'AV security suite' malware

[ryno]

Hi Jintan,


paradigm shift here: couldn't get to combofix download. the malware stopped it in it tracks. after going to the bleepingcomputer website and reading about this specific malware i opted to try malwarebytes. i was able to sneak it past malware right at startup. did a full scan it came back with 6-7 problems. removed some and quarantined (sp?) others. this was out of desperation so apologies for not following your advice.

machine is running ok...still cant get into safe mode using the f8 method. at least im pretty sure its not safe mode. i was in safe mode on friday and it looked completely different. right now after after opting for safe mode w/networking it goes to what looks like a completely 'normal' desktop. so thats the partially good news.

heres the bad news: there is a popup at startup that reads:

windows has blocked some programs that are required to run when windows starts. click to view programs

--firefox runs fine i.e. says there is a connection problem and wont show webpages. unwilling to do much else in case malware is 'hiding' in adobe or some other program.

i assume it may be time to start over somewhat.

[ryno]

duplicate

[Jintan]

That "windows has blocked some programs..." balloon is a legit part of Windows, and shows when there are some startups disabled, such as disabling through msconfig. May be that the changes you just did removed some restriction that was blocking the taskbar balloon messages.

Go ahead, if you would, and run and post back a new RSIT log.


Also open Gmer again. This time just right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

[ryno]

Logfile of random's system information tool 1.07 (written by random/random)
Run by ryan at 2010-06-25 03:31:45
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 211 GB (72%) free of 295 GB
Total RAM: 3001 MB (60% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-07-08 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-05-28 278128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\s wg.dll [2010-05-28 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-28 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-05-28 278128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-02-11 186904]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-03-05 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-03-05 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-03-05 150552]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-04-10 7399968]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-04-10 1833504]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-02-06 1430824]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2009-04-08 1071624]
"BackupManagerTray"=C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2009-04-01 249600]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2009-03-30 62760]
"Acer ePower Management"=C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [2009-04-27 440864]
"ODDPwr"=C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [2009-04-29 176128]
"EgisTecLiveUpdate"=C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [2008-10-27 199464]
"mwlDaemon"=C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [2008-10-27 346672]
"CarboniteSetupLite"=C:\Program Files\Carbonite\CarbonitePreinstaller.exe [2009-01-08 294544]
"Acer Assist Launcher"=C:\Program Files\Acer\Acer Assist\launcher.exe [2007-11-19 1261568]
"Acer Product Registration"=C:\Program Files\Acer\Acer Registration\ACE1.exe [2007-11-26 3387392]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-07-10 645328]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-28 149280]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Monitor"=C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [2009-11-10 443728]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-06-08 236016]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[ryno]

""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCen ter []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [2009-09-22 68856]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe

C:\Users\ryan\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-02-26 210432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-06-25 03:31:45 ----D---- C:\rsit
2010-06-24 14:18:01 ----D---- C:\Users\ryan\AppData\Roaming\Malwarebytes
2010-06-24 14:17:46 ----D---- C:\ProgramData\Malwarebytes
2010-06-24 14:17:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-23 07:56:27 ----D---- C:\Program Files\trend micro
2010-06-23 03:01:41 ----A---- C:\Windows\system32\psisdecd.dll
2010-06-23 03:01:39 ----A---- C:\Windows\system32\EncDec.dll
2010-06-23 03:01:06 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-06-23 03:01:06 ----A---- C:\Windows\system32\PresentationHost.exe
2010-06-23 03:01:06 ----A---- C:\Windows\system32\netfxperf.dll
2010-06-23 03:01:06 ----A---- C:\Windows\system32\mscoree.dll
2010-06-23 03:01:06 ----A---- C:\Windows\system32\dfshim.dll
2010-06-22 17:21:54 ----A---- C:\Windows\ntbtlog.txt
2010-06-22 16:33:54 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-06-22 16:33:53 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-06-22 16:33:21 ----N---- C:\Windows\system32\MpSigStub.exe
2010-06-11 13:00:02 ----A---- C:\Windows\system32\asycfilt.dll
2010-06-11 12:59:59 ----A---- C:\Windows\system32\atmfd.dll
2010-06-11 12:59:58 ----A---- C:\Windows\system32\atmlib.dll
2010-06-11 12:59:50 ----A---- C:\Windows\system32\mshtml.dll
2010-06-11 12:59:49 ----A---- C:\Windows\system32\wininet.dll
2010-06-11 12:59:49 ----A---- C:\Windows\system32\occache.dll
2010-06-11 12:59:48 ----A---- C:\Windows\system32\urlmon.dll
2010-06-11 12:59:48 ----A---- C:\Windows\system32\ieframe.dll
2010-06-11 12:59:47 ----A---- C:\Windows\system32\ieapfltr.dll
2010-06-11 12:59:46 ----A---- C:\Windows\system32\mshtmled.dll
2010-06-11 12:59:46 ----A---- C:\Windows\system32\msfeeds.dll
2010-06-11 12:59:46 ----A---- C:\Windows\system32\iertutil.dll
2010-06-11 12:59:46 ----A---- C:\Windows\system32\iedkcs32.dll
2010-06-11 12:59:45 ----A---- C:\Windows\system32\ieUnatt.exe
2010-06-11 12:59:45 ----A---- C:\Windows\system32\iepeers.dll
2010-06-11 12:59:45 ----A---- C:\Windows\system32\ieencode.dll
2010-06-11 12:59:45 ----A---- C:\Windows\system32\ieaksie.dll
2010-06-11 12:59:44 ----A---- C:\Windows\system32\mstime.dll
2010-06-11 12:59:44 ----A---- C:\Windows\system32\jsproxy.dll
2010-06-11 12:59:29 ----A---- C:\Windows\system32\quartz.dll
2010-05-26 20:21:48 ----A---- C:\Windows\system32\tzres.dll
2010-05-26 19:51:00 ----D---- C:\Users\ryan\AppData\Roaming\Roxio

