Nexplore/Stopzilla ETC, all in Firefox

Unknown

I've been fighting malware for about a month now, and had what seemed to be vundo. Before various rogue antispyware ads would pop up in IE when I used firefox, but now I'm getting stopzilla, nexplore, etc ads in firefox while using firefox. All help is very much appreciated



log.txt:


Logfile of random's system information tool 1.06 (written by random/random)
Run by Raven at 2009-04-26 11:35:20
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 66 GB (22%) free of 296 GB
Total RAM: 4093 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:29 AM, on 4/26/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Nexon\MapleStory\MapleStory.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Users\Raven\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Raven.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {e365ad1c-14d7-433f-931f-743eccfa5a28} - C:\Windows\SysWow64\hasotela.dll (file missing)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe /hide
O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [zazuzavema] Rundll32.exe "C:\Windows\system32\tudefoyi.dll",s
O4 - HKLM\..\Run: [CPMf71a7a37] Rundll32.exe "c:\windows\system32\yireniye.dll",a
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [CPMf71a7a37] Rundll32.exe "c:\windows\system32\yireniye.dll",a
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\system32\zudebipe.dll c:\windows\system32\yireniye.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\SysWow64\yireniye.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\SysWow64\yireniye.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9c20354573cf2) (gupdate1c9c20354573cf2) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10733 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2009-04-02 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-20 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-04-02 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e365ad1c-14d7-433f-931f-743eccfa5a28}]
C:\Windows\SysWow64\hasotela.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"=C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"NDSTray.exe"=NDSTray.exe []
"cfFncEnabler.exe"=cfFncEnabler.exe []
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe [2008-08-04 1242424]
"PCMAgent"=C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe [2007-12-13 143360]
"CLMLServer"=C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe [2008-07-10 188416]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2008-07-31 417792]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-04-02 148888]
"zazuzavema"=C:\Windows\system32\tudefoyi.dll,s []
"CPMf71a7a37"=c:\windows\system32\yireniye.dll [2009-04-26 106496]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [2008-04-24 432640]
"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2009-03-11 24095528]
"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe [2005-09-18 2217984]
"CPMf71a7a37"=c:\windows\system32\yireniye.dll [2009-04-26 106496]

