1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive [InActive] Generic Host process for win32 error

Discussion in 'Malware and Virus Removal Archive' started by severus, 2009/01/15.

  1. 2009/01/15
    severus

    severus Inactive Thread Starter

    Joined:
    2009/01/15
    Messages:
    3
    Likes Received:
    0
    I am using windows xp home edition. Recently, the following message shows up at any random occasion: Generic Host process for win32 has encountered a problem and needs to close. Sorry for any inconvenience.

    Then, one or more of the following happens:

    1) The task manager does not show up when called.
    2) The theme changes to something like windows 98.
    3) The audio system stops functioning, it says audio device not properly installed.
    4) The computer hangs when I try to shut it down.

    The description of the error as seen in event viewer is:
    Faulting application svchost.exe, version 5.1.2600.5512, faulting module acgenral.dll, version 5.1.2600.5512, fault address 0x000116e2.

    The data(Bytes) is:
    0000: 41 70 70 6c 69 63 61 74 Applicat
    0008: 69 6f 6e 20 46 61 69 6c ion Fail
    0010: 75 72 65 20 20 73 76 63 ure svc
    0018: 68 6f 73 74 2e 65 78 65 host.exe
    0020: 20 35 2e 31 2e 32 36 30 5.1.260
    0028: 30 2e 35 35 31 32 20 69 0.5512 i
    0030: 6e 20 61 63 67 65 6e 72 n acgenr
    0038: 61 6c 2e 64 6c 6c 20 35 al.dll 5
    0040: 2e 31 2e 32 36 30 30 2e .1.2600.
    0048: 35 35 31 32 20 61 74 20 5512 at
    0050: 6f 66 66 73 65 74 20 30 offset 0
    0058: 30 30 31 31 36 65 32 00116e2

    The contents of log file are:

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by HP LAPTOP at 2009-01-16 02:14:14
    Microsoft Windows XP Home Edition Service Pack 3
    System drive C: has 2 GB (3%) free of 66 GB
    Total RAM: 502 MB (42% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:17:31 AM, on 1/16/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\PC Tools Internet Security\pctsTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\PC Tools Internet Security\pctsAuxs.exe
    C:\Program Files\PC Tools Internet Security\pctsSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\severus\dc dnld\RSIT.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\HP LAPTOP.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 202.141.80.19
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 202.141.80.19:3128
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.iitg.ernet.in;*.iitg.ac.in;202.141.80.*;202.141.81.*;<local>
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: XBTP04919 - {081F713B-6BF8-4125-AD20-989AA7727B0C} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Internet Security\pctsTray.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKLM\..\Policies\Explorer\Run: [System Sound] C:\DOCUME~1\HPLAPT~1\LOCALS~1\Temp\\sysfnx.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{00B29656-A1A0-425B-93DF-DCBAFDD3DADE}: NameServer = 134.2.200.1,134.2.200.2
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6ADD9CB3-3250-4688-9CC2-4396C03AC7F3}: Domain = iitg.ernet.in
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6ADD9CB3-3250-4688-9CC2-4396C03AC7F3}: NameServer = 202.141.81.2,202.141.81.9
    O17 - HKLM\System\CS1\Services\Tcpip\..\{00B29656-A1A0-425B-93DF-DCBAFDD3DADE}: NameServer = 134.2.200.1,134.2.200.2
    O17 - HKLM\System\CS2\Services\Tcpip\..\{00B29656-A1A0-425B-93DF-DCBAFDD3DADE}: NameServer = 134.2.200.1,134.2.200.2
    O17 - HKLM\System\CS3\Services\Tcpip\..\{00B29656-A1A0-425B-93DF-DCBAFDD3DADE}: NameServer = 134.2.200.1,134.2.200.2
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsSvc.exe
    O23 - Service: ThreatFire - PC Tools - C:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe

    --
    End of file - 10172 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
    IDMIEHlprObj Class

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{081F713B-6BF8-4125-AD20-989AA7727B0C}]
    XBTP04919 Class

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-03 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
    Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-03 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-03 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
    {0BF43445-2F28-4351-9252-17FE6E806AA0}

