|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#16
|
|||
|
|||
Hi Jintan,
paradigm shift here: couldn't get to combofix download. the malware stopped it in it tracks. after going to the bleepingcomputer website and reading about this specific malware i opted to try malwarebytes. i was able to sneak it past malware right at startup. did a full scan it came back with 6-7 problems. removed some and quarantined (sp?) others. this was out of desperation so apologies for not following your advice. machine is running ok...still cant get into safe mode using the f8 method. at least im pretty sure its not safe mode. i was in safe mode on friday and it looked completely different. right now after after opting for safe mode w/networking it goes to what looks like a completely 'normal' desktop. so thats the partially good news. heres the bad news: there is a popup at startup that reads: windows has blocked some programs that are required to run when windows starts. click to view programs --firefox runs fine i.e. says there is a connection problem and wont show webpages. unwilling to do much else in case malware is 'hiding' in adobe or some other program. i assume it may be time to start over somewhat. Last edited by ryno; June 25th, 2010 at 01:54 AM. Reason: i.e. update |
#17
|
|||
|
|||
duplicate
Last edited by ryno; June 25th, 2010 at 01:59 AM. Reason: duplicate sorry didnt notice we went to 2 pages |
#18
|
||||
|
||||
That "windows has blocked some programs..." balloon is a legit part of Windows, and shows when there are some startups disabled, such as disabling through msconfig. May be that the changes you just did removed some restriction that was blocking the taskbar balloon messages.
Go ahead, if you would, and run and post back a new RSIT log. Also open Gmer again. This time just right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. |
#19
|
|||
|
|||
Logfile of random's system information tool 1.07 (written by random/random)
Run by ryan at 2010-06-25 03:31:45 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 211 GB (72%) free of 295 GB Total RAM: 3001 MB (60% free) HijackThis download failed ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\McDefragTask.job C:\Windows\tasks\McQcTask.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}] McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-07-08 62784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-05-28 278128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\s wg.dll [2010-05-28 814648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-28 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-05-28 278128] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-02-11 186904] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-03-05 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-03-05 173592] "Persistence"=C:\Windows\system32\igfxpers.exe [2009-03-05 150552] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-04-10 7399968] "Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-04-10 1833504] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-02-06 1430824] "LManager"=C:\Program Files\Launch Manager\LManager.exe [2009-04-08 1071624] "BackupManagerTray"=C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2009-04-01 249600] "LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2009-03-30 62760] "Acer ePower Management"=C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [2009-04-27 440864] "ODDPwr"=C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [2009-04-29 176128] "EgisTecLiveUpdate"=C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [2008-10-27 199464] "mwlDaemon"=C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [2008-10-27 346672] "CarboniteSetupLite"=C:\Program Files\Carbonite\CarbonitePreinstaller.exe [2009-01-08 294544] "Acer Assist Launcher"=C:\Program Files\Acer\Acer Assist\launcher.exe [2007-11-19 1261568] "Acer Product Registration"=C:\Program Files\Acer\Acer Registration\ACE1.exe [2007-11-26 3387392] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-07-10 645328] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-28 149280] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "Monitor"=C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [2009-11-10 443728] ""= [] "RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-06-08 236016] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] |
#20
|
|||
|
|||
""= []
""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run] "WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCen ter [] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [2009-09-22 68856] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe C:\Users\ryan\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2009-02-26 210432] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2010-06-25 03:31:45 ----D---- C:\rsit 2010-06-24 14:18:01 ----D---- C:\Users\ryan\AppData\Roaming\Malwarebytes 2010-06-24 14:17:46 ----D---- C:\ProgramData\Malwarebytes 2010-06-24 14:17:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-06-23 07:56:27 ----D---- C:\Program Files\trend micro 2010-06-23 03:01:41 ----A---- C:\Windows\system32\psisdecd.dll 2010-06-23 03:01:39 ----A---- C:\Windows\system32\EncDec.dll 2010-06-23 03:01:06 ----A---- C:\Windows\system32\PresentationHostProxy.dll 2010-06-23 03:01:06 ----A---- C:\Windows\system32\PresentationHost.exe 2010-06-23 03:01:06 ----A---- C:\Windows\system32\netfxperf.dll 2010-06-23 03:01:06 ----A---- C:\Windows\system32\mscoree.dll 2010-06-23 03:01:06 ----A---- C:\Windows\system32\dfshim.dll 2010-06-22 17:21:54 ----A---- C:\Windows\ntbtlog.txt 2010-06-22 16:33:54 ----A---- C:\Windows\system32\Apphlpdm.dll 2010-06-22 16:33:53 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2010-06-22 16:33:21 ----N---- C:\Windows\system32\MpSigStub.exe 2010-06-11 13:00:02 ----A---- C:\Windows\system32\asycfilt.dll 2010-06-11 12:59:59 ----A---- C:\Windows\system32\atmfd.dll 2010-06-11 12:59:58 ----A---- C:\Windows\system32\atmlib.dll 2010-06-11 12:59:50 ----A---- C:\Windows\system32\mshtml.dll 2010-06-11 12:59:49 ----A---- C:\Windows\system32\wininet.dll 2010-06-11 12:59:49 ----A---- C:\Windows\system32\occache.dll 2010-06-11 12:59:48 ----A---- C:\Windows\system32\urlmon.dll 2010-06-11 12:59:48 ----A---- C:\Windows\system32\ieframe.dll 2010-06-11 12:59:47 ----A---- C:\Windows\system32\ieapfltr.dll 2010-06-11 12:59:46 ----A---- C:\Windows\system32\mshtmled.dll 2010-06-11 12:59:46 ----A---- C:\Windows\system32\msfeeds.dll 2010-06-11 12:59:46 ----A---- C:\Windows\system32\iertutil.dll 2010-06-11 12:59:46 ----A---- C:\Windows\system32\iedkcs32.dll 2010-06-11 12:59:45 ----A---- C:\Windows\system32\ieUnatt.exe 2010-06-11 12:59:45 ----A---- C:\Windows\system32\iepeers.dll 2010-06-11 12:59:45 ----A---- C:\Windows\system32\ieencode.dll 2010-06-11 12:59:45 ----A---- C:\Windows\system32\ieaksie.dll 2010-06-11 12:59:44 ----A---- C:\Windows\system32\mstime.dll 2010-06-11 12:59:44 ----A---- C:\Windows\system32\jsproxy.dll 2010-06-11 12:59:29 ----A---- C:\Windows\system32\quartz.dll 