======List of files/folders modified in the last 1 months======

2010-06-25 03:31:50 ----D---- C:\Windows\Temp
2010-06-25 03:21:18 ----SHD---- C:\System Volume Information
2010-06-25 03:04:44 ----D---- C:\Windows\System32
2010-06-25 03:04:44 ----D---- C:\Windows\inf
2010-06-25 03:04:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-06-25 02:58:26 ----D---- C:\Windows
2010-06-24 16:31:37 ----D---- C:\Windows\system32\drivers
2010-06-24 16:30:47 ----D---- C:\Windows\schemas
2010-06-24 14:17:46 ----HD---- C:\ProgramData
2010-06-24 14:17:45 ----RD---- C:\Program Files
2010-06-24 11:59:18 ----D---- C:\Windows\Prefetch
2010-06-24 11:50:24 ----SHD---- C:\Windows\Installer
2010-06-24 11:50:05 ----D---- C:\Windows\system32\zh-TW
2010-06-24 11:50:05 ----D---- C:\Windows\system32\zh-HK
2010-06-24 11:50:05 ----D---- C:\Windows\system32\tr-TR
2010-06-24 11:50:05 ----D---- C:\Windows\system32\sv-SE
2010-06-24 11:50:05 ----D---- C:\Windows\system32\pt-BR
2010-06-24 11:50:05 ----D---- C:\Windows\system32\nl-NL
2010-06-24 11:50:04 ----D---- C:\Windows\system32\nb-NO
2010-06-24 11:50:04 ----D---- C:\Windows\system32\ko-KR
2010-06-24 11:50:04 ----D---- C:\Windows\system32\it-IT
2010-06-24 11:50:04 ----D---- C:\Windows\system32\he-IL
2010-06-24 11:50:04 ----D---- C:\Windows\system32\fr-FR
2010-06-24 11:50:04 ----D---- C:\Windows\system32\fi-FI
2010-06-24 11:50:04 ----D---- C:\Windows\system32\es-ES
2010-06-24 11:50:04 ----D---- C:\Windows\system32\en-US
2010-06-24 11:50:04 ----D---- C:\Windows\system32\el-GR
2010-06-24 11:50:04 ----D---- C:\Windows\system32\de-DE
2010-06-24 11:50:04 ----D---- C:\Windows\system32\da-DK
2010-06-24 11:50:04 ----D---- C:\Windows\system32\ar-SA
2010-06-23 13:08:03 ----D---- C:\Program Files\Mozilla Firefox
2010-06-23 07:09:42 ----D---- C:\Windows\Microsoft.NET
2010-06-23 07:02:05 ----D---- C:\Program Files\McAfee
2010-06-23 07:00:27 ----D---- C:\Windows\ehome
2010-06-23 07:00:27 ----D---- C:\Windows\AppPatch
2010-06-23 03:02:55 ----D---- C:\Windows\winsxs
2010-06-23 03:02:28 ----D---- C:\Windows\system32\catroot
2010-06-23 03:02:25 ----D---- C:\Windows\system32\catroot2
2010-06-20 10:22:11 ----D---- C:\Windows\Debug
2010-06-14 07:30:28 ----D---- C:\Users\ryan\AppData\Roaming\Professional
2010-06-13 04:02:37 ----RSD---- C:\Windows\assembly
2010-06-13 03:42:05 ----D---- C:\Program Files\Microsoft Silverlight
2010-06-13 03:41:01 ----D---- C:\Windows\system32\wbem
2010-06-13 03:40:59 ----D---- C:\Program Files\Internet Explorer
2010-06-13 03:40:57 ----D---- C:\Program Files\Windows Mail
2010-06-13 03:24:11 ----D---- C:\ProgramData\Microsoft Help
2010-06-05 03:01:58 ----SD---- C:\ProgramData\Microsoft
2010-05-28 20:04:33 ----D---- C:\Windows\rescache
2010-05-28 12:37:36 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

[ryno]

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-07-08 214024]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-07-16 130424]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-20 95744]
R2 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-09 19504]
R2 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-09 16432]
R2 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-09 59952]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-12-29 952832]
R3 CmBatt;Microsoft AC Adapter Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2009-03-26 21000]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-26 4569088]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-04-10 2358112]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-09-22 112128]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C60x86.sys [2009-04-01 50176]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-07-08 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-07-08 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-07-08 40552]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys [2009-03-25 15360]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-20 8192]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-02-06 205232]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-20 179712]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-07-08 34248]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-20 30720]
S3 qrkis;Tether Miniport; C:\Windows\system32\DRIVERS\qrkis.sys [2009-10-16 45608]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files\Launch Manager\dsiwmis.exe [2009-04-10 117256]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-04-27 703008]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-02-11 354840]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service; C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [2009-11-10 1131808]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-07-08 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-07-10 894136]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640]
R2 MWLService;MyWinLocker Service; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-10-27 306736]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-01 54528]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R2 ODDPwrSvc;Acer ODD Power Service; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2009-04-29 118784]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568]
R2 Tether;Tether; C:\Program Files\Tether\TBService.exe [2010-03-03 49080]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-07-08 606736]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-23 133104]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-06-08 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-06-08 170480]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-22 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-07-08 365072]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-06-08 1108464]