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "igfxpers "=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
    "RecGuard "=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
    "IMEKRMIG6.1 "=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-04 44032]
    "MSPY2002 "=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
    "PHIME2002ASync "=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
    "PHIME2002A "=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
    "SynTPEnh "=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-04-01 761946]
    "High Definition Audio Property Page Shortcut "=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-04-18 61952]
    "IMJPMIG8.1 "=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
    "SunJavaUpdateSched "=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-03 136600]
    "QuickTime Task "=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
    "ISUSPM Startup "=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-28 221184]
    "ISTray "=C:\Program Files\PC Tools Internet Security\pctsTray.exe [2008-08-25 1168296]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "System Sound "=C:\DOCUME~1\HPLAPT~1\LOCALS~1\Temp\\sysfnx.exe []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Active Desktop Calendar]
    C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-10-28 94208]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
    C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-01-26 40960]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    C:\Program Files\DAEMON Tools\daemon.exe [2005-12-10 133016]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-02-15 454656]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
    C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2007-09-04 54576]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-03-23 131072]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
    C:\Program Files\HP\QuickPlay\QPService.exe [2006-04-11 102400]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viewbar]
    C:\Program Files\AGLOCO Viewbar\Viewbar.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe [2003-12-13 33792]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2006-05-12 581693]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    C:\PROGRA~1\Hp\DIGITA~1\bin\hpqtra08.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Pavilion Webcam Tray Icon.lnk]
    C:\PROGRA~1\HEWLET~1\HPPAVI~1\tsnp2std.exe [2006-03-30 98304]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
    C:\PROGRA~1\Hp\DIGITA~1\bin\hpqthb08.exe -s []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    C:\PROGRA~1\MICROS~4\Office10\OSA.EXE [2001-02-13 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "matlabserver "=2
    "winvnc "=2
    "TuneUp.Defrag "=3
    "MDM "=2
    "LightScribeService "=2
    "idsvc "=3
    "IDriverT "=3
    "ICDSPTSV "=3
    "FLEXnet Licensing Service "=3
    "btwdins "=2

    C:\Documents and Settings\HP LAPTOP\Start Menu\Programs\StartUp
    Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun "=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\Program Files\DC++\DCPlusPlus.exe "= "C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ "
    "C:\Program Files\Google\Google Talk\googletalk.exe "= "C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk "
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
    "C:\Program Files\Yahoo!\Messenger\YServer.exe "= "C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "
    "C:\Program Files\Skype\Phone\Skype.exe "= "C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
    "C:\bin\win32\MATLAB.exe "= "C:\bin\win32\MATLAB.exe:*:Enabled:MATLAB "
    "C:\Program Files\ApexDC++\ApexDC.exe "= "C:\Program Files\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++ - Pinnacle of File Sharing "
    "C:\Program Files\Hp\HP Software Update\HPWUCli.exe "= "C:\Program Files\Hp\HP Software Update\HPWUCli.exe:*:Enabled:HP Update "
    "C:\Program Files\TuneUp Utilities 2008\UpdateWizard.exe "= "C:\Program Files\TuneUp Utilities 2008\UpdateWizard.exe:*:Enabled:TuneUp Update Wizard "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bd83846-943e-11dc-9418-0016d30ea456}]
    shell\Auto\command - G:\autorun.exe
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f955cea-5688-11dd-953c-0016d30ea456}]
    shell\Auto\command - autorun.exe
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f937ee0-fc9e-11dc-94be-0016d30ea456}]
    shell\Auto\command - F:\autorun.exe
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b389362-e8f4-11dc-949a-0016d30ea456}]
    shell\Auto\command - G:\autorun.exe
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43bb10de-d216-11dc-9473-0016d30ea456}]
    shell\Auto\command - F:\autorun.exe
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d9642dd-5fc3-11dd-9553-0016d30ea456}]
    shell\Auto\command - F:\autorun.exe
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d9642df-5fc3-11dd-9553-0016d30ea456}]
    shell\Auto\command - F:\system.exe
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
    shell\Explore\command - F:\system.exe
    shell\Open\command - F:\system.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{662defd8-3bd4-11dd-9519-0016d30ea456}]
    shell\Auto\command - F:\autorun.exe
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67ff6b0c-d225-11dc-9474-0016d30ea456}]
    shell\Auto\command - G:\autorun.exe
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{760f9bb0-85ed-11dc-9409-0016d30ea456}]
    shell\Auto\command - F:\autorun.exe
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d3eba1e-c35a-11dd-961f-0016d30ea456}]
    shell\AutoRun\command - G:\AutoRun\AutoStart.exe
    shell\Explore\command - G:\AutoRun\AutoStart.exe
    shell\Open\command - G:\AutoRun\AutoStart.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6a469ce-9dd2-11dd-95d4-0016d30ea456}]
    shell\AutoRun\command - G:\kinza.exe
    shell\explore\command - G:\kinza.exe
    shell\open\command - G:\kinza.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0188b56-b1ff-11dd-95fb-0016d30ea456}]
    shell\AutoRun\command - G:\System\DriveGuard\DriveProtect.exe -run*
    shell\Explore\command - G:\System\DriveGuard\DriveProtect.exe -run**
    shell\Open\command - G:\System\DriveGuard\DriveProtect.exe -run*