2010-05-26 20:21:48 ----A---- C:\Windows\system32\tzres.dll 2010-05-26 19:51:00 ----D---- C:\Users\ryan\AppData\Roaming\Roxio ======List of files/folders modified in the last 1 months====== 2010-06-25 03:31:50 ----D---- C:\Windows\Temp 2010-06-25 03:21:18 ----SHD---- C:\System Volume Information 2010-06-25 03:04:44 ----D---- C:\Windows\System32 2010-06-25 03:04:44 ----D---- C:\Windows\inf 2010-06-25 03:04:44 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-06-25 02:58:26 ----D---- C:\Windows 2010-06-24 16:31:37 ----D---- C:\Windows\system32\drivers 2010-06-24 16:30:47 ----D---- C:\Windows\schemas 2010-06-24 14:17:46 ----HD---- C:\ProgramData 2010-06-24 14:17:45 ----RD---- C:\Program Files 2010-06-24 11:59:18 ----D---- C:\Windows\Prefetch 2010-06-24 11:50:24 ----SHD---- C:\Windows\Installer 2010-06-24 11:50:05 ----D---- C:\Windows\system32\zh-TW 2010-06-24 11:50:05 ----D---- C:\Windows\system32\zh-HK 2010-06-24 11:50:05 ----D---- C:\Windows\system32\tr-TR 2010-06-24 11:50:05 ----D---- C:\Windows\system32\sv-SE 2010-06-24 11:50:05 ----D---- C:\Windows\system32\pt-BR 2010-06-24 11:50:05 ----D---- C:\Windows\system32\nl-NL 2010-06-24 11:50:04 ----D---- C:\Windows\system32\nb-NO 2010-06-24 11:50:04 ----D---- C:\Windows\system32\ko-KR 2010-06-24 11:50:04 ----D---- C:\Windows\system32\it-IT 2010-06-24 11:50:04 ----D---- C:\Windows\system32\he-IL 2010-06-24 11:50:04 ----D---- C:\Windows\system32\fr-FR 2010-06-24 11:50:04 ----D---- C:\Windows\system32\fi-FI 2010-06-24 11:50:04 ----D---- C:\Windows\system32\es-ES 2010-06-24 11:50:04 ----D---- C:\Windows\system32\en-US 2010-06-24 11:50:04 ----D---- C:\Windows\system32\el-GR 2010-06-24 11:50:04 ----D---- C:\Windows\system32\de-DE 2010-06-24 11:50:04 ----D---- C:\Windows\system32\da-DK 2010-06-24 11:50:04 ----D---- C:\Windows\system32\ar-SA 2010-06-23 13:08:03 ----D---- C:\Program Files\Mozilla Firefox 2010-06-23 07:09:42 ----D---- C:\Windows\Microsoft.NET 2010-06-23 07:02:05 ----D---- C:\Program Files\McAfee 2010-06-23 07:00:27 ----D---- C:\Windows\ehome 2010-06-23 07:00:27 ----D---- C:\Windows\AppPatch 2010-06-23 03:02:55 ----D---- C:\Windows\winsxs 2010-06-23 03:02:28 ----D---- C:\Windows\system32\catroot 2010-06-23 03:02:25 ----D---- C:\Windows\system32\catroot2 2010-06-20 10:22:11 ----D---- C:\Windows\Debug 2010-06-14 07:30:28 ----D---- C:\Users\ryan\AppData\Roaming\Professional 2010-06-13 04:02:37 ----RSD---- C:\Windows\assembly 2010-06-13 03:42:05 ----D---- C:\Program Files\Microsoft Silverlight 2010-06-13 03:41:01 ----D---- C:\Windows\system32\wbem 2010-06-13 03:40:59 ----D---- C:\Program Files\Internet Explorer 2010-06-13 03:40:57 ----D---- C:\Program Files\Windows Mail 2010-06-13 03:24:11 ----D---- C:\ProgramData\Microsoft Help 2010-06-05 03:01:58 ----SD---- C:\ProgramData\Microsoft 2010-05-28 20:04:33 ----D---- C:\Windows\rescache 2010-05-28 12:37:36 ----A---- C:\Windows\system32\mrt.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== |
#21
|
|||
|
|||
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-07-08 214024] R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-07-16 130424] R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-20 95744] R2 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-09 19504] R2 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-09 16432] R2 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-09 59952] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-12-29 952832] R3 CmBatt;Microsoft AC Adapter Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208] R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2009-03-26 21000] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-26 4569088] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-04-10 2358112] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-09-22 112128] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C60x86.sys [2009-04-01 50176] R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-07-08 79816] R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-07-08 35272] R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-07-08 40552] R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys [2009-03-25 15360] R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-20 8192] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-02-06 205232] R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-20 179712] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-07-08 34248] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016] S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-20 30720] S3 qrkis;Tether Miniport; C:\Windows\system32\DRIVERS\qrkis.sys [2009-10-16 45608] S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2007-05-31 22656] S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616] S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 DsiWMIService;Dritek WMI Service; C:\Program Files\Launch Manager\dsiwmis.exe [2009-04-10 117256] R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-04-27 703008] R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-02-11 354840] R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-20 21504] R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service; C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [2009-11-10 1131808] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832] R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952] R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-07-08 144704] R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-07-10 894136] R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640] R2 MWLService;MyWinLocker Service; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-10-27 306736] R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-01 54528] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632] R2 ODDPwrSvc;Acer ODD Power Service; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2009-04-29 118784] R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568] R2 Tether;Tether; C:\Program Files\Tether\TBService.exe [2010-03-03 49080] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568] R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-07-08 606736] S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-23 133104] S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992] S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-06-08 313840] S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-06-08 170480] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-22 182768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-07-08 365072] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560] S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-06-08 1108464] -----------------EOF----------------- |
#22
|
|||
|
|||
info.txt logfile of random's system information tool 1.06 2010-06-25 03:31:57