C:\Users\Raven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\system32\zudebipe.dll c:\windows\system32\yireniye.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\SysWow64\yireniye.dll [2009-04-26 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\SysWow64\yireniye.dll [2009-04-26 106496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Windows\system32\zudebipe.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2009-04-26 11:35:20 ----D---- C:\rsit
2009-04-22 19:47:42 ----D---- C:\Users\Raven\AppData\Roaming\Nexon
2009-04-22 19:23:20 ----D---- C:\Nexon
2009-04-22 13:31:50 ----D---- C:\Users\Raven\AppData\Roaming\ManyCam
2009-04-22 13:31:49 ----D---- C:\Program Files (x86)\ManyCam 2.4
2009-04-22 10:00:01 ----D---- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2009-04-22 09:57:02 ----D---- C:\ProgramData\Blizzard
2009-04-21 18:17:09 ----D---- C:\VundoFix Backups
2009-04-21 18:17:09 ----A---- C:\VundoFix.txt
2009-04-20 16:58:56 ----D---- C:\ProgramData\Google Updater
2009-04-20 16:32:41 ----A---- C:\Windows\system32\icardres.dll
2009-04-20 16:32:40 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-04-20 16:32:39 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-04-20 16:32:39 ----A---- C:\Windows\system32\infocardapi.dll
2009-04-20 16:32:39 ----A---- C:\Windows\system32\icardagt.exe
2009-04-20 16:32:29 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-20 16:32:24 ----A---- C:\Windows\system32\PresentationHost.exe
2009-04-20 16:23:39 ----A---- C:\Windows\system32\netfxperf.dll
2009-04-20 16:23:19 ----A---- C:\Windows\system32\dfshim.dll
2009-04-20 16:23:10 ----A---- C:\Windows\system32\mscoree.dll
2009-04-20 16:22:52 ----A---- C:\Windows\system32\mscorier.dll
2009-04-20 16:22:48 ----A---- C:\Windows\system32\mscories.dll
2009-04-20 09:36:23 ----A---- C:\Windows\system32\mshtml.dll
2009-04-20 09:36:20 ----A---- C:\Windows\system32\ieframe.dll
2009-04-20 09:36:17 ----A---- C:\Windows\system32\urlmon.dll
2009-04-20 09:36:16 ----A---- C:\Windows\system32\wininet.dll
2009-04-20 09:36:15 ----A---- C:\Windows\system32\iertutil.dll
2009-04-20 09:36:11 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-20 09:36:10 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-20 09:36:07 ----A---- C:\Windows\system32\occache.dll
2009-04-20 09:36:07 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-20 09:36:07 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-20 09:36:06 ----A---- C:\Windows\system32\mstime.dll
2009-04-20 09:36:06 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-20 09:36:06 ----A---- C:\Windows\system32\ieencode.dll
2009-04-20 09:35:53 ----A---- C:\Windows\system32\winhttp.dll
2009-04-20 09:35:38 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-20 09:35:38 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-20 09:35:38 ----A---- C:\Windows\system32\iashost.exe
2009-04-20 09:35:38 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-20 09:35:38 ----A---- C:\Windows\system32\iasads.dll
2009-04-20 09:35:29 ----A---- C:\Windows\system32\secur32.dll
2009-04-20 09:35:29 ----A---- C:\Windows\system32\kernel32.dll
2009-04-20 09:35:29 ----A---- C:\Windows\system32\apilogen.dll
2009-04-20 09:35:29 ----A---- C:\Windows\system32\amxread.dll
2009-04-20 09:32:20 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-20 09:32:20 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-19 21:11:56 ----A---- C:\mysql-init.txt
2009-04-18 21:50:35 ----D---- C:\Users\Raven\AppData\Roaming\Malwarebytes
2009-04-18 21:50:23 ----D---- C:\ProgramData\Malwarebytes
2009-04-18 21:50:21 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-04-18 21:38:05 ----D---- C:\Program Files (x86)\Trend Micro
2009-04-16 16:38:35 ----D---- C:\Users\Raven\AppData\Roaming\MySQL
2009-04-15 13:48:05 ----D---- C:\Windows\Sun
2009-04-14 13:17:32 ----A---- C:\Windows\system32\xfcodec.dll
2009-04-13 12:02:42 ----A---- C:\Windows\system32\d3dx10_41.dll
2009-04-13 12:02:42 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2009-04-13 12:02:40 ----A---- C:\Windows\system32\D3DX9_41.dll
2009-04-13 12:02:39 ----A---- C:\Windows\system32\XAudio2_4.dll
2009-04-13 12:02:39 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2009-04-13 12:02:36 ----A---- C:\Windows\system32\xactengine3_4.dll