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0fe7e06-651d-11dd-955d-0016d30ea456}]
    shell\Auto\command - F:\autorun.exe
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6eba164-6efe-11dd-9573-0016d30ea456}]
    shell\AutoRun\command - H:\AutoRun\AutoStart.exe
    shell\Explore\command - H:\AutoRun\AutoStart.exe
    shell\Open\command - H:\AutoRun\AutoStart.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d54009d4-63d8-11dd-955a-0016d30ea456}]
    shell\Auto\command - F:\autorun.exe
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc5b89f6-21ab-11dd-94f6-0016d30ea456}]
    shell\Auto\command - F:\autorun.exe
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe


    ======List of files/folders created in the last 3 months======

    2009-01-15 22:43:09 ----D---- C:\Program Files\trend micro
    2009-01-15 22:43:00 ----D---- C:\rsit
    2009-01-13 23:04:06 ----D---- C:\Documents and Settings\HP LAPTOP\Application Data\PCToolsFirewallPlus
    2009-01-13 23:04:01 ----D---- C:\Documents and Settings\HP LAPTOP\Application Data\PCToolsSpamMonitorPlus
    2009-01-13 23:00:30 ----D---- C:\Program Files\Common Files\PC Tools
    2009-01-13 23:00:17 ----D---- C:\Program Files\PC Tools Internet Security
    2009-01-13 23:00:17 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
    2009-01-13 13:34:25 ----D---- C:\Documents and Settings\HP LAPTOP\Application Data\PC Tools
    2009-01-13 10:52:54 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-01-13 03:54:51 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2009-01-13 03:41:26 ----A---- C:\WINDOWS\win.tmp
    2009-01-13 03:41:26 ----A---- C:\WINDOWS\system.tmp
    2009-01-13 03:01:54 ----A---- C:\log2.txt
    2009-01-13 03:01:54 ----A---- C:\log1.txt
    2009-01-13 02:41:41 ----D---- C:\Documents and Settings\HP LAPTOP\Application Data\True Sword
    2009-01-10 10:09:24 ----A---- C:\symlcsv1.exe
    2009-01-05 02:32:38 ----HD---- C:\Program Files\Uninstall Information
    2008-12-18 14:36:51 ----D---- C:\Documents and Settings\HP LAPTOP\Application Data\dvdcss
    2008-12-18 14:28:23 ----D---- C:\Documents and Settings\HP LAPTOP\Application Data\CyberLink
    2008-12-15 20:51:30 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
    2008-12-15 20:51:29 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
    2008-12-15 20:51:28 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
    2008-12-15 20:51:28 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
    2008-12-15 20:51:27 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
    2008-12-15 20:51:26 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
    2008-12-15 20:51:25 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
    2008-12-15 20:51:24 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
    2008-12-15 20:51:24 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
    2008-12-15 20:51:23 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
    2008-12-15 20:51:22 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
    2008-12-15 20:51:21 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
    2008-12-15 20:51:21 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
    2008-12-15 20:51:19 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
    2008-12-15 20:51:18 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
    2008-12-15 20:51:18 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
    2008-12-15 20:51:17 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
    2008-12-15 20:51:17 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
    2008-12-15 20:51:15 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
    2008-12-15 20:51:13 ----A---- C:\WINDOWS\system32\xinput1_3.dll
    2008-12-15 20:51:12 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
    2008-12-15 20:51:09 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
    2008-12-15 20:51:09 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
    2008-12-15 20:51:06 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
    2008-12-15 20:51:05 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
    2008-12-15 20:51:04 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
    2008-12-15 20:51:03 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
    2008-12-15 20:51:02 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
    2008-12-15 20:51:02 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
    2008-12-15 20:51:01 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
    2008-12-15 20:51:00 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
    2008-12-15 20:50:59 ----A---- C:\WINDOWS\system32\xinput1_2.dll
    2008-12-15 20:50:59 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
    2008-12-15 20:50:58 ----A---- C:\WINDOWS\system32\xinput1_1.dll
    2008-12-15 20:50:57 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
    2008-12-15 20:50:44 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
    2008-12-15 20:50:43 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
    2008-12-15 20:50:43 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
    2008-12-15 20:50:42 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
    2008-12-15 20:50:41 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
    2008-12-15 20:50:40 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
    2008-12-15 20:50:39 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
    2008-12-15 20:50:38 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
    2008-12-15 20:50:37 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
    2008-12-15 20:50:34 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
    2008-12-13 23:09:03 ----D---- C:\admat
    2008-12-13 23:08:54 ----D---- C:\Documents and Settings\All Users\Application Data\CreativePark
    2008-12-11 20:42:12 ----D---- C:\Documents and Settings\HP LAPTOP\Application Data\WinRAR
    2008-12-10 13:56:45 ----D---- C:\Documents and Settings\HP LAPTOP\Application Data\Real
    2008-12-04 18:39:02 ----D---- C:\Program Files\Common Files\Apple
    2008-12-04 18:38:46 ----D---- C:\Program Files\QuickTime
    2008-12-04 18:37:59 ----D---- C:\Program Files\Apple Software Update
    2008-12-04 18:37:58 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
    2008-12-03 07:53:44 ----A---- C:\WINDOWS\system32\deploytk.dll
    2008-12-03 07:53:43 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-12-03 07:53:43 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-12-03 07:53:43 ----A---- C:\WINDOWS\system32\java.exe
    2008-11-30 23:16:17 ----D---- C:\Program Files\Common Files\ODBC
    2008-11-23 21:11:43 ----D---- C:\Program Files\MathType
    2008-11-23 20:48:51 ----D---- C:\Documents and Settings\HP LAPTOP\Application Data\Design Science
    2008-11-19 19:21:17 ----D---- C:\Program Files\MATLAB
    2008-11-16 17:09:13 ----D---- C:\Documents and Settings\HP LAPTOP\Application Data\WordWeb
    2008-11-16 17:08:19 ----A---- C:\WINDOWS\wweb32.dll
    2008-11-16 17:08:18 ----D---- C:\Program Files\WordWeb
    2008-11-04 21:52:45 ----D---- C:\Program Files\GNUGS
    2008-11-04 21:50:01 ----A---- C:\WINDOWS\system32\uninscpw.exe
    2008-11-04 21:50:01 ----A---- C:\WINDOWS\system32\cpwmon2k.dll
    2008-11-04 21:49:38 ----D---- C:\Program Files\Acro Software
    2008-11-04 21:49:38 ----A---- C:\WINDOWS\system32\cpwsave.exe
    2008-10-26 19:29:11 ----D---- C:\Program Files\COED11
    2008-10-23 02:11:43 ----D---- C:\Program Files\Pidgin