======Uninstall list====== -->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166} Acer Assist-->C:\Program Files\Acer\Acer Assist\uninstall.exe Acer Backup Manager-->C:\Program Files\InstallShield Installation Information\{72B776E5-4530-4C4B-9453-751DF87D9D93}\setup.exe -runfromtemp -l0x0409 Acer Crystal Eye webcam Ver:1.1.79.326-->C:\Program Files\InstallShield Installation Information\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}\setup.exe -runfromtemp -l0x0009 -removeonly Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0009 -removeonly Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI Acer PowerSmart Manager-->"C:\Program Files\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -runfromtemp -l0x0009 -removeonly Acer Registration-->C:\Program Files\Acer\Acer Registration\uninstall.exe Acer ScreenSaver-->C:\Windows\Screensavers\Acer\Uninstall.exe Acer VCM-->"C:\Program Files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe" -runfromtemp -l0x0009 -removeonly Acrobat.com-->msiexec /qb /x {628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0} Acrobat.com-->MsiExec.exe /I{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0} Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_acti veX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plug in.exe Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001} Airport Mania First Flight-->"C:\Program Files\Acer GameZone\Airport Mania First Flight\Uninstall.exe" "C:\Program Files\Acer GameZone\Airport Mania First Flight\install.log" Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415} Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\Setup.exe" -runfromtemp -l0x0009 -removeonly BlackBerry Desktop Software 4.6-->MsiExec.exe /i{7CB1E63B-C999-4D17-8133-E138F41D9ECF} BlackBerry Desktop Software 4.6-->MsiExec.exe /I{7CB1E63B-C999-4D17-8133-E138F41D9ECF} Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} C:\Program Files\Acer GameZone\GameConsole-->"C:\Program Files\Acer GameZone\GameConsole\unins000.exe" Cake Mania 2-->"C:\Program Files\Acer GameZone\Cake Mania 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Cake Mania 2\install.log" Carbonite Online Backup Setup-->"C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /uninstall Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Cooking Dash-->"C:\Program Files\Acer GameZone\Cooking Dash\Uninstall.exe" "C:\Program Files\Acer GameZone\Cooking Dash\install.log" Cradle of Rome-->"C:\Program Files\Acer GameZone\Cradle of Rome\Uninstall.exe" "C:\Program Files\Acer GameZone\Cradle of Rome\install.log" Dairy Dash-->"C:\Program Files\Acer GameZone\Dairy Dash\Uninstall.exe" "C:\Program Files\Acer GameZone\Dairy Dash\install.log" Dream Day Honeymoon-->"C:\Program Files\Acer GameZone\Dream Day Honeymoon\Uninstall.exe" "C:\Program Files\Acer GameZone\Dream Day Honeymoon\install.log" eSobi v2-->C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x0409 FX AccuCharts-->MsiExec.exe /I{105D3B41-2F2F-335A-C309-C859A0F4CBE8} Galapago-->"C:\Program Files\Acer GameZone\Galapago\Uninstall.exe" "C:\Program Files\Acer GameZone\Galapago\install.log" Global Trading System Pro UK-->MsiExec.exe /I{11630F6E-D77D-4AB2-A756-AD2B8D0CEE43} Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466} Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_A22A7357696 681C5.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51} Japanese Fonts Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-900000000003} Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF} Jewel Quest Solitaire-->"C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log" Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A} Launch Manager-->C:\Windows\UNINST32.EXE LManager.UNI LeapFrog Connect-->C:\Program Files\LeapFrog\LeapFrog Connect\uninst.exe LeapFrog Connect-->MsiExec.exe /X{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C} LeapFrog My Pals Plugin-->MsiExec.exe /I{CC33E708-A795-4AB3-908A-8F45919BC097} Luxor 2-->"C:\Program Files\Acer GameZone\Luxor 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Luxor 2\install.log" Mahjong Escape Ancient China-->"C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\install.log" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microso ft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Report Viewer Redistributable 2005-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Mic rosoft Report Viewer Redistributable 2005\install.exe Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Works-->MsiExec.exe /I{67E03279-F703-408F-B4BF-46B5FC8D70CD} Mozilla Firefox (3.5.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe |
#23
|
|||
|
|||
Mozilla Firefox (3.5.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MyWinLocker-->MsiExec.exe /X{68301905-2DEA-41CE-A4D4-E8B443B099BA} NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0409 NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0409 Ocean Express-->"C:\Program Files\Acer GameZone\Ocean Express\Uninstall.exe" "C:\Program Files\Acer GameZone\Ocean Express\install.log" OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18} Optical Drive Power Management-->"C:\Program Files\InstallShield Installation Information\{AE09C972-EEB2-4DA5-8090-0FCF54576854}\setup.exe" -runfromtemp -l0x0009 -removeonly Orion-->MsiExec.exe /X{5B63A470-9334-44D1-AF61-6CE2DB565AE9} Parking Dash-->"C:\Program Files\Acer GameZone\Parking Dash\Uninstall.exe" "C:\Program Files\Acer GameZone\Parking Dash\install.log" PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall Puzzle Express-->"C:\Program Files\Acer GameZone\Puzzle Express\Uninstall.exe" "C:\Program Files\Acer GameZone\Puzzle Express\install.log" QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD} Rainbow Web-->"C:\Program Files\Acer GameZone\Rainbow Web\Uninstall.exe" "C:\Program Files\Acer GameZone\Rainbow Web\install.log" Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly Realtek USB 2.0 Card Reader-->C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\Setup.exe -runfromtemp -l0x0009 -removeonly Roxio Media Manager-->MsiExec.exe /X{F6377647-81AF-41C0-BC7E-06CF37E204AB} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A} Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A} Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4} Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4} Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76} Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76} Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B} Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB} Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0} Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46} Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46} Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB} Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUnin stall Tether 1.1.0.2-->"C:\Program Files\Tether\unins000.exe" TOPO!-->C:\Windows\IsUninst.exe -fC:\TOPO!