-----------------EOF-----------------

[ryno]

info.txt logfile of random's system information tool 1.06 2010-06-25 03:31:57

======Uninstall list======

-->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
Acer Assist-->C:\Program Files\Acer\Acer Assist\uninstall.exe
Acer Backup Manager-->C:\Program Files\InstallShield Installation Information\{72B776E5-4530-4C4B-9453-751DF87D9D93}\setup.exe -runfromtemp -l0x0409
Acer Crystal Eye webcam Ver:1.1.79.326-->C:\Program Files\InstallShield Installation Information\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer PowerSmart Manager-->"C:\Program Files\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer Registration-->C:\Program Files\Acer\Acer Registration\uninstall.exe
Acer ScreenSaver-->C:\Windows\Screensavers\Acer\Uninstall.exe
Acer VCM-->"C:\Program Files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acrobat.com-->msiexec /qb /x {628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}
Acrobat.com-->MsiExec.exe /I{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_acti veX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plug in.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Airport Mania First Flight-->"C:\Program Files\Acer GameZone\Airport Mania First Flight\Uninstall.exe" "C:\Program Files\Acer GameZone\Airport Mania First Flight\install.log"
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\Setup.exe" -runfromtemp -l0x0009 -removeonly
BlackBerry Desktop Software 4.6-->MsiExec.exe /i{7CB1E63B-C999-4D17-8133-E138F41D9ECF}
BlackBerry Desktop Software 4.6-->MsiExec.exe /I{7CB1E63B-C999-4D17-8133-E138F41D9ECF}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
C:\Program Files\Acer GameZone\GameConsole-->"C:\Program Files\Acer GameZone\GameConsole\unins000.exe"
Cake Mania 2-->"C:\Program Files\Acer GameZone\Cake Mania 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Cake Mania 2\install.log"
Carbonite Online Backup Setup-->"C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /uninstall
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Cooking Dash-->"C:\Program Files\Acer GameZone\Cooking Dash\Uninstall.exe" "C:\Program Files\Acer GameZone\Cooking Dash\install.log"
Cradle of Rome-->"C:\Program Files\Acer GameZone\Cradle of Rome\Uninstall.exe" "C:\Program Files\Acer GameZone\Cradle of Rome\install.log"
Dairy Dash-->"C:\Program Files\Acer GameZone\Dairy Dash\Uninstall.exe" "C:\Program Files\Acer GameZone\Dairy Dash\install.log"
Dream Day Honeymoon-->"C:\Program Files\Acer GameZone\Dream Day Honeymoon\Uninstall.exe" "C:\Program Files\Acer GameZone\Dream Day Honeymoon\install.log"
eSobi v2-->C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x0409
FX AccuCharts-->MsiExec.exe /I{105D3B41-2F2F-335A-C309-C859A0F4CBE8}
Galapago-->"C:\Program Files\Acer GameZone\Galapago\Uninstall.exe" "C:\Program Files\Acer GameZone\Galapago\install.log"
Global Trading System Pro UK-->MsiExec.exe /I{11630F6E-D77D-4AB2-A756-AD2B8D0CEE43}
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_A22A7357696 681C5.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Japanese Fonts Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-900000000003}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Jewel Quest Solitaire-->"C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log"
Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
Launch Manager-->C:\Windows\UNINST32.EXE LManager.UNI
LeapFrog Connect-->C:\Program Files\LeapFrog\LeapFrog Connect\uninst.exe
LeapFrog Connect-->MsiExec.exe /X{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}
LeapFrog My Pals Plugin-->MsiExec.exe /I{CC33E708-A795-4AB3-908A-8F45919BC097}
Luxor 2-->"C:\Program Files\Acer GameZone\Luxor 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Luxor 2\install.log"
Mahjong Escape Ancient China-->"C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\install.log"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microso ft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Report Viewer Redistributable 2005-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Mic rosoft Report Viewer Redistributable 2005\install.exe
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{67E03279-F703-408F-B4BF-46B5FC8D70CD}
Mozilla Firefox (3.5.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

[ryno]

Mozilla Firefox (3.5.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MyWinLocker-->MsiExec.exe /X{68301905-2DEA-41CE-A4D4-E8B443B099BA}
NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0409
NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0409
Ocean Express-->"C:\Program Files\Acer GameZone\Ocean Express\Uninstall.exe" "C:\Program Files\Acer GameZone\Ocean Express\install.log"
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Optical Drive Power Management-->"C:\Program Files\InstallShield Installation Information\{AE09C972-EEB2-4DA5-8090-0FCF54576854}\setup.exe" -runfromtemp -l0x0009 -removeonly
Orion-->MsiExec.exe /X{5B63A470-9334-44D1-AF61-6CE2DB565AE9}
Parking Dash-->"C:\Program Files\Acer GameZone\Parking Dash\Uninstall.exe" "C:\Program Files\Acer GameZone\Parking Dash\install.log"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Puzzle Express-->"C:\Program Files\Acer GameZone\Puzzle Express\Uninstall.exe" "C:\Program Files\Acer GameZone\Puzzle Express\install.log"
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Rainbow Web-->"C:\Program Files\Acer GameZone\Rainbow Web\Uninstall.exe" "C:\Program Files\Acer GameZone\Rainbow Web\install.log"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Realtek USB 2.0 Card Reader-->C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\Setup.exe -runfromtemp -l0x0009 -removeonly
Roxio Media Manager-->MsiExec.exe /X{F6377647-81AF-41C0-BC7E-06CF37E204AB}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUnin stall
Tether 1.1.0.2-->"C:\Program Files\Tether\unins000.exe"
TOPO!-->C:\Windows\IsUninst.exe -fC:\TOPO!\Uninst.isu
Tradewinds 2-->"C:\Program Files\Acer GameZone\Tradewinds 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Tradewinds 2\install.log"
Tri-Peaks Solitaire To Go-->"C:\Program Files\Acer GameZone\Tri-Peaks Solitaire To Go\Uninstall.exe" "C:\Program Files\Acer GameZone\Tri-Peaks Solitaire To Go\install.log"
Turbo Pizza-->"C:\Program Files\Acer GameZone\Turbo Pizza\Uninstall.exe" "C:\Program Files\Acer GameZone\Turbo Pizza\install.log"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb983486)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {913DFE19-32EC-4099-89AC-27FC493A7A2E}
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)-->MsiExec.exe /X{CC33E708-A795-4AB3-908A-8F45919BC097}
Wedding Dash-->"C:\Program Files\Acer GameZone\Wedding Dash\Uninstall.exe" "C:\Program Files\Acer GameZone\Wedding Dash\install.log"
Windows Live Call-->MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{F73A5B18-EB75-4B2C-B32D-9457576E2417}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Sync-->MsiExec.exe /X{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Zuma Deluxe-->"C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log"