    ======List of files/folders modified in the last 3 months======

    2009-01-16 02:14:37 ----D---- C:\Program Files\Mozilla Firefox
    2009-01-16 02:14:28 ----D---- C:\WINDOWS\Prefetch
    2009-01-16 02:13:54 ----D---- C:\WINDOWS\Temp
    2009-01-16 01:59:53 ----D---- C:\Program Files\DC++
    2009-01-16 01:56:57 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-01-15 23:07:56 ----A---- C:\WINDOWS\WORDPAD.INI
    2009-01-15 22:50:41 ----D---- C:\Documents and Settings\HP LAPTOP\Application Data\.purple
    2009-01-15 22:43:09 ----D---- C:\Program Files
    2009-01-15 15:30:29 ----RD---- C:\severus
    2009-01-15 15:23:09 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-01-15 15:21:50 ----D---- C:\WINDOWS\system32
    2009-01-15 15:21:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-01-15 15:18:20 ----D---- C:\WINDOWS\system32\drivers
    2009-01-15 02:23:43 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-01-15 02:12:49 ----D---- C:\not to be shared
    2009-01-14 02:55:54 ----D---- C:\SwSetup
    2009-01-13 23:03:54 ----D---- C:\WINDOWS
    2009-01-13 23:01:15 ----SHD---- C:\WINDOWS\Installer
    2009-01-13 23:00:53 ----HD---- C:\WINDOWS\inf
    2009-01-13 23:00:30 ----D---- C:\Program Files\Common Files
    2009-01-13 23:00:02 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
    2009-01-13 21:11:12 ----HD---- C:\$AVG8.VAULT$
    2009-01-13 18:09:53 ----D---- C:\Program Files\TuneUp Utilities 2008
    2009-01-13 14:34:55 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2009-01-13 14:08:08 ----RSHD---- C:\WINDOWS\system32\dllcache
    2009-01-13 00:54:15 ----SD---- C:\Documents and Settings\HP LAPTOP\Application Data\Microsoft
    2009-01-10 12:33:33 ----D---- C:\Program Files\Common Files\Symantec Shared
    2009-01-10 12:27:57 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
    2009-01-10 12:23:08 ----SD---- C:\WINDOWS\Tasks
    2009-01-07 03:14:05 ----D---- C:\WINDOWS\SMINST
    2009-01-07 01:48:21 ----D---- C:\WINDOWS\CREATOR
    2009-01-05 02:32:46 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
    2009-01-02 10:26:28 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
    2008-12-28 11:50:34 ----D---- C:\WINDOWS\Help
    2008-12-18 14:28:19 ----D---- C:\Documents and Settings\HP LAPTOP\Application Data\HP
    2008-12-18 14:28:19 ----D---- C:\Documents and Settings\All Users\Application Data\HP
    2008-12-15 21:37:10 ----D---- C:\WINDOWS\system32\LogFiles
    2008-12-15 21:37:05 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2008-12-15 21:24:24 ----D---- C:\WINDOWS\system32\DirectX
    2008-12-15 21:24:05 ----RSD---- C:\WINDOWS\assembly
    2008-12-15 20:50:47 ----D---- C:\WINDOWS\Microsoft.NET
    2008-12-15 20:41:01 ----D---- C:\WINDOWS\system32\Restore
    2008-12-09 09:48:17 ----D---- C:\Documents and Settings\HP LAPTOP\Application Data\Adobe
    2008-12-04 18:39:39 ----D---- C:\Program Files\Internet Explorer
    2008-12-04 18:38:42 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-12-03 07:53:16 ----D---- C:\Program Files\Java
    2008-12-02 23:06:31 ----D---- C:\Documents and Settings\HP LAPTOP\Application Data\DivX
    2008-12-01 20:00:14 ----D---- C:\Documents and Settings\HP LAPTOP\Application Data\SSH
    2008-12-01 11:01:48 ----D---- C:\Documents and Settings\HP LAPTOP\Application Data\Mozilla
    2008-11-30 22:45:53 ----D---- C:\Program Files\Windows Media Player
    2008-11-30 22:45:46 ----D---- C:\Program Files\Real Alternative
    2008-11-30 22:42:41 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-11-30 22:42:37 ----D---- C:\Program Files\Hewlett-Packard
    2008-11-30 22:42:36 ----D---- C:\Program Files\Google
    2008-11-30 22:42:36 ----D---- C:\Program Files\DivX
    2008-11-30 22:42:22 ----D---- C:\Program Files\Cell Phone Manager
    2008-11-30 22:42:21 ----D---- C:\Program Files\BitComet
    2008-11-30 22:41:46 ----D---- C:\Documents and Settings\HP LAPTOP\Application Data\Subversion
    2008-11-30 22:41:46 ----D---- C:\Documents and Settings\HP LAPTOP\Application Data\Skype
    2008-11-30 22:41:40 ----D---- C:\Documents and Settings\HP LAPTOP\Application Data\Mathematica
    2008-11-30 22:41:38 ----D---- C:\Documents and Settings\HP LAPTOP\Application Data\Google
    2008-11-30 22:41:38 ----D---- C:\Documents and Settings\HP LAPTOP\Application Data\Azureus
    2008-11-30 22:41:14 ----D---- C:\Cygwin
    2008-11-30 22:38:08 ----D---- C:\webserver
    2008-11-23 21:12:18 ----RSD---- C:\WINDOWS\Fonts
    2008-11-19 20:08:42 ----A---- C:\WINDOWS\matlab.ini
    2008-11-19 20:05:26 ----D---- C:\work
    2008-11-18 21:13:44 ----SHD---- C:\System Volume Information
    2008-10-23 02:11:24 ----D---- C:\Program Files\Common Files\GTK

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