\Uninst.isu Tradewinds 2-->"C:\Program Files\Acer GameZone\Tradewinds 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Tradewinds 2\install.log" Tri-Peaks Solitaire To Go-->"C:\Program Files\Acer GameZone\Tri-Peaks Solitaire To Go\Uninstall.exe" "C:\Program Files\Acer GameZone\Tri-Peaks Solitaire To Go\install.log" Turbo Pizza-->"C:\Program Files\Acer GameZone\Turbo Pizza\Uninstall.exe" "C:\Program Files\Acer GameZone\Turbo Pizza\install.log" Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42} Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42} Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987} Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9} Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9} Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63} Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF} Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF} Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245} Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245} Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784} Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876} Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876} Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F} Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C} Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C} Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726} Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726} Update for Outlook 2007 Junk Email Filter (kb983486)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {913DFE19-32EC-4099-89AC-27FC493A7A2E} Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)-->MsiExec.exe /X{CC33E708-A795-4AB3-908A-8F45919BC097} Wedding Dash-->"C:\Program Files\Acer GameZone\Wedding Dash\Uninstall.exe" "C:\Program Files\Acer GameZone\Wedding Dash\install.log" Windows Live Call-->MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-83C47E2E27AA} Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711} Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6} Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C} Windows Live Photo Gallery-->MsiExec.exe /X{F73A5B18-EB75-4B2C-B32D-9457576E2417} Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00} Windows Live Sync-->MsiExec.exe /X{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF} Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2} Zuma Deluxe-->"C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log" ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: ryan-PC Event Code: 15016 Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number. Record Number: 89119 Source Name: Microsoft-Windows-HttpEvent Time Written: 20100624235216.848568-000 Event Type: Error User: Computer Name: ryan-PC Event Code: 7009 Message: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect. Record Number: 89179 Source Name: Service Control Manager Time Written: 20100624235350.000000-000 Event Type: Error User: Computer Name: ryan-PC Event Code: 4001 Message: WLAN AutoConfig service has successfully stopped. Record Number: 89270 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20100625021911.252000-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: ryan-PC Event Code: 15016 Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number. Record Number: 89277 Source Name: Microsoft-Windows-HttpEvent Time Written: 20100625095757.628573-000 Event Type: Error User: Computer Name: ryan-PC Event Code: 7009 Message: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect. Record Number: 89337 Source Name: Service Control Manager Time Written: 20100625095930.000000-000 Event Type: Error User: =====Application event log===== |
#24
|
|||
|
|||
=====Application event log=====
Computer Name: ryan-PC Event Code: 33 Message: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32", version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Record Number: 10744 Source Name: SideBySide Time Written: 20100625095809.000000-000 Event Type: Error User: Computer Name: ryan-PC Event Code: 33 Message: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32", version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Record Number: 10745 Source Name: SideBySide Time Written: 20100625095810.000000-000 Event Type: Error User: Computer Name: ryan-PC Event Code: 33 Message: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32", version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Record Number: 10746 Source Name: SideBySide Time Written: 20100625095810.000000-000 Event Type: Error User: Computer Name: ryan-PC Event Code: 0 Message: Record Number: 10747 Source Name: LeapFrog Connect Device Service Time Written: 20100625095811.000000-000 Event Type: Warning User: Computer Name: ryan-PC Event Code: 10 Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Record Number: 10762 Source Name: Microsoft-Windows-WMI Time Written: 20100625095930.000000-000 Event Type: Error User: =====Security event log===== Computer Name: ryan-PC Event Code: 4648 Message: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: RYAN-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: SYSTEM Account Domain: NT AUTHORITY Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x288 Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Record Number: 19138 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100625100537.035378-000 Event Type: Audit Success User: Computer Name: ryan-PC Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: RYAN-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x288 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 19139 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100625100537.035378-000 Event Type: Audit Success User: Computer Name: ryan-PC Event Code: 4672 Message: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 19140 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100625100537.035378-000 Event Type: Audit Success User: Computer Name: ryan-PC Event Code: 4904 Message: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: RYAN-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1494 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x20f758 Record Number: 19141 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100625100643.060378-000 Event Type: Audit Success User: Computer Name: ryan-PC Event Code: 4905 Message: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: RYAN-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0x1494 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x20f758 Record Number: 19142 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100625100643.060378-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemR oot%\System32\Wbem;C:\Program Files\EgisTec\MyWinLocker 3\x86;C:\Program Files\EgisTec\MyWinLocker 3\x64;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a "NUMBER_OF_PROCESSORS"=1 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.m icrosoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "Pathtem"=%SystemRoot%\system32;%SystemRoot%;%Syst emRoot%\System32\Wbem "NTIPath"=%SystemRoot%\system32;%SystemRoot%;%Syst emRoot%\System32\Wbem;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\; "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip -----------------EOF----------------- |
#25
|
||||
|
||||
Be sure to do that Gmer step in my last post as well please.
