|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
Bad image error everytime i open a file or program
Hello im new to the forum im getting a Bad image error everytime i open a file or program started the computer up this morning and there it was does anyone know how to remove it thanks.
|
#2
|
||||
|
||||
Hello XR8rGREAT and welcome to CTH
Let´s see what´s running on your computer. Download Ccleaner: Here Click on -> “Download Latest Version” Once installed, run CCleaner click the Windows tab Select the following: Internet Explorer: Temp Internet History Recently Typed URLs Delete Index.dat files System: Empty Recycle Bin Temporary Files Memory Dumps Chkdsk File Fragments Then click Run Cleaner (bottom right) then Exit Please download Malwarebytes' Anti-Malware: Here to your desktop. Double-click mbam-setup and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform full scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Please save it to a convenient location. NB. If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Click: Here to download HJTinstall.exe Save HJTinstall.exe to your desktop. Double click on the HJTinstall.exe icon on your desktop. By default it will install to C:\Program Files\Trend Micro\Hijack This. Click I accept Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log. Click Save to save the log file and then the log will open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. Post hijackthis log along with Malwarebytes' Anti-Malware log, and tell how things are running ? |
#3
|
|||
|
|||
sorry for the slow reply heres the two logs first is the malwarebytes log
Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5785 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8080.16413 18/02/2011 6:41:43 p.m. mbam-log-2011-02-18 (18-41-43).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 328554 Time elapsed: 1 hour(s), 6 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: d:\John\Games\Hawx\HAWX\Support\detectiontool\UK\l ocal.dll (Trojan.Packer.Gen) -> Quarantined and deleted successfully. d:\John\Games\Hawx\Support\detectiontool\UK\local. dll (Trojan.Packer.Gen) -> Quarantined and deleted successfully. d:\John\Games\dawn of war soulstorm\bugreport\bugreport.exe (Trojan.Packer.Gen) -> Quarantined and deleted successfully. c:\Windows\System32\hosts (Trojan.Agent) -> Quarantined and deleted successfully. |
#4
|
|||
|
|||
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:47:44 p.m., on 18/02/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8080.16413) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Total PC Care\TPC.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe C:\Program Files\Acer\Empowering Technology\SysMonitor.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Fighters\SPYWAREfighter\swproTray.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\SearchFilterHost.exe C:\PROGRA~1\Raptr\raptr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Raptr\raptr_im.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10l_Ac tiveX.exe C:\Program Files\Raptr\raptr_ep32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...m=aspire_x1700 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...m=aspire_x1700 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\s wg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe /AutoRun O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [SWPROguard] C:\Program Files\Fighters\SPYWAREfighter\SWPROTray.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Raptr] C:\PROGRA~1\Raptr\raptrstub.exe --startup O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///D:/Michelle/Games/PopCap%20Games/Mystery%20P.I.%20-%20The%20New%20York%20Fortune/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: AV Engine Scanning Service - Preventon Technologies Limited - C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe O23 - Service: AV Watch Service - Preventon Technologies Limited - C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe O23 - Service: TPCDiskOptimizer - PCOptimax, (www.pc-optimax.com) - C:\Program Files\Total PC Care\TPCDefragSrv.exe -- End of file - 10488 bytes |
#5
|
|||
|
|||
sorry posted them the wrong wayaround but still getting the error so far what do i do next thanks
Last edited by XR8rGREAT; February 18th, 2011 at 11:37 PM. |
#6
|
|||
|
|||
Hello what do i do next
|
#7
|
||||
|
||||
Touch is not available right now XR8rGREAT, so I will follow up with you here. Let's get a more detailed look at things, then decide what repairs are needed.