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: ryan-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 89119
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20100624235216.848568-000
Event Type: Error
User:

Computer Name: ryan-PC
Event Code: 7009
Message: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
Record Number: 89179
Source Name: Service Control Manager
Time Written: 20100624235350.000000-000
Event Type: Error
User:

Computer Name: ryan-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 89270
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100625021911.252000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: ryan-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 89277
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20100625095757.628573-000
Event Type: Error
User:

Computer Name: ryan-PC
Event Code: 7009
Message: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
Record Number: 89337
Source Name: Service Control Manager
Time Written: 20100625095930.000000-000
Event Type: Error
User:

=====Application event log=====

[ryno]

=====Application event log=====

Computer Name: ryan-PC
Event Code: 33
Message: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32", version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 10744
Source Name: SideBySide
Time Written: 20100625095809.000000-000
Event Type: Error
User:

Computer Name: ryan-PC
Event Code: 33
Message: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32", version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 10745
Source Name: SideBySide
Time Written: 20100625095810.000000-000
Event Type: Error
User:

Computer Name: ryan-PC
Event Code: 33
Message: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32", version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 10746
Source Name: SideBySide
Time Written: 20100625095810.000000-000
Event Type: Error
User:

Computer Name: ryan-PC
Event Code: 0
Message:
Record Number: 10747
Source Name: LeapFrog Connect Device Service
Time Written: 20100625095811.000000-000
Event Type: Warning
User:

Computer Name: ryan-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 10762
Source Name: Microsoft-Windows-WMI
Time Written: 20100625095930.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: ryan-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: RYAN-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x288
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 19138
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100625100537.035378-000
Event Type: Audit Success
User:

Computer Name: ryan-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: RYAN-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x288
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 19139
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100625100537.035378-000
Event Type: Audit Success
User:

Computer Name: ryan-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 19140
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100625100537.035378-000
Event Type: Audit Success
User:

Computer Name: ryan-PC
Event Code: 4904
Message: An attempt was made to register a security event source.

Subject :
Security ID: S-1-5-18
Account Name: RYAN-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Process:
Process ID: 0x1494
Process Name: C:\Windows\System32\VSSVC.exe

Event Source:
Source Name: VSSAudit
Event Source ID: 0x20f758
Record Number: 19141
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100625100643.060378-000
Event Type: Audit Success
User:

Computer Name: ryan-PC
Event Code: 4905
Message: An attempt was made to unregister a security event source.

Subject
Security ID: S-1-5-18
Account Name: RYAN-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Process:
Process ID: 0x1494
Process Name: C:\Windows\System32\VSSVC.exe

Event Source:
Source Name: VSSAudit
Event Source ID: 0x20f758
Record Number: 19142
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100625100643.060378-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemR oot%\System32\Wbem;C:\Program Files\EgisTec\MyWinLocker 3\x86;C:\Program Files\EgisTec\MyWinLocker 3\x64;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=1
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.m icrosoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"Pathtem"=%SystemRoot%\system32;%SystemRoot%;%Syst emRoot%\System32\Wbem
"NTIPath"=%SystemRoot%\system32;%SystemRoot%;%Syst emRoot%\System32\Wbem;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\;
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

[Jintan]

Be sure to do that Gmer step in my last post as well please.

[ryno]

gmer with mcafee and malwarebytes removed / unistalled follows in next post

[ryno]

GMER 1.0.15.15281 - httpwww.gmer.net
Rootkit scan 2010-06-25 193554
Windows 6.0.6001 Service Pack 1
Running qzzqw7cv.exe; Driver CUsersryanAppDataLocalTempkgtdrpog.sys