    R1 eeCtrl;Symantec Eraser Control driver; \??\c:\program files\common files\symantec shared\eengine\eectrl.sys []
    R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66984]
    R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81320]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
    R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys []
    R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-15 12672]
    R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-12 1342602]
    R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
    R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-08-24 223128]
    R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-11-03 157696]
    R3 FWAuth;FWAuth Driver; \??\C:\WINDOWS\system32\drivers\FWAuthDriver.sys []
    R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
    R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2007-03-22 625664]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
    R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-22 1035008]
    R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-08-22 201600]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
    R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
    R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992]
    R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
    R3 SFilter;PCTools Driver; C:\WINDOWS\system32\DRIVERS\pctfw.sys [2008-07-17 93952]
    R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-04-01 193056]
    R3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
    R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
    R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
    S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
    S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
    S2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [1999-01-16 73216]
    S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
    S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-12 401664]
    S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-12 30363]
    S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-12 148168]
    S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-12 30189]
    S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-13 57320]
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
    S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
    S3 ICDUSB2;Sony IC Recorder (P); C:\WINDOWS\System32\Drivers\ICDUSB2.sys [2002-11-28 39048]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
    S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
    S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
    S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904]
    S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
    S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
    S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-03-14 1428480]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
    S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
    S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
    S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
    S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
    S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
    S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
    S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-03-15 135168]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-03 152984]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
    R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\PC Tools Internet Security\pctsAuxs.exe [2008-06-13 356920]
    R2 sdCoreService;PC Tools Security Service; C:\Program Files\PC Tools Internet Security\pctsSvc.exe [2008-10-15 1079208]
    R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    R3 ThreatFire;ThreatFire; C:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe [2008-06-06 66880]
    S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-24 654848]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
    S3 Visual Studio Analyzer RPC bridge;Visual Studio Analyzer RPC bridge; C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [1998-06-06 34036]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S4 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-12 258103]
    S4 ICDSPTSV;Sony SPTI Service for DVE; C:\WINDOWS\system32\IcdSptSv.exe [2003-04-01 69632]
    S4 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
    S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
    S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
    S4 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-23 307968]
    S4 winvnc;WindowsMgr; -service []