To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed. Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button. If RSIT downloads/installs HijackThis be sure to agree to the install of that. Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt. RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt). You can break logs into parts and use separate posts here when replying and posting the log files, if needed. -------------- Click here and download the installer for Gmer to your desktop, then click that file to run Gmer. Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. Note - If Gmer shows it has located infection once it's opening scan completes, do not click the Scan button. We don't want hidden malware settings to cause any problems. Instead, just click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. ------------- Also download Gmer's mbr.exe from here and place it on your C drive (so the file is then C:\mbr.exe). Go to Start - Run, type cmd (and press OK). At the prompt type or copy/paste the following, pressing Enter after each: cd\ mbr.exe -t Then type exit and press Enter to close the command window. The report created in the command window will have been saved to C:\mbr.log. Locate that and post it here please. A lot of posting, but a good comprehensive look at things there. |
#8
|
|||
|
|||
Logfile of random's system information tool 1.08 (written by random/random)
Run by John & Michelle at 2011-02-21 22:17:00 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 80 GB (56%) free of 143 GB Total RAM: 3071 MB (57% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:17:12 p.m., on 21/02/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8080.16413) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe C:\Program Files\Acer\Empowering Technology\SysMonitor.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10l_Ac tiveX.exe C:\PROGRA~1\Raptr\raptr.exe C:\PROGRA~1\Raptr\raptr_im.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Raptr\raptr_ep32.exe C:\Users\John & Michelle\Desktop\RSIT.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\trend micro\John & Michelle.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...m=aspire_x1700 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...m=aspire_x1700 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\s wg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe /AutoRun O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Raptr] C:\PROGRA~1\Raptr\raptrstub.exe --startup O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///D:/Michelle/Games/PopCap%20Games/Mystery%20P.I.%20-%20The%20New%20York%20Fortune/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe -- End of file - 9994 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll [2011-01-07 2731872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-11-20 325408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] AVG Security Toolbar BHO - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2010-11-25 2463048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-02-18 279664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\s wg.dll [2011-02-18 812528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-20 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2010-11-25 2463048] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-02-18 279664] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-08-19 6265376] "eRecoveryService"= [] "XboxStat"=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264] "WindowsLivePhone"=C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe [2008-12-22 787816] "EmpoweringTechnology"=C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe [2008-06-03 319488] "Acer Empowering Technology Monitor"=C:\Program Files\Acer\Empowering Technology\SysMonitor.exe [2008-06-03 319488] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-07-13 74752] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [] "LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-12-06 1910152] "Skytel"=C:\Windows\Skytel.exe [2008-08-19 1833504] "AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2011-01-07 2747744] "Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976] [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-09-23 4240760] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-09 490952] "WindowsLivePhone"=C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe [2008-12-22 787816] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] "Raptr"=C:\PROGRA~1\Raptr\raptrstub.exe [2011-02-11 53160] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-26 28672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [2011-02-18 39408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] C:\Users\John & Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Impulse Now.lnk - C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62 ~1.DLL" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\Hamachi2Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== |
#9
|
|||
|
|||
2011-02-20 18:03:16 ----A---- C:\Windows\system32\xactengine3_5.dll