---- Modules - GMER 1.0.15 ----

Module SystemRootsystem32ntkrnlpa.exe 82049000-82402000 (3903488 bytes)
Module SystemRootsystem32hal.dll 82016000-82049000 (208896 bytes)
Module SystemRootsystem32kdcom.dll 80408000-80410000 (32768 bytes)
Module SystemRootsystem32mcupdate_GenuineIntel.dll 80410000-80470000 (393216 bytes)
Module SystemRootsystem32PSHED.dll 80470000-80481000 (69632 bytes)
Module SystemRootsystem32BOOTVID.dll 80481000-80489000 (32768 bytes)
Module SystemRootsystem32CLFS.SYS 80489000-804CA000 (266240 bytes)
Module SystemRootsystem32CI.dll 804CA000-805AA000 (917504 bytes)
Module SystemRootsystem32driversWdf01000.sys 8060F000-8068B000 (507904 bytes)
Module SystemRootsystem32driversWDFLDR.SYS 8068B000-80698000 (53248 bytes)
Module SystemRootsystem32driversacpi.sys 80698000-806DE000 (286720 bytes)
Module SystemRootsystem32driversWMILIB.SYS 806DE000-806E7000 (36864 bytes)
Module SystemRootsystem32driversmsisadrv.sys 806E7000-806EF000 (32768 bytes)
Module SystemRootsystem32driverspci.sys 806EF000-80716000 (159744 bytes)
Module SystemRootSystem32driverspartmgr.sys 80716000-80725000 (61440 bytes)
Module SystemRootsystem32DRIVERScompbatt.sys 80725000-80728000 (12288 bytes)
Module SystemRootsystem32DRIVERSBATTC.SYS 80728000-80732000 (40960 bytes)
Module SystemRootsystem32driversvolmgr.sys 80732000-80741000 (61440 bytes)
Module SystemRootSystem32driversvolmgrx.sys 80741000-8078B000 (303104 bytes)
Module SystemRootSystem32driversmountmgr.sys 8078B000-8079B000 (65536 bytes)
Module SystemRootSystem32DriversUBHelper.sys 8079B000-807A3000 (32768 bytes)
Module SystemRootsystem32DRIVERSiaStor.sys 8260D000-826E8000 (897024 bytes)
Module SystemRootsystem32driversatapi.sys 826E8000-826F0000 (32768 bytes)
Module SystemRootsystem32driversataport.SYS 826F0000-8270E000 (122880 bytes)
Module SystemRootsystem32driversfltmgr.sys 8270E000-82740000 (204800 bytes)
Module SystemRootsystem32driversfileinfo.sys 82740000-82750000 (65536 bytes)
Module SystemRootSystem32DriversPxHelp20.sys 82750000-82759000 (36864 bytes)
Module SystemRootSystem32Driversksecdd.sys 82759000-827CA000 (462848 bytes)
Module SystemRootsystem32driversndis.sys 89E01000-89F0C000 (1093632 bytes)
Module SystemRootsystem32driversmsrpc.sys 89F0C000-89F37000 (176128 bytes)
Module SystemRootsystem32driversNETIO.SYS 89F37000-89F71000 (237568 bytes)
Module SystemRootSystem32DriversNtfs.sys 8A001000-8A110000 (1110016 bytes)
Module SystemRootsystem32driversvolsnap.sys 8A110000-8A149000 (233472 bytes)
Module SystemRootSystem32Driversspldr.sys 8A149000-8A151000 (32768 bytes)
Module SystemRootSystem32Driversmup.sys 8A151000-8A160000 (61440 bytes)
Module SystemRootSystem32driversecache.sys 8A160000-8A187000 (159744 bytes)
Module SystemRootsystem32driversdisk.sys 8A187000-8A198000 (69632 bytes)
Module SystemRootsystem32driversCLASSPNP.SYS 8A198000-8A1B9000 (135168 bytes)
Module SystemRootsystem32driverscrcdisk.sys 8A1B9000-8A1C2000 (36864 bytes)
Module SystemRootsystem32DRIVERStunnel.sys 8D4E1000-8D4EC000 (45056 bytes)
Module SystemRootsystem32DRIVERStunmp.sys 8D4EC000-8D4F5000 (36864 bytes)
Module SystemRootsystem32DRIVERSintelppm.sys 8D4F5000-8D504000 (61440 bytes)
Module SystemRootsystem32DRIVERSigdkmd32.sys 8E601000-8EF00000 (9433088 bytes)
Module SystemRootSystem32driversdxgkrnl.sys 8EF00000-8EF9F000 (651264 bytes)
Module SystemRootSystem32driverswatchdog.sys

[ryno]