|
#26
|
|||
|
|||
gmer with mcafee and malwarebytes removed / unistalled follows in next post
Last edited by ryno; June 26th, 2010 at 03:39 AM. |
#27
|
|||
|
|||
GMER 1.0.15.15281 - httpwww.gmer.net
Rootkit scan 2010-06-25 193554 Windows 6.0.6001 Service Pack 1 Running qzzqw7cv.exe; Driver CUsersryanAppDataLocalTempkgtdrpog.sys ---- Modules - GMER 1.0.15 ---- Module SystemRootsystem32ntkrnlpa.exe 82049000-82402000 (3903488 bytes) Module SystemRootsystem32hal.dll 82016000-82049000 (208896 bytes) Module SystemRootsystem32kdcom.dll 80408000-80410000 (32768 bytes) Module SystemRootsystem32mcupdate_GenuineIntel.dll 80410000-80470000 (393216 bytes) Module SystemRootsystem32PSHED.dll 80470000-80481000 (69632 bytes) Module SystemRootsystem32BOOTVID.dll 80481000-80489000 (32768 bytes) Module SystemRootsystem32CLFS.SYS 80489000-804CA000 (266240 bytes) Module SystemRootsystem32CI.dll 804CA000-805AA000 (917504 bytes) Module SystemRootsystem32driversWdf01000.sys 8060F000-8068B000 (507904 bytes) Module SystemRootsystem32driversWDFLDR.SYS 8068B000-80698000 (53248 bytes) Module SystemRootsystem32driversacpi.sys 80698000-806DE000 (286720 bytes) Module SystemRootsystem32driversWMILIB.SYS 806DE000-806E7000 (36864 bytes) Module SystemRootsystem32driversmsisadrv.sys 806E7000-806EF000 (32768 bytes) Module SystemRootsystem32driverspci.sys 806EF000-80716000 (159744 bytes) Module SystemRootSystem32driverspartmgr.sys 80716000-80725000 (61440 bytes) Module SystemRootsystem32DRIVERScompbatt.sys 80725000-80728000 (12288 bytes) Module SystemRootsystem32DRIVERSBATTC.SYS 80728000-80732000 (40960 bytes) Module SystemRootsystem32driversvolmgr.sys 80732000-80741000 (61440 bytes) Module SystemRootSystem32driversvolmgrx.sys 80741000-8078B000 (303104 bytes) Module SystemRootSystem32driversmountmgr.sys 8078B000-8079B000 (65536 bytes) Module SystemRootSystem32DriversUBHelper.sys 8079B000-807A3000 (32768 bytes) Module SystemRootsystem32DRIVERSiaStor.sys 8260D000-826E8000 (897024 bytes) Module SystemRootsystem32driversatapi.sys 826E8000-826F0000 (32768 bytes) Module SystemRootsystem32driversataport.SYS 826F0000-8270E000 (122880 bytes) Module SystemRootsystem32driversfltmgr.sys 8270E000-82740000 (204800 bytes) Module SystemRootsystem32driversfileinfo.sys 82740000-82750000 (65536 bytes) Module SystemRootSystem32DriversPxHelp20.sys 82750000-82759000 (36864 bytes) Module SystemRootSystem32Driversksecdd.sys 82759000-827CA000 (462848 bytes) Module SystemRootsystem32driversndis.sys 89E01000-89F0C000 (1093632 bytes) Module SystemRootsystem32driversmsrpc.sys 89F0C000-89F37000 (176128 bytes) Module SystemRootsystem32driversNETIO.SYS 89F37000-89F71000 (237568 bytes) Module SystemRootSystem32DriversNtfs.sys 8A001000-8A110000 (1110016 bytes) Module SystemRootsystem32driversvolsnap.sys 8A110000-8A149000 (233472 bytes) Module SystemRootSystem32Driversspldr.sys 8A149000-8A151000 (32768 bytes) Module SystemRootSystem32Driversmup.sys 8A151000-8A160000 (61440 bytes) Module SystemRootSystem32driversecache.sys 8A160000-8A187000 (159744 bytes) Module SystemRootsystem32driversdisk.sys 8A187000-8A198000 (69632 bytes) Module SystemRootsystem32driversCLASSPNP.SYS 8A198000-8A1B9000 (135168 bytes) Module SystemRootsystem32driverscrcdisk.sys 8A1B9000-8A1C2000 (36864 bytes) Module SystemRootsystem32DRIVERStunnel.sys 8D4E1000-8D4EC000 (45056 bytes) Module SystemRootsystem32DRIVERStunmp.sys 8D4EC000-8D4F5000 (36864 bytes) Module SystemRootsystem32DRIVERSintelppm.sys 8D4F5000-8D504000 (61440 bytes) Module SystemRootsystem32DRIVERSigdkmd32.sys 8E601000-8EF00000 (9433088 bytes) Module SystemRootSystem32driversdxgkrnl.sys 8EF00000-8EF9F000 (651264 bytes) Module SystemRootSystem32driverswatchdog.sys |
#28
|
|||
|
|||
Module SystemRootSystem32driverswatchdog.sys 8EF9F000-8EFAC000 (53248 bytes)
Module SystemRootsystem32DRIVERSusbuhci.sys 8EFAC000-8EFB7000 (45056 bytes) Module SystemRootsystem32DRIVERSUSBPORT.SYS 8EFB7000-8EFF5000 (253952 bytes) Module SystemRootsystem32DRIVERSusbehci.sys 8D504000-8D513000 (61440 bytes) Module SystemRootsystem32DRIVERSHDAudBus.sys 8D513000-8D525000 (73728 bytes) Module SystemRootsystem32DRIVERSL1C60x86.sys 8D525000-8D535000 (65536 bytes) Module SystemRootsystem32DRIVERSathr.sys 8D607000-8D6F7000 (983040 bytes) Module SystemRootsystem32DRIVERSi8042prt.sys 8D6F7000-8D70A000 (77824 bytes) Module SystemRootsystem32DRIVERSDKbFltr.sys 8D70A000-8D714000 (40960 bytes) Module SystemRootsystem32DRIVERSkbdclass.sys 8D714000-8D71F000 (45056 bytes) Module SystemRootsystem32DRIVERSSynTP.sys 8D71F000-8D750000 (200704 bytes) Module SystemRootsystem32DRIVERSUSBD.SYS 8D750000-8D752000 (8192 bytes) Module SystemRootsystem32DRIVERSmouclass.sys 8D752000-8D75D000 (45056 bytes) Module SystemRootsystem32DRIVERSCmBatt.sys 8D75D000-8D761000 (16384 bytes) Module SystemRootsystem32DRIVERScdrom.sys 8D761000-8D779000 (98304 bytes) Module SystemRootsystem32DriversNTIDrvr.sys 8D779000-8D781000 (32768 bytes) Module SystemRootsystem32DRIVERSGEARAspiWDM.sys 8D781000-8D787000 (24576 bytes) Module SystemRootsystem32DRIVERSwmiacpi.sys 8D787000-8D790000 (36864 bytes) Module SystemRootsystem32DRIVERSmsiscsi.sys 8D790000-8D7BE000 (188416 bytes) Module SystemRootsystem32DRIVERSstorport.sys 8D7BE000-8D7FF000 (266240 bytes) Module SystemRootsystem32DRIVERSTDI.SYS 8EFF5000-8F000000 (45056 bytes) Module SystemRootSystem32DriversRootMdm.sys 8D535000-8D53D000 (32768 bytes) Module SystemRootsystem32driversmodem.sys 8D53D000-8D54A000 (53248 bytes) Module SystemRootsystem32DRIVERSrasl2tp.sys 8D54A000-8D561000 (94208 bytes) Module SystemRootsystem32DRIVERSndistapi.sys 8D561000-8D56C000 (45056 bytes) Module SystemRootsystem32DRIVERSndiswan.sys 8D56C000-8D58F000 (143360 bytes) Module SystemRootsystem32DRIVERSraspppoe.sys 8D58F000-8D59E000 (61440 bytes) Module SystemRootsystem32DRIVERSraspptp.sys 8D59E000-8D5B2000 (81920 bytes) Module SystemRootsystem32DRIVERSrassstp.sys 8D5B2000-8D5C7000 (86016 bytes) Module SystemRootsystem32DRIVERSRimSerial.sys 8D600000-8D607000 (28672 bytes) Module SystemRootsystem32DRIVERStermdd.sys 8D5C7000-8D5D7000 (65536 bytes) Module SystemRootsystem32DRIVERSswenum.sys 8D5D7000-8D5D9000 (8192 bytes) Module SystemRootsystem32DRIVERSks.sys 8A1CF000-8A1F9000 (172032 bytes) Module SystemRootsystem32DRIVERSmssmbios.sys 8D5D9000-8D5E3000 (40960 bytes) Module SystemRootsystem32DRIVERSumbus.sys 8D5E3000-8D5F0000 (53248 bytes) Module SystemRootsystem32DRIVERSusbhub.sys 89F71000-89FA5000 (212992 bytes) Module SystemRootSystem32DriversNDProxy.SYS 89FA5000-89FB6000 (69632 bytes) Module SystemRootsystem32driversRTKVHDA.sys 8DE0E000-8E04D000 (2355200 bytes) Module SystemRootsystem32driversportcls.sys 8E04D000-8E07A000 (184320 bytes) Module SystemRootsystem32driversdrmk.sys 8E07A000-8E09F000 (151552 bytes) Module SystemRootsystem32driversIntcHdmi.sys 8E09F000-8E0C0000 (135168 bytes) Module SystemRootSystem32DriversFs_Rec.SYS 8E0C0000-8E0C9000 (36864 bytes) Module SystemRootSystem32DriversNull.SYS 8E0C9000-8E0D0000 (28672 bytes) Module SystemRootSystem32DriversBeep.SYS 8E0D0000-8E0D7000 (28672 bytes) Module SystemRootSystem32driversvga.sys 8E0D7000-8E0E3000 (49152 bytes) Module SystemRootSystem32driversVIDEOPRT.SYS 8E0E3000-8E104000 (135168 bytes) Module SystemRootSystem32DRIVERSRDPCDD.sys 8E104000-8E10C000 (32768 bytes) Module SystemRootsystem32driversrdpencdd.sys 8E10C000-8E114000 (32768 bytes) Module SystemRootSystem32DriversMsfs.SYS 8E114000-8E11F000 (45056 bytes) Module SystemRootSystem32DriversNpfs.SYS 8E11F000-8E12D000 (57344 bytes) Module SystemRootSystem32DRIVERSrasacd.sys 8E12D000-8E136000 (36864 bytes) Module SystemRootSystem32driverstcpip.sys 8E208000-8E2F1000 (954368 bytes) Module SystemRootSystem32driversfwpkclnt.sys 8E2F1000-8E30C000 (110592 bytes) Module SystemRootsystem32DRIVERStdx.sys 8E30C000-8E322000 (90112 bytes) Module SystemRootsystem32DRIVERSsmb.sys 8E322000-8E336000 (81920 bytes) Module SystemRootsystem32driversafd.sys 8E336000-8E37E000 (294912 bytes) Module SystemRootSystem32DRIVERSnetbt.sys 8E37E000-8E3B0000 (204800 bytes) Module SystemRootsystem32DRIVERSpacer.sys 8E3B0000-8E3C6000 (90112 bytes) Module SystemRootsystem32DRIVERSnetbios.sys 8E3C6000-8E3D4000 (57344 bytes) Module SystemRootsystem32DRIVERSwanarp.sys 8E3D4000-8E3E7000 (77824 bytes) Module SystemRootsystem32DRIVERSrdbss.sys 8E136000-8E172000 (245760 bytes) Module SystemRootsystem32driversnsiproxy.sys 8E3E7000-8E3F1000 (40960 bytes) Module SystemRootSystem32Driversdfsc.sys 8E172000-8E189000 (94208 bytes) Module SystemRootSystem32Driversfastfat.SYS 8E189000-8E1B1000 (163840 bytes) Module SystemRootsystem32DRIVERSusbccgp.sys 8E1B1000-8E1C8000 (94208 bytes) Module SystemRootsystem32DRIVERShidusb.sys 8E3F1000-8E3FA000 (36864 bytes) Module SystemRootsystem32DRIVERSHIDCLASS.SYS 8E1C8000-8E1D8000 (65536 bytes) Module SystemRootsystem32DRIVERSHIDPARSE.SYS 8E200000-8E207000 (28672 bytes) Module SystemRootsystem32DRIVERSmouhid.sys 8E1D8000-8E1E0000 (32768 bytes) Module SystemRootSystem32Driverscrashdmp.sys 8E1E0000-8E1ED000 (53248 bytes) Module SystemRootSystem32Driversdump_iaStor.sys 8D400000-8D4DB000 (897024 bytes) Module SystemRootSystem32Driversusbvideo.sys 89FB6000-89FD7000 (135168 bytes) Module SystemRootSystem32win32k.sys 96A80000-96C82000 (2105344 bytes) Module SystemRootSystem32driversDxapi.sys 8E1ED000-8E1F7000 (40960 bytes) Module SystemRootsystem32DRIVERSmonitor.sys 8D5F0000-8D5FF000 (61440 bytes) Module SystemRootSystem32TSDDD.dll 96CA0000-96CA9000 (36864 bytes) Module SystemRootSystem32cdd.dll 96CC0000-96CCE000 (57344 bytes) Module SystemRootsystem32driversluafv.sys 89FD7000-89FF2000 (110592 bytes) Module SystemRootsystem32DRIVERSmwlPSDFilter.sys 8E1F7000-8E200000 (36864 bytes) Module SystemRootsystem32DRIVERSirda.sys 827CA000-827E8000 (122880 bytes) Module SystemRootsystem32DRIVERSlltdio.sys 827E8000-827F8000 (65536 bytes) Module SystemRootsystem32DRIVERSnwifi.sys 807A3000-807CD000 (172032 bytes) Module SystemRootsystem32DRIVERSndisuio.sys 8DE00000-8DE0A000 (40960 bytes) Module SystemRootsystem32DRIVERSrspndr.sys 807CD000-807E0000 (77824 bytes) Module SystemRootsystem32driversHTTP.sys AA201000-AA26E000 (446464 bytes) Module SystemRootSystem32DRIVERSsrvnet.sys AA26E000-AA28B000 (118784 bytes) Module SystemRootsystem32DRIVERSbowser.sys AA28B000-AA2A4000 (102400 bytes) Module SystemRootSystem32driversmpsdrv.sys AA2A4000-AA2B9000 (86016 bytes) Module SystemRootsystem32driversspsys.sys AA2B9000-AA368000 (716800 bytes) Module SystemRootsystem32driversmrxdav.sys AA368000-AA388000 (131072 bytes) Module SystemRootsystem32DRIVERSmrxsmb.sys AA388000-AA3A7000 (126976 bytes) Module SystemRootsystem32DRIVERSmrxsmb10.sys AA3A7000-AA3E0000 (233472 bytes) Module SystemRootsystem32DRIVERSmrxsmb20.sys AA3E0000-AA3F8000 (98304 bytes) Module SystemRootSystem32DRIVERSsrv2.sys 805AA000-805D1000 (159744 bytes) Module SystemRootSystem32DRIVERSsrv.sys AAC01000-AAC4F000 (319488 bytes) Module SystemRootsystem32DRIVERSmwlPSDNServ.sys AAC4F000-AAC58000 (36864 bytes) Module SystemRootsystem32DRIVERSmwlPSDVDisk.sys AAC58000-AAC6A000 (73728 bytes) Module SystemRootsystem32driverspeauth.sys AAC6A000-AAD48000 (909312 bytes) Module SystemRootSystem32Driverssecdrv.SYS AAD48000-AAD52000 (40960 bytes) Module SystemRootSystem32driverstcpipreg.sys AAD52000-AAD5E000 (49152 bytes) Module SystemRootsystem32DRIVERScdfs.sys AAD5E000-AAD74000 (90112 bytes) Module CUsersryanAppDataLocalTempkgtdrpog.sys AAD74000-AAD8B000 (94208 bytes) Module WindowsSystem32ntdll.dll 77900000-77A27000 (1208320 bytes) |
#29
|
|||
|
|||
Module WindowsSystem32ntdll.dll 77900000-77A27000 (1208320 bytes)
---- Processes - GMER 1.0.15 ---- Process System Idle 0 Process System 4 Process CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe 324 Library CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe 0x00A40000 Library CWindowssystem32ntdll.dll 0x77900000 Library CWindowssystem32kernel32.dll 0x77A30000 Library CWindowssystem32WSOCK32.dll 0x72250000 Library CWindowssystem32WS2_32.dll 0x763D0000 Library CWindowssystem32msvcrt.dll 0x771A0000 Library CWindowssystem32ADVAPI32.dll 0x77740000 Library CWindowssystem32RPCRT4.dll 0x77670000 Library CWindowssystem32NSI.dll 0x77380000 Library CWindowssystem32SETUPAPI.dll 0x774E0000 Library CWindowssystem32GDI32.dll 0x77B10000 Library CWindowssystem32USER32.dll 0x77250000 Library CWindowssystem32OLEAUT32.dll 0x772F0000 Library CWindowssystem32ole32.dll 0x77390000 Library CWindowssystem32WTSAPI32.dll 0x75060000 Library CWindowssystem32USERENV.dll 0x76020000 Library CWindowssystem32Secur32.dll 0x76000000 Library CWindowssystem32IMM32.DLL 0x77860000 Library CWindowssystem32MSCTF.dll 0x762A0000 Library CWindowssystem32LPK.DLL 0x77190000 Library CWindowssystem32USP10.dll 0x77880000 Library CWindowssystem32NTMARTA.DLL 0x75480000 Library CWindowssystem32WLDAP32.dll 0x77810000 Library CWindowssystem32PSAPI.DLL 0x76160000 Library CWindowssystem32SAMLIB.dll 0x75C00000 Library CWindowssystem32mswsock.dll 0x75770000 Library CWindowsSystem32wshtcpip.dll 0x75450000 Library CWindowssystem32WINTRUST.dll 0x752B0000 Library CWindowssystem32CRYPT32.dll 0x75A80000 Library CWindowssystem32MSASN1.dll 0x75BE0000 Library CWindowssystem32imagehlp.dll 0x77160000 Process CProgram FilesBonjourmDNSResponder.exe 432 Library CProgram FilesBonjourmDNSResponder.exe 0x00400000 Library CWindowssystem32ntdll.dll 0x77900000 Library CWindowssystem32kernel32.dll 0x77A30000 Library CWindowssystem32WS2_32.dll 0x763D0000 Library CWindowssystem32msvcrt.dll 0x771A0000 Library CWindowssystem32ADVAPI32.dll 0x77740000 Library CWindowssystem32RPCRT4.dll 0x77670000 Library CWindowssystem32NSI.dll 0x77380000 