2011-02-20 18:03:16 ----A---- C:\Windows\system32\D3DCompiler_42.dll 2011-02-20 18:03:15 ----A---- C:\Windows\system32\d3dx11_42.dll 2011-02-20 18:03:15 ----A---- C:\Windows\system32\d3dcsx_42.dll 2011-02-20 18:03:13 ----A---- C:\Windows\system32\XAudio2_4.dll 2011-02-20 18:03:13 ----A---- C:\Windows\system32\xactengine3_4.dll 2011-02-20 18:03:13 ----A---- C:\Windows\system32\X3DAudio1_6.dll 2011-02-20 18:03:13 ----A---- C:\Windows\system32\D3DX9_41.dll 2011-02-20 18:03:12 ----A---- C:\Windows\system32\d3dx10_40.dll 2011-02-20 18:03:12 ----A---- C:\Windows\system32\D3DCompiler_40.dll 2011-02-20 18:03:11 ----A---- C:\Windows\system32\D3DX9_40.dll 2011-02-20 18:03:10 ----A---- C:\Windows\system32\XAudio2_2.dll 2011-02-20 18:03:10 ----A---- C:\Windows\system32\XAPOFX1_1.dll 2011-02-20 18:03:09 ----A---- C:\Windows\system32\xactengine3_2.dll 2011-02-19 00:52:56 ----RHD---- C:\Users\John & Michelle\AppData\Roaming\SecuROM 2011-02-18 22:26:16 ----D---- C:\Windows\Downloaded Installations 2011-02-18 08:02:42 ----D---- C:\Users\John & Michelle\AppData\Roaming\Malwarebytes 2011-02-18 08:02:30 ----D---- C:\ProgramData\Malwarebytes 2011-02-18 08:02:30 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2011-02-18 08:02:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2011-02-18 08:02:26 ----A---- C:\Windows\system32\drivers\mbam.sys 2011-02-18 07:54:59 ----D---- C:\Program Files\CCleaner 2011-02-18 07:53:43 ----D---- C:\ProgramData\Google 2011-02-18 07:53:09 ----D---- C:\Windows\Repair 2011-02-18 07:53:08 ----D---- C:\Users\John & Michelle\AppData\Roaming\PCOptimax 2011-02-17 20:39:54 ----D---- C:\ProgramData\clp 2011-02-17 20:39:00 ----D---- C:\ProgramData\Common Toolkit Suite 2011-02-17 20:38:52 ----D---- C:\ProgramData\Fighters 2011-02-17 20:38:07 ----D---- C:\Users\John & Michelle\AppData\Roaming\Fighters 2011-02-17 20:00:48 ----D---- C:\rsit 2011-02-17 20:00:48 ----D---- C:\Program Files\trend micro 2011-02-14 21:15:31 ----D---- C:\Users\John & Michelle\AppData\Roaming\Raptr 2011-02-14 21:15:31 ----D---- C:\Program Files\Raptr 2011-02-12 17:54:23 ----D---- C:\Windows\en 2011-02-12 17:52:07 ----A---- C:\Windows\system32\XAudio2_5.dll 2011-02-12 17:52:07 ----A---- C:\Windows\system32\XAPOFX1_3.dll 2011-02-12 17:50:46 ----A---- C:\Windows\system32\webservices.dll 2011-02-12 17:49:56 ----D---- C:\Program Files\Microsoft Silverlight 2011-02-12 17:49:24 ----D---- C:\Windows\system32\WindowsPowerShell 2011-02-12 17:48:04 ----A---- C:\Windows\system32\winrsmgr.dll 2011-02-12 17:48:00 ----A---- C:\Windows\system32\wsmprovhost.exe 2011-02-12 17:47:59 ----A---- C:\Windows\system32\wsmplpxy.dll 2011-02-12 17:47:59 ----A---- C:\Windows\system32\winrssrv.dll 2011-02-12 17:47:59 ----A---- C:\Windows\system32\winrshost.exe 2011-02-12 17:47:59 ----A---- C:\Windows\system32\winrs.exe 2011-02-12 17:47:58 ----A---- C:\Windows\system32\WsmRes.dll 2011-02-12 17:47:58 ----A---- C:\Windows\system32\wevtfwd.dll 2011-02-12 17:47:58 ----A---- C:\Windows\system32\wecutil.exe 2011-02-12 17:47:58 ----A---- C:\Windows\system32\wecsvc.dll 2011-02-12 17:47:58 ----A---- C:\Windows\system32\wecapi.dll 2011-02-12 17:47:58 ----A---- C:\Windows\system32\pwrshplugin.dll 2011-02-12 17:47:54 ----A---- C:\Windows\system32\WsmWmiPl.dll 2011-02-12 17:47:54 ----A---- C:\Windows\system32\WsmSvc.dll 2011-02-12 17:47:54 ----A---- C:\Windows\system32\WsmAuto.dll 2011-02-12 17:47:54 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll 2011-02-12 17:47:54 ----A---- C:\Windows\system32\WSManHTTPConfig.exe 2011-02-12 17:47:54 ----A---- C:\Windows\system32\winrscmd.dll 2011-02-12 17:47:54 ----A---- C:\Windows\system32\winrm.vbs 2011-02-12 17:46:37 ----D---- C:\ProgramData\NVIDIA Corporation 2011-02-12 17:44:17 ----A---- C:\Windows\system32\shsvcs.dll 2011-02-12 17:05:35 ----A---- C:\Windows\system32\wininet.dll 2011-02-12 17:05:35 ----A---- C:\Windows\system32\urlmon.dll 2011-02-12 17:05:35 ----A---- C:\Windows\system32\msrating.dll 2011-02-12 17:05:35 ----A---- C:\Windows\system32\msls31.dll 2011-02-12 17:05:35 ----A---- C:\Windows\system32\jsproxy.dll 2011-02-12 17:05:35 ----A---- C:\Windows\system32\iertutil.dll 2011-02-12 17:05:34 ----A---- C:\Windows\system32\webcheck.dll 2011-02-12 17:05:34 ----A---- C:\Windows\system32\url.dll 2011-02-12 17:05:34 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2011-02-12 17:05:34 ----A---- C:\Windows\system32\mshtmled.dll 2011-02-12 17:05:34 ----A---- C:\Windows\system32\licmgr10.dll 2011-02-12 17:05:34 ----A---- C:\Windows\system32\inseng.dll 2011-02-12 17:05:34 ----A---- C:\Windows\system32\iesetup.dll 2011-02-12 17:05:34 ----A---- C:\Windows\system32\iernonce.dll 2011-02-12 17:05:34 ----A---- C:\Windows\system32\iedkcs32.dll 2011-02-12 17:05:34 ----A---- C:\Windows\system32\ieapfltr.dll 2011-02-12 17:05:34 ----A---- C:\Windows\system32\ie4uinit.exe 2011-02-12 17:05:34 ----A---- C:\Windows\system32\icardie.dll 2011-02-12 17:05:33 ----A---- C:\Windows\system32\wextract.exe 2011-02-12 17:05:33 ----A---- C:\Windows\system32\vbscript.dll 2011-02-12 17:05:33 ----A---- C:\Windows\system32\pngfilt.dll 2011-02-12 17:05:33 ----A---- C:\Windows\system32\occache.dll 2011-02-12 17:05:33 ----A---- C:\Windows\system32\mshtml.dll 2011-02-12 17:05:33 ----A---- C:\Windows\system32\mshta.exe 2011-02-12 17:05:33 ----A---- C:\Windows\system32\msfeeds.dll 2011-02-12 17:05:33 ----A---- C:\Windows\system32\jscript9.dll 2011-02-12 17:05:33 ----A---- C:\Windows\system32\iexpress.exe 2011-02-12 17:05:33 ----A---- C:\Windows\system32\ieUnatt.exe 2011-02-12 17:05:33 ----A---- C:\Windows\system32\ieakui.dll 2011-02-12 17:05:33 ----A---- C:\Windows\system32\ieaksie.dll 2011-02-12 17:05:33 ----A---- C:\Windows\system32\admparse.dll 2011-02-12 17:05:32 ----A---- C:\Windows\system32\SetIEInstalledDate.exe 2011-02-12 17:05:32 ----A---- C:\Windows\system32\mshtmler.dll 2011-02-12 