    -----------------EOF-----------------
     
    Last edited: 2009/01/15
    severus,
    #1
  2. 2009/01/15
    severus

    severus Inactive Thread Starter

    Joined:
    2009/01/15
    Messages:
    3
    Likes Received:
    0
    The info file is:

    info.txt logfile of random's system information tool 1.05 2009-01-15 22:44:22

    ======Uninstall list======

    -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
    -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->C:\WINDOWS\UNRecode.exe /UNINSTALL
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\Setup.exe" -l0x9 anything
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe Acrobat 8.1.3 Professional-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    CCleaner (remove only)--> "C:\Program Files\CCleaner\uninst.exe "
    CDisplay 1.8--> "C:\Program Files\CDisplay\unins000.exe "
    CollabNet Subversion 1.5.1-->C:\Cygwin\uninst.exe
    Concise Oxford English Dictionary (Eleventh Edition)-->C:\Program Files\COED11\Uninstal.exe
    Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -Iwis30B2a.inf
    CutePDF Writer 2.3-->C:\WINDOWS\system32\uninscpw.exe C:\Program Files\
    DC++ 0.670--> "C:\Program Files\DC++\uninstall.exe "
    Digital Voice Editor 3-->C:\Program Files\InstallShield Installation Information\{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}\setup.exe -runfromtemp -l0x0009 UNINSTALL /z -removeonly
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    Dr Word Master 7--> "C:\Program Files\SFKD\Dr Word Master\uninstall.exe "
    EVEREST Ultimate Edition v4.50--> "C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe "
    Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
    GOM Player--> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe "
    Google Talk (remove only)--> "C:\Program Files\Google\Google Talk\uninstall.exe "
    GTK+ Runtime 2.12.12 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
    HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_wis30B2m\HXFSETUP.EXE -U -Iwis30B2m.INF
    Hotfix for Windows Internet Explorer 7 (KB947864)--> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe "
    HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\Setup.exe" -l0x9 -removeonly
    HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
    HP Pavilion Webcam Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC397D90-720E-426D-B381-0A10C6FD5A49}\setup.exe" -l0x9 -removeonly
    HP Pavilion Webcam Tray Icon-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0C23BEBC-0429-4254-A83F-15C591AB768A}\Setup.exe" -l0x9
    HP Quick Launch Buttons 6.00 G2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
    HP QuickPlay 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
    HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
    HP Wireless Assistant 2.00 E1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
    Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
    Intel(R) PRO Network Connections Drivers-->Prounstl.exe
    J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
    J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
    J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    K-Lite Codec Pack 3.2.5 Full--> "C:\Program Files\K-Lite Codec Pack\unins000.exe "
    Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
    Mathematica 5-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{A267A14C-6FDA-41A1-8B22-50A5D1E4444E}
    MathType 5--> "C:\PROGRAM FILES\MathType\Setup.exe" -R
    MATLAB R2007b-->C:\Program Files\MATLAB\R2007b\uninstall\uninstall.exe C:\Program Files\MATLAB\R2007b\
    Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
    Microsoft Compression Client Pack 1.0 for Windows XP--> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
    Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
    Microsoft Money-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
    Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
    Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0--> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Visual Studio 6.0 Enterprise Edition--> "C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe "
    Microsoft Web Publishing Wizard 1.53-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
    Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
    Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
    MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
    muvee autoProducer 4.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{286F29AF-0BE2-4D5F-AB17-B7631A810553}\setup.exe" -l0x9
    Nero 7 Demo-->MsiExec.exe /I{84B2CF01-194D-2284-B313-F2E0D78D1033}
    ObjectDock-->C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
    OLYMPUS Master 2-->MsiExec.exe /X{45FCADDB-0B29-457E-83A1-D245C62A716C}
    PC Tools Internet Security 2009-->C:\Program Files\PC Tools Internet Security\unins000.exe /SILENT /LOG
    PDF2Word v1.4--> "C:\Program Files\PDF2Word v1.4\unins000.exe "
    Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
    QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
    Real Alternative 1.52--> "C:\Program Files\Real Alternative\unins000.exe "
    Security Update for Windows Internet Explorer 7 (KB938127)--> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB950759)--> "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
    Security Update for Windows Media Player 10 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe "
    Sentinel System Driver-->C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
    Skypeâ„¢ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    SmartAudio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}\setup.exe" -l0x9 -removeonly -S
    Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
    Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
    Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
    Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    SSH Accession-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4CEAC2BC-5EC2-461E-BC59-C1E78D2B3862}\Setup.exe" -l0x9 RunningUninstall
    SSH Secure Shell-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll ",standAloneUninstall
    TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
    VideoLAN VLC media player 0.8.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Winamp (remove only)--> "C:\Program Files\Winamp\UninstWA.exe "
    WinAVR 20050214 (remove only)-->C:\WinAVR\WinAVR-20050214-uninstall.exe
    Windows Imaging Component--> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe "
    Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime--> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
    Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11--> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe "
    Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    Windows XP Service Pack 3--> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe "
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
    WinZip--> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
    WordWeb Pro-->C:\Program Files\WordWeb\uninst.exe
    Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
    Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