Module SystemRootSystem32driverswatchdog.sys 8EF9F000-8EFAC000 (53248 bytes)
Module SystemRootsystem32DRIVERSusbuhci.sys 8EFAC000-8EFB7000 (45056 bytes)
Module SystemRootsystem32DRIVERSUSBPORT.SYS 8EFB7000-8EFF5000 (253952 bytes)
Module SystemRootsystem32DRIVERSusbehci.sys 8D504000-8D513000 (61440 bytes)
Module SystemRootsystem32DRIVERSHDAudBus.sys 8D513000-8D525000 (73728 bytes)
Module SystemRootsystem32DRIVERSL1C60x86.sys 8D525000-8D535000 (65536 bytes)
Module SystemRootsystem32DRIVERSathr.sys 8D607000-8D6F7000 (983040 bytes)
Module SystemRootsystem32DRIVERSi8042prt.sys 8D6F7000-8D70A000 (77824 bytes)
Module SystemRootsystem32DRIVERSDKbFltr.sys 8D70A000-8D714000 (40960 bytes)
Module SystemRootsystem32DRIVERSkbdclass.sys 8D714000-8D71F000 (45056 bytes)
Module SystemRootsystem32DRIVERSSynTP.sys 8D71F000-8D750000 (200704 bytes)
Module SystemRootsystem32DRIVERSUSBD.SYS 8D750000-8D752000 (8192 bytes)
Module SystemRootsystem32DRIVERSmouclass.sys 8D752000-8D75D000 (45056 bytes)
Module SystemRootsystem32DRIVERSCmBatt.sys 8D75D000-8D761000 (16384 bytes)
Module SystemRootsystem32DRIVERScdrom.sys 8D761000-8D779000 (98304 bytes)
Module SystemRootsystem32DriversNTIDrvr.sys 8D779000-8D781000 (32768 bytes)
Module SystemRootsystem32DRIVERSGEARAspiWDM.sys 8D781000-8D787000 (24576 bytes)
Module SystemRootsystem32DRIVERSwmiacpi.sys 8D787000-8D790000 (36864 bytes)
Module SystemRootsystem32DRIVERSmsiscsi.sys 8D790000-8D7BE000 (188416 bytes)
Module SystemRootsystem32DRIVERSstorport.sys 8D7BE000-8D7FF000 (266240 bytes)
Module SystemRootsystem32DRIVERSTDI.SYS 8EFF5000-8F000000 (45056 bytes)
Module SystemRootSystem32DriversRootMdm.sys 8D535000-8D53D000 (32768 bytes)
Module SystemRootsystem32driversmodem.sys 8D53D000-8D54A000 (53248 bytes)
Module SystemRootsystem32DRIVERSrasl2tp.sys 8D54A000-8D561000 (94208 bytes)
Module SystemRootsystem32DRIVERSndistapi.sys 8D561000-8D56C000 (45056 bytes)
Module SystemRootsystem32DRIVERSndiswan.sys 8D56C000-8D58F000 (143360 bytes)
Module SystemRootsystem32DRIVERSraspppoe.sys 8D58F000-8D59E000 (61440 bytes)
Module SystemRootsystem32DRIVERSraspptp.sys 8D59E000-8D5B2000 (81920 bytes)
Module SystemRootsystem32DRIVERSrassstp.sys 8D5B2000-8D5C7000 (86016 bytes)
Module SystemRootsystem32DRIVERSRimSerial.sys 8D600000-8D607000 (28672 bytes)
Module SystemRootsystem32DRIVERStermdd.sys 8D5C7000-8D5D7000 (65536 bytes)
Module SystemRootsystem32DRIVERSswenum.sys 8D5D7000-8D5D9000 (8192 bytes)
Module SystemRootsystem32DRIVERSks.sys 8A1CF000-8A1F9000 (172032 bytes)
Module SystemRootsystem32DRIVERSmssmbios.sys 8D5D9000-8D5E3000 (40960 bytes)
Module SystemRootsystem32DRIVERSumbus.sys 8D5E3000-8D5F0000 (53248 bytes)
Module SystemRootsystem32DRIVERSusbhub.sys 89F71000-89FA5000 (212992 bytes)
Module SystemRootSystem32DriversNDProxy.SYS 89FA5000-89FB6000 (69632 bytes)
Module SystemRootsystem32driversRTKVHDA.sys 8DE0E000-8E04D000 (2355200 bytes)
Module SystemRootsystem32driversportcls.sys 8E04D000-8E07A000 (184320 bytes)
Module SystemRootsystem32driversdrmk.sys 8E07A000-8E09F000 (151552 bytes)
Module SystemRootsystem32driversIntcHdmi.sys 8E09F000-8E0C0000 (135168 bytes)
Module SystemRootSystem32DriversFs_Rec.SYS 8E0C0000-8E0C9000 (36864 bytes)
Module SystemRootSystem32DriversNull.SYS 8E0C9000-8E0D0000 (28672 bytes)
Module SystemRootSystem32DriversBeep.SYS 8E0D0000-8E0D7000 (28672 bytes)
Module SystemRootSystem32driversvga.sys 8E0D7000-8E0E3000 (49152 bytes)
Module SystemRootSystem32driversVIDEOPRT.SYS 8E0E3000-8E104000 (135168 bytes)
Module SystemRootSystem32DRIVERSRDPCDD.sys 8E104000-8E10C000 (32768 bytes)
Module SystemRootsystem32driversrdpencdd.sys 8E10C000-8E114000 (32768 bytes)
Module SystemRootSystem32DriversMsfs.SYS 8E114000-8E11F000 (45056 bytes)
Module SystemRootSystem32DriversNpfs.SYS 8E11F000-8E12D000 (57344 bytes)
Module SystemRootSystem32DRIVERSrasacd.sys 8E12D000-8E136000 (36864 bytes)
Module SystemRootSystem32driverstcpip.sys 8E208000-8E2F1000 (954368 bytes)
Module SystemRootSystem32driversfwpkclnt.sys 8E2F1000-8E30C000 (110592 bytes)
Module SystemRootsystem32DRIVERStdx.sys 8E30C000-8E322000 (90112 bytes)
Module SystemRootsystem32DRIVERSsmb.sys 8E322000-8E336000 (81920 bytes)
Module SystemRootsystem32driversafd.sys 8E336000-8E37E000 (294912 bytes)
Module SystemRootSystem32DRIVERSnetbt.sys 8E37E000-8E3B0000 (204800 bytes)
Module SystemRootsystem32DRIVERSpacer.sys 8E3B0000-8E3C6000 (90112 bytes)
Module SystemRootsystem32DRIVERSnetbios.sys 8E3C6000-8E3D4000 (57344 bytes)
Module SystemRootsystem32DRIVERSwanarp.sys 8E3D4000-8E3E7000 (77824 bytes)
Module SystemRootsystem32DRIVERSrdbss.sys 8E136000-8E172000 (245760 bytes)
Module SystemRootsystem32driversnsiproxy.sys 8E3E7000-8E3F1000 (40960 bytes)
Module SystemRootSystem32Driversdfsc.sys 8E172000-8E189000 (94208 bytes)
Module SystemRootSystem32Driversfastfat.SYS 8E189000-8E1B1000 (163840 bytes)
Module SystemRootsystem32DRIVERSusbccgp.sys 8E1B1000-8E1C8000 (94208 bytes)
Module SystemRootsystem32DRIVERShidusb.sys 8E3F1000-8E3FA000 (36864 bytes)
Module SystemRootsystem32DRIVERSHIDCLASS.SYS 8E1C8000-8E1D8000 (65536 bytes)
Module SystemRootsystem32DRIVERSHIDPARSE.SYS 8E200000-8E207000 (28672 bytes)
Module SystemRootsystem32DRIVERSmouhid.sys 8E1D8000-8E1E0000 (32768 bytes)
Module SystemRootSystem32Driverscrashdmp.sys 8E1E0000-8E1ED000 (53248 bytes)
Module SystemRootSystem32Driversdump_iaStor.sys 8D400000-8D4DB000 (897024 bytes)
Module SystemRootSystem32Driversusbvideo.sys 89FB6000-89FD7000 (135168 bytes)
Module SystemRootSystem32win32k.sys 96A80000-96C82000 (2105344 bytes)
Module SystemRootSystem32driversDxapi.sys 8E1ED000-8E1F7000 (40960 bytes)
Module SystemRootsystem32DRIVERSmonitor.sys 8D5F0000-8D5FF000 (61440 bytes)
Module SystemRootSystem32TSDDD.dll 96CA0000-96CA9000 (36864 bytes)
Module SystemRootSystem32cdd.dll 96CC0000-96CCE000 (57344 bytes)
Module SystemRootsystem32driversluafv.sys 89FD7000-89FF2000 (110592 bytes)
Module SystemRootsystem32DRIVERSmwlPSDFilter.sys 8E1F7000-8E200000 (36864 bytes)
Module SystemRootsystem32DRIVERSirda.sys 827CA000-827E8000 (122880 bytes)
Module SystemRootsystem32DRIVERSlltdio.sys 827E8000-827F8000 (65536 bytes)
Module SystemRootsystem32DRIVERSnwifi.sys 807A3000-807CD000 (172032 bytes)
Module SystemRootsystem32DRIVERSndisuio.sys 8DE00000-8DE0A000 (40960 bytes)
Module SystemRootsystem32DRIVERSrspndr.sys 807CD000-807E0000 (77824 bytes)
Module SystemRootsystem32driversHTTP.sys AA201000-AA26E000 (446464 bytes)
Module SystemRootSystem32DRIVERSsrvnet.sys AA26E000-AA28B000 (118784 bytes)
Module SystemRootsystem32DRIVERSbowser.sys AA28B000-AA2A4000 (102400 bytes)
Module SystemRootSystem32driversmpsdrv.sys AA2A4000-AA2B9000 (86016 bytes)
Module SystemRootsystem32driversspsys.sys AA2B9000-AA368000 (716800 bytes)
Module SystemRootsystem32driversmrxdav.sys AA368000-AA388000 (131072 bytes)
Module SystemRootsystem32DRIVERSmrxsmb.sys AA388000-AA3A7000 (126976 bytes)
Module SystemRootsystem32DRIVERSmrxsmb10.sys AA3A7000-AA3E0000 (233472 bytes)
Module SystemRootsystem32DRIVERSmrxsmb20.sys AA3E0000-AA3F8000 (98304 bytes)
Module SystemRootSystem32DRIVERSsrv2.sys 805AA000-805D1000 (159744 bytes)
Module SystemRootSystem32DRIVERSsrv.sys AAC01000-AAC4F000 (319488 bytes)
Module SystemRootsystem32DRIVERSmwlPSDNServ.sys AAC4F000-AAC58000 (36864 bytes)
Module SystemRootsystem32DRIVERSmwlPSDVDisk.sys AAC58000-AAC6A000 (73728 bytes)
Module SystemRootsystem32driverspeauth.sys AAC6A000-AAD48000 (909312 bytes)
Module SystemRootSystem32Driverssecdrv.SYS AAD48000-AAD52000 (40960 bytes)
Module SystemRootSystem32driverstcpipreg.sys AAD52000-AAD5E000 (49152 bytes)
Module SystemRootsystem32DRIVERScdfs.sys AAD5E000-AAD74000 (90112 bytes)
Module CUsersryanAppDataLocalTempkgtdrpog.sys AAD74000-AAD8B000 (94208 bytes)
Module WindowsSystem32ntdll.dll 77900000-77A27000 (1208320 bytes)