17:05:32 ----A---- C:\Windows\system32\msfeedssync.exe 2011-02-12 17:05:32 ----A---- C:\Windows\system32\msfeedsbs.dll 2011-02-12 17:05:32 ----A---- C:\Windows\system32\jscript.dll 2011-02-12 17:05:32 ----A---- C:\Windows\system32\imgutil.dll 2011-02-12 17:05:32 ----A---- C:\Windows\system32\ieui.dll 2011-02-12 17:05:32 ----A---- C:\Windows\system32\iesysprep.dll 2011-02-12 17:05:32 ----A---- C:\Windows\system32\iepeers.dll 2011-02-12 17:05:32 ----A---- C:\Windows\system32\ieframe.dll 2011-02-12 17:05:32 ----A---- C:\Windows\system32\ieakeng.dll 2011-02-12 17:05:32 ----A---- C:\Windows\system32\IEAdvpack.dll 2011-02-12 17:05:32 ----A---- C:\Windows\system32\advpack.dll 2011-02-12 17:05:31 ----A---- C:\Windows\system32\dxtrans.dll 2011-02-12 17:05:31 ----A---- C:\Windows\system32\dxtmsft.dll 2011-02-12 17:03:50 ----D---- C:\Program Files\Feedback Tool 2011-02-10 21:27:50 ----D---- C:\Users\John & Michelle\AppData\Roaming\AVG10 2011-02-10 20:51:27 ----HD---- C:\ProgramData\Common Files 2011-02-10 20:51:20 ----D---- C:\ProgramData\AVG Security Toolbar 2011-02-10 20:50:25 ----D---- C:\Windows\system32\drivers\AVG 2011-02-10 20:50:25 ----D---- C:\ProgramData\AVG10 2011-02-10 19:25:30 ----HD---- C:\$AVG 2011-02-10 19:09:49 ----D---- C:\ProgramData\MFAData 2011-02-09 18:50:11 ----A---- C:\Windows\system32\win32k.sys 2011-02-09 18:50:09 ----A---- C:\Windows\system32\ntoskrnl.exe 2011-02-09 18:50:09 ----A---- C:\Windows\system32\ntkrnlpa.exe 2011-02-09 18:50:09 ----A---- C:\Windows\system32\ntdll.dll 2011-02-09 18:50:03 ----A---- C:\Windows\system32\FntCache.dll 2011-02-09 18:50:03 ----A---- C:\Windows\system32\DWrite.dll 2011-02-09 18:50:03 ----A---- C:\Windows\system32\d3d10warp.dll 2011-02-09 18:50:02 ----A---- C:\Windows\system32\MFH264Dec.dll 2011-02-09 18:50:02 ----A---- C:\Windows\system32\d2d1.dll 2011-02-09 18:50:01 ----A---- C:\Windows\system32\XpsRasterService.dll 2011-02-09 18:50:00 ----A---- C:\Windows\system32\xpsservices.dll 2011-02-09 18:50:00 ----A---- C:\Windows\system32\XpsPrint.dll 2011-02-09 18:50:00 ----A---- C:\Windows\system32\XpsGdiConverter.dll 2011-02-09 18:50:00 ----A---- C:\Windows\system32\OpcServices.dll 2011-02-09 18:50:00 ----A---- C:\Windows\system32\mfreadwrite.dll 2011-02-09 18:50:00 ----A---- C:\Windows\system32\mfmp4src.dll 2011-02-09 18:50:00 ----A---- C:\Windows\system32\MFHEAACdec.dll 2011-02-09 18:50:00 ----A---- C:\Windows\system32\mf.dll 2011-02-09 18:50:00 ----A---- C:\Windows\system32\dxgi.dll 2011-02-09 18:50:00 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys 2011-02-09 18:50:00 ----A---- C:\Windows\system32\d3d10_1core.dll 2011-02-09 18:50:00 ----A---- C:\Windows\system32\d3d10_1.dll 2011-02-09 18:50:00 ----A---- C:\Windows\system32\d3d10.dll 2011-02-09 18:49:59 ----A---- C:\Windows\system32\stobject.dll 2011-02-09 18:49:59 ----A---- C:\Windows\system32\shdocvw.dll 2011-02-09 18:49:59 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe 2011-02-09 18:49:59 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll 2011-02-09 18:49:59 ----A---- C:\Windows\system32\mfps.dll 2011-02-09 18:49:59 ----A---- C:\Windows\system32\mfplat.dll 2011-02-09 18:49:59 ----A---- C:\Windows\system32\d3d10level9.dll 2011-02-09 18:49:59 ----A---- C:\Windows\system32\d3d10core.dll 2011-02-09 18:49:59 ----A---- C:\Windows\system32\cdd.dll 2011-02-09 18:49:44 ----A---- C:\Windows\system32\mstime.dll 2011-02-09 18:49:42 ----A---- C:\Windows\system32\shell32.dll 2011-02-09 18:49:41 ----A---- C:\Windows\system32\shlwapi.dll 2011-02-09 18:49:40 ----A---- C:\Windows\system32\atmlib.dll 2011-02-09 18:49:40 ----A---- C:\Windows\system32\atmfd.dll 2011-01-25 21:03:18 ----D---- C:\ProgramData\Ironclad Games 2011-01-25 21:03:16 ----D---- C:\Program Files\Common Files\Stardock 2011-01-25 07:59:46 ----D---- C:\Users\John & Michelle\AppData\Roaming\Stardock 2011-01-25 07:59:21 ----D---- C:\ProgramData\Stardock 2011-01-25 07:59:21 ----D---- C:\Program Files\Stardock 2011-01-25 07:59:07 ----HDC---- C:\ProgramData\{2041E276-412A-4DCE-8FA8-E5444D9774F5} 2011-01-23 00:38:02 ----HD---- C:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26} ======List of files/folders modified in the last 1 months====== 2011-02-21 22:17:18 ----D---- C:\Windows\Temp 2011-02-21 22:17:12 ----D---- C:\Windows\Prefetch 2011-02-21 22:04:53 ----D---- C:\Windows\System32 2011-02-21 22:04:53 ----D---- C:\Windows\inf 2011-02-21 22:04:53 ----A---- C:\Windows\system32\PerfStringBackup.INI 2011-02-21 06:01:38 ----D---- C:\Windows\system32\catroot2 2011-02-20 20:05:24 ----SHD---- C:\System Volume Information 2011-02-20 18:02:51 ----RSD---- C:\Windows\assembly 2011-02-19 08:18:47 ----HD---- C:\ProgramData 2011-02-18 22:28:08 ----SHD---- C:\Windows\Installer 2011-02-18 22:26:16 ----D---- C:\Windows 2011-02-18 22:17:35 ----HD---- C:\Program Files\InstallShield Installation Information 2011-02-18 20:55:24 ----D---- C:\Windows\system32\WDI 2011-02-18 20:39:16 ----RD---- C:\Program Files 2011-02-18 20:39:15 ----D---- C:\Program Files\Common Files 2011-02-18 20:39:03 ----D---- C:\Windows\system32\drivers 2011-02-18 18:45:07 ----D---- C:\Windows\system32\Tasks 2011-02-18 08:01:29 ----D---- C:\Users\John & Michelle\AppData\Roaming\Winamp 2011-02-18 08:01:24 ----D---- C:\Windows\Minidump 2011-02-18 07:54:25 ----D---- C:\Windows\Tasks 2011-02-18 07:54:00 ----D---- C:\Program Files\Google 2011-02-17 20:39:10 ----D---- C:\Windows\system32\catroot 2011-02-12 18:34:14 ----D---- C:\Windows\rescache 