    ======Security center information======

    AV: Internet Security Anti-Virus
    AV: (disabled) (outdated)
    FW: Norton Internet Worm Protection
    FW: Internet Security Firewall

    System event log

    Computer Name: YOUR-09DEDAFE33
    Event Code: 7035
    Message: The Application Layer Gateway Service service was successfully sent a start control.

    Record Number: 73838
    Source Name: Service Control Manager
    Time Written: 20081217124157.000000+330
    Event Type: information
    User: NT AUTHORITY\SYSTEM

    Computer Name: YOUR-09DEDAFE33
    Event Code: 4202
    Message: The system detected that network adapter \DEVICE\TCPIP_{6ADD9CB3-3250-4688-9CC2-4396C03AC7F3} was disconnected from the network,
    and the adapter's network configuration has been released. If the network
    adapter was not disconnected, this may indicate that it has malfunctioned.
    Please contact your vendor for updated drivers.

    Record Number: 73837
    Source Name: Tcpip
    Time Written: 20081217124154.000000+330
    Event Type: information
    User:

    Computer Name: YOUR-09DEDAFE33
    Event Code: 7036
    Message: The Remote Access Connection Manager service entered the running state.

    Record Number: 73836
    Source Name: Service Control Manager
    Time Written: 20081217124153.000000+330
    Event Type: information
    User:

    Computer Name: YOUR-09DEDAFE33
    Event Code: 7036
    Message: The SSDP Discovery Service service entered the running state.

    Record Number: 73835
    Source Name: Service Control Manager
    Time Written: 20081217124150.000000+330
    Event Type: information
    User:

    Computer Name: YOUR-09DEDAFE33
    Event Code: 7035
    Message: The SSDP Discovery Service service was successfully sent a start control.

    Record Number: 73834
    Source Name: Service Control Manager
    Time Written: 20081217124150.000000+330
    Event Type: information
    User: NT AUTHORITY\SYSTEM

    Application event log

    Computer Name: YOUR-09DEDAFE33
    Event Code: 1015
    Message: Failed to connect to server. Error: 0x800401F0

    Record Number: 5561
    Source Name: MsiInstaller
    Time Written: 20080224110600.000000+330
    Event Type: warning
    User: YOUR-09DEDAFE33\HP LAPTOP

    Computer Name: YOUR-09DEDAFE33
    Event Code: 1015
    Message: Failed to connect to server. Error: 0x800401F0

    Record Number: 5560
    Source Name: MsiInstaller
    Time Written: 20080224110600.000000+330
    Event Type: warning
    User: YOUR-09DEDAFE33\HP LAPTOP

    Computer Name: YOUR-09DEDAFE33
    Event Code: 1015
    Message: Failed to connect to server. Error: 0x800401F0

    Record Number: 5559
    Source Name: MsiInstaller
    Time Written: 20080224110600.000000+330
    Event Type: warning
    User: YOUR-09DEDAFE33\HP LAPTOP

    Computer Name: YOUR-09DEDAFE33
    Event Code: 1015
    Message: Failed to connect to server. Error: 0x800401F0