[ryno]

Module WindowsSystem32ntdll.dll 77900000-77A27000 (1208320 bytes)

---- Processes - GMER 1.0.15 ----

Process System Idle 0
Process System 4
Process CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe 324
Library CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe 0x00A40000
Library CWindowssystem32ntdll.dll 0x77900000
Library CWindowssystem32kernel32.dll 0x77A30000
Library CWindowssystem32WSOCK32.dll 0x72250000
Library CWindowssystem32WS2_32.dll 0x763D0000
Library CWindowssystem32msvcrt.dll 0x771A0000
Library CWindowssystem32ADVAPI32.dll 0x77740000
Library CWindowssystem32RPCRT4.dll 0x77670000
Library CWindowssystem32NSI.dll 0x77380000
Library CWindowssystem32SETUPAPI.dll 0x774E0000
Library CWindowssystem32GDI32.dll 0x77B10000
Library CWindowssystem32USER32.dll 0x77250000
Library CWindowssystem32OLEAUT32.dll 0x772F0000
Library CWindowssystem32ole32.dll 0x77390000
Library CWindowssystem32WTSAPI32.dll 0x75060000
Library CWindowssystem32USERENV.dll 0x76020000
Library CWindowssystem32Secur32.dll 0x76000000
Library CWindowssystem32IMM32.DLL 0x77860000
Library CWindowssystem32MSCTF.dll 0x762A0000
Library CWindowssystem32LPK.DLL 0x77190000
Library CWindowssystem32USP10.dll 0x77880000
Library CWindowssystem32NTMARTA.DLL 0x75480000
Library CWindowssystem32WLDAP32.dll 0x77810000
Library CWindowssystem32PSAPI.DLL 0x76160000
Library CWindowssystem32SAMLIB.dll 0x75C00000
Library CWindowssystem32mswsock.dll 0x75770000
Library CWindowsSystem32wshtcpip.dll 0x75450000
Library CWindowssystem32WINTRUST.dll 0x752B0000
Library CWindowssystem32CRYPT32.dll 0x75A80000
Library CWindowssystem32MSASN1.dll 0x75BE0000
Library CWindowssystem32imagehlp.dll 0x77160000