2011-02-12 18:18:44 ----D---- C:\ProgramData\NVIDIA 2011-02-12 18:17:11 ----D---- C:\Windows\system32\en-US 2011-02-12 17:59:10 ----D---- C:\Windows\Microsoft.NET 2011-02-12 17:53:43 ----D---- C:\Program Files\Windows Live 2011-02-12 17:52:38 ----SD---- C:\ProgramData\Microsoft 2011-02-12 17:52:37 ----RSD---- C:\Windows\Fonts 2011-02-12 17:52:17 ----D---- C:\Program Files\Common Files\microsoft shared 2011-02-12 17:50:55 ----D---- C:\Windows\winsxs 2011-02-12 17:49:27 ----D---- C:\Windows\PolicyDefinitions 2011-02-12 17:47:09 ----D---- C:\Program Files\NVIDIA Corporation 2011-02-12 17:07:34 ----RD---- C:\Windows\Offline Web Pages 2011-02-12 17:07:34 ----D---- C:\Windows\system32\wbem 2011-02-12 17:07:34 ----D---- C:\Windows\system32\migration 2011-02-12 17:07:33 ----SD---- C:\Windows\Downloaded Program Files 2011-02-12 17:07:33 ----D---- C:\Program Files\Internet Explorer 2011-02-12 17:03:48 ----D---- C:\Windows\Logs 2011-02-10 19:25:29 ----D---- C:\ProgramData\avg8 2011-02-10 19:24:36 ----SD---- C:\Users\John & Michelle\AppData\Roaming\Microsoft 2011-02-10 19:23:40 ----D---- C:\Program Files\AVG 2011-02-10 19:09:40 ----AD---- C:\ProgramData\TEMP 2011-02-10 08:06:14 ----D---- C:\Program Files\Windows Mail 2011-02-10 07:36:07 ----A---- C:\Windows\system32\mrt.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064] R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2008-08-18 145952] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-05-10 717296] R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-30 13824] R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2010-12-08 251728] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2010-09-07 34384] R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2010-11-12 299984] R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-03-25 214024] R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-06-03 15392] R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-03 123472] R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-03 30288] R3 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-03 27216] R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-08-19 2161760] R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848] R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-07-10 11008040] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-04-08 56448] S3 AVFSFilter;AVFSFilter; C:\Windows\system32\DRIVERS\avfsfilter.sys [] S3 awogljp6;awogljp6; C:\Windows\system32\drivers\awogljp6.sys [] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-03-25 79880] S3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-03-25 35272] S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-03-25 34216] S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-03-25 40552] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 PsSdk41;PsSdk41; \??\C:\Windows\system32\Drivers\pssdk41.sys [2009-05-27 36928] S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-21 7680] S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-01-06 6128720] R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-04 16384] R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-18 61440] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640] R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-07-01 75064] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe [2010-03-18 130384] S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-18 135664] S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-11-25 517448] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-18 182768] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Frame work\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe [2010-03-18 753504] S4 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-06-03 24576] -----------------EOF----------------- |
#10
|
|||
|
|||
info.txt logfile of random's system information tool 1.08 2011-02-17 20:01:03
======Uninstall list====== -->MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043} Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x0009 -removeonly Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0009 -removeonly Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_A ctiveX.exe -maintain activex Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003} Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe" Agatha Christie Death on the Nile-->"C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\Uninstall.exe" "C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\install.log" AVG 2011-->"C:\Program Files\AVG\AVG10\avgmfapx.exe" /AppMode=SETUP /Uninstall AVG 2011-->MsiExec.exe /I{A276502A-8979-44FB-8090-90CF72F22ABC} AVG 2011-->MsiExec.exe /I{F4C68898-EBA5-46A9-82B3-2D30426086BF} Azada-->"C:\Program Files\Acer GameZone\Azada\Uninstall.exe" "C:\Program Files\Acer GameZone\Azada\install.log" Big Kahuna Reef-->"C:\Program Files\Acer GameZone\Big Kahuna Reef\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef\install.log" Bookworm Deluxe-->"C:\Program Files\Acer GameZone\Bookworm Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Bookworm Deluxe\install.log" Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409 Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409 Command & Conquer Tiberian