Library CWindowssystem32IPHLPAPI.DLL 0x759E0000 Library CWindowssystem32dhcpcsvc.DLL 0x759A0000 Library CWindowssystem32DNSAPI.dll 0x75C20000 Library CWindowssystem32Secur32.dll 0x76000000 Library CWindowssystem32WINNSI.DLL 0x75990000 Library CWindowssystem32dhcpcsvc6.DLL 0x75960000 Library CWindowssystem32USER32.dll 0x77250000 Library CWindowssystem32GDI32.dll 0x77B10000 Library CWindowssystem32ole32.dll 0x77390000 Library CWindowssystem32OLEAUT32.dll 0x772F0000 Library CWindowssystem32IMM32.DLL 0x77860000 Library CWindowssystem32MSCTF.dll 0x762A0000 Library CWindowssystem32LPK.DLL 0x77190000 Library CWindowssystem32USP10.dll 0x77880000 Library CWindowssystem32rsaenh.dll 0x75520000 Library CWindowssystem32SHELL32.dll 0x76490000 Library CWindowssystem32SHLWAPI.dll 0x76370000 Library CWindowsWinSxSx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdb aa5a083979cccomctl32.dll 0x74EB0000 Library CWindowssystem32USERENV.dll 0x76020000 Library CWindowssystem32mswsock.dll 0x75770000 Library CWindowsSystem32wshtcpip.dll 0x75450000 Library CWindowsSystem32wship6.dll 0x757E0000 Process CWindowsSystem32smss.exe 444 Library CWindowsSystem32smss.exe 0x47DC0000 Library CWindowssystem32ntdll.dll 0x77900000 |
#30
|
|||
|
|||
Library CWindowssystem32ntdll.dll 0x77900000
Process CProgram FilesLaunch Managerdsiwmis.exe 472 Library CProgram FilesLaunch Managerdsiwmis.exe 0x00400000 Library CWindowssystem32ntdll.dll 0x77900000 Library CWindowssystem32kernel32.dll 0x77A30000 Library CWindowssystem32ADVAPI32.dll 0x77740000 Library CWindowssystem32RPCRT4.dll 0x77670000 Library CWindowssystem32ole32.dll 0x77390000 Library CWindowssystem32msvcrt.dll 0x771A0000 Library CWindowssystem32GDI32.dll 0x77B10000 Library CWindowssystem32USER32.dll 0x77250000 Library CWindowssystem32OLEAUT32.dll 0x772F0000 Library CWindowssystem32IMM32.DLL 0x77860000 Library CWindowssystem32MSCTF.dll 0x762A0000 Library CWindowssystem32LPK.DLL 0x77190000 Library CWindowssystem32USP10.dll 0x77880000 Process CProgram FilesSynapticsSynTPSynTPEnh.exe 488 Library CProgram FilesSynapticsSynTPSynTPEnh.exe 0x00400000 Library CWindowssystem32ntdll.dll 0x77900000 Library CWindowssystem32kernel32.dll 0x77A30000 Library CWindowssystem32VERSION.dll 0x75470000 Library CWindowssystem32msvcrt.dll 0x771A0000 Library CWindowssystem32WINMM.dll 0x74C40000 Library CWindowssystem32USER32.dll 0x77250000 Library CWindowssystem32GDI32.dll 0x77B10000 Library CWindowssystem32ADVAPI32.dll 0x77740000 Library CWindowssystem32RPCRT4.dll 0x77670000 Library CWindowssystem32ole32.dll 0x77390000 Library CWindowssystem32OLEAUT32.dll 0x772F0000 Library CWindowssystem32OLEACC.dll 0x74C00000 Library CWindowssystem32PSAPI.DLL 0x76160000 Library CWindowssystem32comdlg32.dll 0x770E0000 Library CWindowssystem32SHLWAPI.dll 0x76370000 Library CWindowsWinSxSx86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18000_none_886 786f450a74a05COMCTL32.dll 0x73BB0000 Library CWindowssystem32SHELL32.dll 0x76490000 Library CWindowssystem32IMM32.DLL 0x77860000 Library CWindowssystem32MSCTF.dll 0x762A0000 Library CWindowssystem32LPK.DLL 0x77190000 Library CWindowssystem32USP10.dll 0x77880000 Library CWindowsWinSxSx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdb aa5a083979cccomctl32.dll 0x74EB0000 Library CWindowssystem32uxtheme.dll 0x751B0000 Library CWindowssystem32CLBCatQ.DLL 0x76400000 Library CWindowssystem32SynCOM.dll 0x10000000 Library CWindowssystem32SynTPAPI.dll 0x63010000 Library CWindowssystem32WINSTA.dll 0x75FD0000 Library CProgram FilesAcerAcer PowerSmart ManagerSysHook.dll 0x01970000 Library CWindowssystem32WINSPOOL.DRV 0x721C0000 Library CWindowssystem32PROPSYS.dll 0x748A0000 Library CWindowssystem32USERENV.dll 0x76020000 Library CWindowssystem32Secur32.dll 0x76000000 Library CWindowssystem32urlmon.dll 0x76170000 Library CWindowssystem32iertutil.dll 0x76FA0000 Library CWindowssystem32SETUPAPI.dll 0x774E0000 Library CWindowssystem32MPR.dll 0x75B80000 |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Cannot use progams, security suite malware. | Sunderland06 | Malware Removal | 1 | August 15th, 2010 06:03 AM |
AV Security Suite & other Malware Help | ates | Malware Removal | 22 | July 25th, 2010 12:43 AM |
AV Security Suite | oasis.g | Malware Removal | 5 | July 15th, 2010 02:17 AM |
AT&T McAfee Security Suite & Malwarebytes Anti-Malware | kimbee | Applications | 4 | November 7th, 2009 06:01 PM |
Security Suite | Shalimarp3 | Windows XP | 2 | December 30th, 2006 05:31 AM |
All times are GMT +1. The time now is 01:26 AM.