Process CProgram FilesBonjourmDNSResponder.exe 432
Library CProgram FilesBonjourmDNSResponder.exe 0x00400000
Library CWindowssystem32ntdll.dll 0x77900000
Library CWindowssystem32kernel32.dll 0x77A30000
Library CWindowssystem32WS2_32.dll 0x763D0000
Library CWindowssystem32msvcrt.dll 0x771A0000
Library CWindowssystem32ADVAPI32.dll 0x77740000
Library CWindowssystem32RPCRT4.dll 0x77670000
Library CWindowssystem32NSI.dll 0x77380000
Library CWindowssystem32IPHLPAPI.DLL 0x759E0000
Library CWindowssystem32dhcpcsvc.DLL 0x759A0000
Library CWindowssystem32DNSAPI.dll 0x75C20000
Library CWindowssystem32Secur32.dll 0x76000000
Library CWindowssystem32WINNSI.DLL 0x75990000
Library CWindowssystem32dhcpcsvc6.DLL 0x75960000
Library CWindowssystem32USER32.dll 0x77250000
Library CWindowssystem32GDI32.dll 0x77B10000
Library CWindowssystem32ole32.dll 0x77390000
Library CWindowssystem32OLEAUT32.dll 0x772F0000
Library CWindowssystem32IMM32.DLL 0x77860000
Library CWindowssystem32MSCTF.dll 0x762A0000
Library CWindowssystem32LPK.DLL 0x77190000
Library CWindowssystem32USP10.dll 0x77880000
Library CWindowssystem32rsaenh.dll 0x75520000
Library CWindowssystem32SHELL32.dll 0x76490000
Library CWindowssystem32SHLWAPI.dll 0x76370000
Library CWindowsWinSxSx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdb aa5a083979cccomctl32.dll 0x74EB0000
Library CWindowssystem32USERENV.dll 0x76020000
Library CWindowssystem32mswsock.dll 0x75770000
Library CWindowsSystem32wshtcpip.dll 0x75450000
Library CWindowsSystem32wship6.dll 0x757E0000

Process CWindowsSystem32smss.exe 444
Library CWindowsSystem32smss.exe 0x47DC0000
Library CWindowssystem32ntdll.dll 0x77900000

[ryno]

Library CWindowssystem32ntdll.dll 0x77900000

Process CProgram FilesLaunch Managerdsiwmis.exe 472
Library CProgram FilesLaunch Managerdsiwmis.exe 0x00400000
Library CWindowssystem32ntdll.dll 0x77900000
Library CWindowssystem32kernel32.dll 0x77A30000
Library CWindowssystem32ADVAPI32.dll 0x77740000
Library CWindowssystem32RPCRT4.dll 0x77670000
Library CWindowssystem32ole32.dll 0x77390000
Library CWindowssystem32msvcrt.dll 0x771A0000
Library CWindowssystem32GDI32.dll 0x77B10000
Library CWindowssystem32USER32.dll 0x77250000
Library CWindowssystem32OLEAUT32.dll 0x772F0000
Library CWindowssystem32IMM32.DLL 0x77860000
Library CWindowssystem32MSCTF.dll 0x762A0000
Library CWindowssystem32LPK.DLL 0x77190000
Library CWindowssystem32USP10.dll 0x77880000

Process CProgram FilesSynapticsSynTPSynTPEnh.exe 488
Library CProgram FilesSynapticsSynTPSynTPEnh.exe 0x00400000
Library CWindowssystem32ntdll.dll 0x77900000
Library CWindowssystem32kernel32.dll 0x77A30000
Library CWindowssystem32VERSION.dll 0x75470000
Library CWindowssystem32msvcrt.dll 0x771A0000
Library CWindowssystem32WINMM.dll 0x74C40000
Library CWindowssystem32USER32.dll 0x77250000
Library CWindowssystem32GDI32.dll 0x77B10000
Library CWindowssystem32ADVAPI32.dll 0x77740000
Library CWindowssystem32RPCRT4.dll 0x77670000
Library CWindowssystem32ole32.dll 0x77390000
Library CWindowssystem32OLEAUT32.dll 0x772F0000
Library CWindowssystem32OLEACC.dll 0x74C00000
Library CWindowssystem32PSAPI.DLL 0x76160000
Library CWindowssystem32comdlg32.dll 0x770E0000
Library CWindowssystem32SHLWAPI.dll 0x76370000
Library CWindowsWinSxSx86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18000_none_886 786f450a74a05COMCTL32.dll 0x73BB0000
Library CWindowssystem32SHELL32.dll 0x76490000
Library CWindowssystem32IMM32.DLL 0x77860000
Library CWindowssystem32MSCTF.dll 0x762A0000
Library CWindowssystem32LPK.DLL 0x77190000
Library CWindowssystem32USP10.dll 0x77880000
Library CWindowsWinSxSx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdb aa5a083979cccomctl32.dll 0x74EB0000
Library CWindowssystem32uxtheme.dll 0x751B0000
Library CWindowssystem32CLBCatQ.DLL 0x76400000
Library CWindowssystem32SynCOM.dll 0x10000000
Library CWindowssystem32SynTPAPI.dll 0x63010000
Library CWindowssystem32WINSTA.dll 0x75FD0000
Library CProgram FilesAcerAcer PowerSmart ManagerSysHook.dll 0x01970000
Library CWindowssystem32WINSPOOL.DRV 0x721C0000
Library CWindowssystem32PROPSYS.dll 0x748A0000
Library CWindowssystem32USERENV.dll 0x76020000
Library CWindowssystem32Secur32.dll 0x76000000
Library CWindowssystem32urlmon.dll 0x76170000
Library CWindowssystem32iertutil.dll 0x76FA0000
Library CWindowssystem32SETUPAPI.dll 0x774E0000
Library CWindowssystem32MPR.dll 0x75B80000