Sun-->D:\John\Games\Westwood\SUN\Uninstll.EXE Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35} Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18} Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1} Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D} Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98} Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379} Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F} Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3} Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D} Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1} Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E} Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519} Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671} Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F} Company of Heroes-->"D:\John\Games\Company Of Heroes\Uninstall_English.exe" Conquest: Frontier Wars-->"D:\John\Games\Conquest\UNINSTAL.EXE" /runtemp /addremove D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} Dawn of War - Soulstorm-->"C:\Program Files\InstallShield Installation Information\{20533183-D42D-4261-A125-956736FBEA8C}\setup.exe" -runfromtemp -l0x0009 -removeonly Diablo II-->C:\Windows\DIIUnin.exe C:\Windows\DIIUnin.dat DivX Codec-->C:\Windows\unvise32.exe C:\Program Files\DivX\DivX Bundle.log Feedback Tool-->MsiExec.exe /I{13A5E785-5197-4EAD-8EE3-D660271E49BC} FlatOut Ultimate Carnage-->D:\John\Games\FlatOut Ultimate Carnage\Uninstall.exe Flip Words 2-->"C:\Program Files\Acer GameZone\Flip Words 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Flip Words 2\install.log" GameSpy Arcade-->D:\John\GAMEFI~1\UNWISE.EXE D:\John\GAMEFI~1\INSTALL.LOG GPGNet-->MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4} Heroes of Might and Magic® III Complete-->C:\Windows\IsUninst.exe -f"d:\john\games\Heroes 3\Heroes of Might and Magic® III.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll Holiday Express-->"D:\Michelle\Games\Holiday Express\unins000.exe" Homeworld2-->D:\John\Games\HW 2\uninstall.exe Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hoyle Board Games 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98936CBC-5E7A-4AD7-B05B-6D34C7C68E37}\setup.exe" -l0x9 -removeonly Hoyle Card Games 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}\setup.exe" -l0x9 -removeonly Impulse-->"C:\ProgramData\{2041E276-412A-4DCE-8FA8-E5444D9774F5}\Impulse_setup.exe" REMOVE=TRUE MODIFY=FALSE Impulse-->C:\ProgramData\{2041E276-412A-4DCE-8FA8-E5444D9774F5}\Impulse_setup.exe Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF} Jewel Quest Solitaire-->"C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log" Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} Kick N Rush-->"C:\Program Files\Acer GameZone\Kick N Rush\Uninstall.exe" "C:\Program Files\Acer GameZone\Kick N Rush\install.log" K-Lite Mega Codec Pack 3.3.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" LogMeIn Hamachi-->C:\Windows\system32\\msiexec.exe /i {CE4A3D0F-D1B0-47D1-BF99-3E957C548D12} REMOVE=ALL LogMeIn Hamachi-->MsiExec.exe /I{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12} LucasArts' Star Wars: Episode I Racer-->C:\Windows\uninst.exe -f"d:\john\games\Pod racer\DeIsL1.isu" Magic Online III-->C:\Program Files\InstallShield Installation Information\{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}\setup.exe -runfromtemp -l0x0009 -removeonly Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microso ft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\Set upCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft Close Combat III-->"D:\John\Games\CC3\UNINSTAL.EXE" /runtemp Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{1FDA5A37-B22D-43FF-B582-B8964050DC13} Microsoft Games for Windows - LIVE-->MsiExec.exe /X{86A4C6D9-29EE-4719-AFA1-BA3341862B83} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1} Microsoft Xbox 360 Accessories 1.1-->MsiExec.exe /X{66F0AC35-4805-44BC-A3D4-347D4196F9B3} MissionBoy Special Edition (d:\John\Game Utils\homeworld 2\)-->C:\WINDOWS\st6unst.exe -n "d:\John\Game Utils\homeworld 2\ST6UNST.LOG" MissionBoy Special Edition-->C:\WINDOWS\st6unst.exe -n "d:\John\Game Utils\homeworld 2\ST6UNST.LOG" Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Mystery Case Files - Huntsville-->"C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\install.log" Mystery Solitaire - Secret Island-->"C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\install.log" Need For Speed Underground-->D:\John\Games\NFSU 1\EAUninstall.exe NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0409 NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0409 NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043} OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{B148AB4B-C8FA-474B-B981-F2943C5B5BCD} Pax Imperia Update-->C:\Windows\IsUninst.exe -f"C:\Program Files\Heliotrope Studios\Pax Imperia Update\Uninst.isu" Pax Imperia-->C:\Windows\IsUninst.exe -f"d:\john\games\Pax imperia\Uninst.isu" PE585QAEncoder-32-->MsiExec.exe /I{BC14F40D-7C13-4F3A-9F4A-3835D7642036} PFPortChecker 1.0.32-->C:\Users\John & Michelle\Desktop\New Folder\PFPortChecker\uninst.exe PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A} Raptr-->"C:\Program Files\Raptr\uninstall.exe" Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709 Rocket Mania Deluxe 1.01-->D:\Michelle\Games\Rocket Mania\Rocket Mania Deluxe\PopUninstall.exe "D:\Michelle\Games\Rocket Mania\Rocket Mania Deluxe\Install.log" Rodea2007 Map Borneo Island Map Scenario1.1-->C:\Users\John & Michelle\Documents\My Games\Railroads\uninstall Rodea2007 Map Borneo Island Map Scenario1.1.exe Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D} Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263} Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16} Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F} Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A} Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT="" Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB} Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46} Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48} Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA} Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly Sid Meier's Railroads!