    Record Number: 5558
    Source Name: MsiInstaller
    Time Written: 20080224110559.000000+330
    Event Type: warning
    User: YOUR-09DEDAFE33\HP LAPTOP

    Computer Name: YOUR-09DEDAFE33
    Event Code: 1015
    Message: Failed to connect to server. Error: 0x800401F0

    Record Number: 5557
    Source Name: MsiInstaller
    Time Written: 20080224110559.000000+330
    Event Type: warning
    User: YOUR-09DEDAFE33\HP LAPTOP

    Security event log

    Computer Name: YOUR-09DEDAFE33
    Event Code: 680
    Message: Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

    Logon account: Guest

    Source Workstation: YHJHGJH-1914BF9

    Error Code: 0x0


    Record Number: 4450
    Source Name: Security
    Time Written: 20090114030007.000000+330
    Event Type: audit success
    User: NT AUTHORITY\SYSTEM

    Computer Name: YOUR-09DEDAFE33
    Event Code: 538
    Message: User Logoff:

    User Name: Guest

    Domain: YOUR-09DEDAFE33

    Logon ID: (0x0,0x58A58A)

    Logon Type: 3


    Record Number: 4449
    Source Name: Security
    Time Written: 20090114030007.000000+330
    Event Type: audit success
    User: YOUR-09DEDAFE33\Guest

    Computer Name: YOUR-09DEDAFE33
    Event Code: 576
    Message: Special privileges assigned to new logon:

    User Name:

    Domain:

    Logon ID: (0x0,0x58A58A)

    Privileges: SeChangeNotifyPrivilege

    Record Number: 4448
    Source Name: Security
    Time Written: 20090114030007.000000+330
    Event Type: audit success
    User: YOUR-09DEDAFE33\Guest

    Computer Name: YOUR-09DEDAFE33
    Event Code: 680
    Message: Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

    Logon account: Guest

    Source Workstation: YHJHGJH-1914BF9

    Error Code: 0x0


    Record Number: 4447
    Source Name: Security
    Time Written: 20090114030007.000000+330
    Event Type: audit success
    User: NT AUTHORITY\SYSTEM

    Computer Name: YOUR-09DEDAFE33
    Event Code: 538
    Message: User Logoff:

    User Name: Guest

    Domain: YOUR-09DEDAFE33

    Logon ID: (0x0,0x58A4F8)

    Logon Type: 3


    Record Number: 4446
    Source Name: Security
    Time Written: 20090114030007.000000+330
    Event Type: audit success
    User: YOUR-09DEDAFE33\Guest

    ======Environment variables======

    "ComSpec "=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK "=NO
    "NUMBER_OF_PROCESSORS "=2
    "OS "=Windows_NT
    "Path "=C:\Program Files\Analog Devices\VisualDSP;C:\Program Files\Analog Devices\VisualDSP\System;C:\WinAVR\bin;C:\WinAVR\utils\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\MATLAB\R2007b\bin;C:\Program Files\MATLAB\R2007b\bin\win32;C:\Program Files\Flash Magic;C:\Cygwin;C:\Program Files\QuickTime\QTSystem\
    "PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "PCTYPE "=PAVILION
    "PLATFORM "=MCD
    "PROCESSOR_ARCHITECTURE "=x86
    "PROCESSOR_IDENTIFIER "=x86 Family 6 Model 14 Stepping 8, GenuineIntel
    "PROCESSOR_LEVEL "=6
    "PROCESSOR_REVISION "=0e08
    "SonicCentral "=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
    "TEMP "=%SystemRoot%\TEMP
    "TMP "=%SystemRoot%\TEMP
    "windir "=%SystemRoot%
    "CLASSPATH "=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA "=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

    -----------------EOF-----------------
     
    severus,
    #2


  3. to hide this advert.

  4. 2009/01/17
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS severus :)

    You have a flash drive infection. Please download Flash_Disinfector by sUBs and save it to your desktop:

    NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

    • Plug in your USB flash drive.
    • Double-click Flash_Disinfector.exe to run it.
    • Follow any prompts that may appear.
    • Your desktop will vanish for a while, and then reappear. This is normal.
    • Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.


    Next, visit the following webpage for instructions for downloading and running ComboFix

    How to use ComboFix


    Download ComboFix by sUBs from here, saving the file to your desktop.


    Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

    • Close all open programs and windows
    • Double click ComboFix.exe and follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    **NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.



    Are you using an internet connection that requires a proxy setting, such as school or work access? Your log also shows 2 DNS server configurations - 1 in Germany and 1 in India perhaps. Are those correct?
     
    noahdfear,
    #3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...