1.40.02_0.00.16' cannot accept read-only properties when creating new objects ((27)).

Record Number: 1008
Source Name: WPDMTPDriver
Time Written: 20091013001248.000000-420
Event Type: warning
User:

Computer Name: PHARMAECOPIA
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.

Record Number: 924
Source Name: Cdrom
Time Written: 20091012230248.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: PHARMAECOPIA
Event Code: 1517
Message: Windows saved user PHARMAECOPIA\Stinkfist registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 65
Source Name: Userenv
Time Written: 20091013000413.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PHARMAECOPIA
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 64
Source Name: WinMgmt
Time Written: 20091012235942.000000-420
Event Type: warning
User: PHARMAECOPIA\Stinkfist

Computer Name: PHARMAECOPIA
Event Code: 1517
Message: Windows saved user PHARMAECOPIA\Stinkfist registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 55
Source Name: Userenv
Time Written: 20091012230355.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PHARMAECOPIA
Event Code: 1517
Message: Windows saved user PHARMAECOPIA\Stinkfist registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 45
Source Name: Userenv
Time Written: 20091012224702.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PHARMAECOPIA
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 24
Source Name: WinMgmt
Time Written: 20091012222102.000000-420
Event Type: warning
User: PHARMAECOPIA\Stinkfist

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Hi,



Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.








Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
• Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Didnt know about viewpoint. I always seen it in the add/remove but since it had the wmp logo, I always thought it was part of it. Thanks for that. Heres the log for the malware.

Malwarebytes' Anti-Malware 1.41
Database version: 3149
Windows 5.1.2600 Service Pack 3

11/11/2009 1:04:34 PM
mbam-log-2009-11-11 (13-04-33).txt

Scan type: Quick Scan
Objects scanned: 95410
Time elapsed: 10 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi,

How is your system running?



I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Hi, my computer is still acting slowly. High CPU usage for no reason, it will slow down my music like every 10 seconds or anything else like a video or something. Even typing this, the lag slowing down what I type. This scan I just did took absolutely forever(around 2 hrs) cause of the lag, staying around 90%percent. I get the blue screen every 2 to 3 hrs or so. It says Kernel.upsage.error or something like that, Ill update this post once it happens again. No infected folders came up so there wanst any I could push to save but heres the log in the folder.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=37310e27004fa94cba9bc15500f4e748
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-12 10:30:44
# local_time=2009-11-12 02:30:44 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 93681 93681 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=7187
# found=0
# cleaned=0
# scan_time=1029
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=37310e27004fa94cba9bc15500f4e748
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-12 11:26:56
# local_time=2009-11-12 03:26:56 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 94822 94822 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=7283
# found=0
# cleaned=0
# scan_time=3256
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=45314
esets_scanner_update returned -1 esets_gle=45314
esets_scanner_update returned -1 esets_gle=45314
esets_scanner_update returned -1 esets_gle=45314
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=37310e27004fa94cba9bc15500f4e748
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-13 02:19:19
# local_time=2009-11-12 06:19:19 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 99412 99412 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=48319
# found=0
# cleaned=0
# scan_time=9010

We Need to Diagnose Your BlueScreen

• When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
• Select "Disable Automatic Restart on System Failure", as shown here:
  
• When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
  

Step one, Check.

And here is the BSOD message:

Kernel_Date_Inpage_Error

0x0000007A



This is the BSOD I had when I first replied back in september.


Edit:

I got another BSOD this time it said

Kernel_Stack_Inpage_Error

0x00000077

Hi,

You have a problem with your harddrive/harddrive-controllers.

Please give me some info about your system (laptop/desktop pc, board, RAM, hdd.....)