-->C:\Program Files\InstallShield Installation Information\{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}\setup.exe -runfromtemp -l0x0009 -removeonly SimCity 4-->D:\John\Games\Sim City 4\EAUninstall.exe Sins of a Solar Empire-->"C:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe" REMOVE=TRUE MODIFY=FALSE Sins of a Solar Empire-->C:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe Star Wars Empire at War Forces of Corruption-->C:\Program Files\InstallShield Installation Information\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}\Setup.exe -runfromtemp -l0x0009 -removeonly Star Wars Empire at War-->C:\Program Files\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\Setup.exe -runfromtemp -l0x0009 -removeonly Starcraft-->C:\Windows\scunin.exe C:\Windows\scunin.dat Supreme Commander - Forged Alliance-->C:\Program Files\InstallShield Installation Information\{31D95937-B237-405D-920C-A3EF4E482395}\setup.exe -runfromtemp -l0x0009 -removeonly Supreme Commander-->C:\Program Files\InstallShield Installation Information\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}\setup.exe -runfromtemp -l0x0009 -removeonly TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" TextTwist-->MsiExec.exe /I{2953114C-C857-431B-A8DA-1756C39ACEC2} Tom Clancy's H.A.W.X-->"C:\Program Files\InstallShield Installation Information\{6E36A172-06FB-4BC8-B7FC-D30D219E6776}\setup.exe" -runfromtemp -l0x0009 -removeonly Total Annihilation-->D:\JOHN\GAMES\CAVEDOG\TOTALA\setup.exe -u Trivia Machine-->"C:\Program Files\Trivia Machine\unins000.exe" Ultimate Mahjongg-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF925C6C-7502-4D0C-B7DA-79A6DC2ECEB1}\SETUP.EXE" -l0x9 Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" |
#11
|
|||
|
|||
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9} Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF} Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245} Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876} Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C} Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726} Westwood Shared Internet Components-->C:\Westwood\Internet\UnstllAP.EXE Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live Device Manager-->MsiExec.exe /X{6530EB5E-F2BE-45D3-906B-E4AFFF2D1588} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33} Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30} Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923} Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B} Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90} Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E} Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08} Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002} Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1} Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7} Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live Sync-->MsiExec.exe /X{B10914FD-8812-47A4-85A1-50FCDE7F1F33} Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467} Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04} Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF} Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E} WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe" XLink Kai-->MsiExec.exe /X{2773B836-AC66-4178-A414-C5A0F9F5D805} ======Hosts File====== 127.0.0.1 host42.hrwebservices.net 127.0.0.1 rdr2ps3.ms4.gamespy.com 127.0.0.1 host42.hrwebservices.net 127.0.0.1 rdr2ps3.ms4.gamespy.com 127.0.0.1 host42.hrwebservices.net 127.0.0.1 rdr2ps3.ms4.gamespy.com ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: home Event Code: 4374 Message: Windows Servicing identified that package KB948465(Service Pack) is not applicable for this system Record Number: 87676 Source Name: Microsoft-Windows-Servicing Time Written: 20100825054825.000000-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: home Event Code: 4374 Message: Windows Servicing identified that package KB948465(Service Pack) is not applicable for this system Record Number: 87675 Source Name: Microsoft-Windows-Servicing Time Written: 20100825054825.000000-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: home Event Code: 4374 Message: Windows Servicing identified that package KB948465(Service Pack) is not applicable for this system Record Number: 87674 Source Name: Microsoft-Windows-Servicing Time Written: 20100825054825.000000-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: home Event Code: 4374 Message: Windows Servicing identified that package KB948465(Service Pack) is not applicable for this system Record Number: 87673 Source Name: Microsoft-Windows-Servicing Time Written: 20100825054825.000000-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: home Event Code: 4374 Message: Windows Servicing identified that package KB948465(Service Pack) is not applicable for this system Record Number: 87672 Source Name: Microsoft-Windows-Servicing Time Written: 20100825054825.000000-000 Event Type: Warning User: NT AUTHORITY\SYSTEM =====Application event log===== Computer Name: home Event Code: 10 Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Record Number: 653 Source Name: Microsoft-Windows-WMI Time Written: 20090509011039.000000-000 Event Type: Error User: Computer Name: home Event Code: 3086 Message: The system locale has changed. Existing data will be deleted and the index must be recreated. Context: Windows Application, SystemIndex Catalog Record Number: 649 Source Name: Microsoft-Windows-Search Time Written: 20090509010902.000000-000 Event Type: Warning User: Computer Name: home Event Code: 1533 Message: Windows cannot delete the profile directory C:\Users\Administrator. This error may be caused by files in this directory being used by another program. DETAIL - The directory is not empty. Record Number: 635 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20090509010427.000000-000 Event Type: Error User: NT AUTHORITY\SYSTEM Computer Name: home Event Code: 10 Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Record Number: 623 Source Name: Microsoft-Windows-WMI Time Written: 20090509180107.000000-000 Event Type: Error User: Computer Name: home Event Code: 1008 Message: The Windows Search Service is attempting to remove the old catalog. Record Number: 619 Source Name: Microsoft-Windows-Search Time Written: 20090509180105.000000-000 Event Type: Warning User: =====Security event log===== Computer Name: home Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7fb526 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: CORTANA Source Network Address: 5.15.53.18 Source Port: 49841 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 11396 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100218030505.515835-000 Event Type: Audit Success User: Computer Name: home Event Code: 4634 Message: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7e9830 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Record Number: 11395 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100218025423.147835-000 Event Type: Audit Success User: Computer Name: home Event Code: 4634 Message: An account was logged off. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7e9823 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. Record Number: 11394 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100218025423.146835-000 Event Type: Audit Success User: Computer Name: home Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7e9830 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MYLAPTOP Source Network Address: 192.168.0.102 Source Port: 49405 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 11393 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100218025412.103835-000 Event Type: Audit Success User: Computer Name: home Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x7e9823 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: MYLAPTOP Source Network Address: 192.168.0.102 Source Port: 49404 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 11392 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100218025412.093835-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoo t%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowe rShell\v1.0\;C:\Program Files\Windows Live\Shared "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.m icrosoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "Pathtem"=%SystemRoot%\system32;%SystemRoot%;%Syst emRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64 "NTIPath"=%SystemRoot%\system32;%SystemRoot%;%Syst emRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\; "PSModulePath"=%SystemRoot%\system32\WindowsPowerS hell\v1.0\Modules\ -----------------EOF----------------- |
#12
|
||||
|
||||
Heck - I am reviewing the logs right now, but completely forgot. What types of files indicate a "bad image error"? Does the error refer to any name specifically? Only .exe files? If you happen to check in and see this, feel free to provide more details on that.
|
#13
|
||||
|
||||
Quote:
C:\Windows\regedit.exe |
#14
|
||||
|
||||
No malware showing in those logs, so be sure to post more details on this image error. Also the Gmer and mbr.exe - t logs please.
|
#15
|
|||
|
|||
i get this message when i click on anyprogram C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL is either not designed to run on windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.
also the Gmer scan you wanted me to run seems to just stop and lock up the computer i left the scaner running alday while at work and it haddnt got any where so i clicked copy to clipboard thinking it had finshed but after that the computer frezzes |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Bad Image Error everytime I open a program | Chillinvillian | Malware Removal | 5 | August 9th, 2010 04:01 AM |
What program do i need to open this file? | justin hess | Web Development & Graphic Design | 1 | September 24th, 2009 01:37 PM |
BAD IMAGE error every time i try and open a program or window | arch1tect | Windows Vista | 2 | March 25th, 2009 08:05 AM |
BAD IMAGE error every time i try and open a program or window | arch1tect | Malware Removal | 20 | March 17th, 2009 03:43 AM |
can't uninstall program cause open file error | jjacob | Windows XP | 5 | January 26th, 2007 12:24 AM |
All times are GMT +1. The time now is 03:29 PM.