2009-04-13 12:02:36 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2009-04-13 10:46:47 ----D---- C:\ProgramData\ESET
2009-04-13 07:44:03 ----D---- C:\Games
2009-04-10 10:13:38 ----A---- C:\Windows\GunzLauncher.INI
2009-04-10 10:12:02 ----HD---- C:\Users\Raven\AppData\Roaming\ijjigame
2009-04-10 10:10:37 ----D---- C:\ProgramData\IJJIGame
2009-04-10 10:09:33 ----D---- C:\ijji
2009-04-06 21:31:32 ----D---- C:\Program Files (x86)\Sword of The New World
2009-04-05 20:45:51 ----D---- C:\Users\Raven\AppData\Roaming\OpenOffice.org
2009-04-05 07:06:55 ----D---- C:\Program Files (x86)\JRE
2009-04-05 07:06:50 ----D---- C:\Program Files (x86)\OpenOffice.org 3
2009-04-05 07:06:26 ----A---- C:\Windows\system32\javaws.exe
2009-04-05 07:06:26 ----A---- C:\Windows\system32\javaw.exe
2009-04-05 07:06:26 ----A---- C:\Windows\system32\java.exe
2009-04-04 16:27:16 ----D---- C:\Program Files (x86)\Rockstar Games
2009-04-02 22:25:40 ----A---- C:\Windows\system32\deploytk.dll
2009-03-31 22:12:39 ----A---- C:\Windows\kaillera.ini
2009-03-31 21:55:01 ----D---- C:\Users\Raven\AppData\Roaming\Hamachi
2009-03-31 15:12:36 ----A---- C:\Windows\system32\BASSMOD.dll
2009-03-31 14:35:21 ----D---- C:\Program Files (x86)\Game_Maker7
2009-03-28 22:17:04 ----D---- C:\Program Files (x86)\EA Games
2009-03-25 20:42:09 ----D---- C:\Program Files (x86)\Windows Live Safety Center
2009-03-24 18:06:52 ----D---- C:\Program Files (x86)\RAGNAROK BATTLE OFFLINE
2009-03-23 22:24:08 ----D---- C:\Program Files (x86)\Cave Story Deluxe
2009-03-23 16:37:35 ----D---- C:\ProgramData\MySQL
2009-03-22 16:48:57 ----D---- C:\Users\Raven\AppData\Roaming\Skype
2009-03-22 16:48:37 ----RD---- C:\Program Files (x86)\Skype
2009-03-22 16:48:32 ----D---- C:\ProgramData\Skype
2009-03-21 06:55:35 ----D---- C:\Users\Raven\AppData\Roaming\Xfire
2009-03-21 06:55:33 ----D---- C:\ProgramData\Xfire
2009-03-21 06:55:32 ----D---- C:\Program Files (x86)\Xfire
2009-03-20 22:15:21 ----A---- C:\Windows\system32\unicows.dll
2009-03-20 17:25:26 ----D---- C:\Users\Raven\AppData\Roaming\GetRightToGo
2009-03-18 11:21:46 ----A---- C:\Windows\kgt2k.INI
2009-03-11 10:59:16 ----A---- C:\Windows\system32\schannel.dll
2009-03-08 19:24:49 ----D---- C:\Program Files (x86)\Comical
2009-03-08 13:24:38 ----D---- C:\Program Files (x86)\QuickPar
2009-03-07 07:40:51 ----D---- C:\Users\Raven\AppData\Roaming\Nero
2009-03-07 07:39:31 ----A---- C:\Windows\system32\BCGPOleAcc.dll
2009-03-07 07:39:30 ----A---- C:\Windows\system32\TwnLib4.dll
2009-03-07 07:39:30 ----A---- C:\Windows\system32\imagXRA7.dll
2009-03-07 07:39:30 ----A---- C:\Windows\system32\imagXR7.dll
2009-03-07 07:39:30 ----A---- C:\Windows\system32\imagXpr7.dll
2009-03-07 07:39:30 ----A---- C:\Windows\system32\imagX7.dll
2009-03-07 07:39:30 ----A---- C:\Windows\system32\BCGCBPRO860u80.dll
2009-03-07 07:39:29 ----D---- C:\Program Files (x86)\Common Files\Nero
2009-03-07 07:39:28 ----D---- C:\Program Files (x86)\Nero
2009-03-06 20:05:01 ----D---- C:\Program Files (x86)\Pcsx2
2009-03-03 18:30:03 ----D---- C:\ProgramData\ConeXware
2009-03-01 16:42:10 ----D---- C:\Program Files (x86)\Tremulous
2009-03-01 10:14:37 ----D---- C:\Users\Raven\AppData\Roaming\MAXON
2009-03-01 10:11:53 ----A---- C:\Windows\unvise32.exe
2009-03-01 10:10:15 ----D---- C:\Program Files (x86)\MAXON
2009-02-28 10:19:29 ----D---- C:\Program Files (x86)\CCleaner
2009-02-27 11:48:17 ----D---- C:\Program Files (x86)\Topaz Labs
2009-02-27 11:01:36 ----AD---- C:\ProgramData\TEMP
2009-02-25 20:58:44 ----D---- C:\ProgramData\FLEXnet
2009-02-25 20:47:53 ----D---- C:\Program Files (x86)\Bonjour
2009-02-25 20:44:08 ----D---- C:\Windows\system32\spool
2009-02-25 20:40:44 ----D---- C:\Program Files (x86)\Common Files\Macrovision Shared
2009-02-22 13:38:47 ----D---- C:\wamp
2009-02-22 00:44:58 ----D---- C:\Users\Raven\AppData\Roaming\Thinstall
2009-02-21 00:27:59 ----D---- C:\Users\Raven\AppData\Roaming\Ubisoft
2009-02-21 00:27:59 ----D---- C:\ProgramData\Ubisoft
2009-02-21 00:26:02 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-02-21 00:26:02 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-02-21 00:26:00 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-02-21 00:25:57 ----A---- C:\Windows\system32\XAudio2_3.dll
2009-02-21 00:25:57 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2009-02-21 00:25:54 ----A---- C:\Windows\system32\xactengine3_3.dll
2009-02-21 00:25:53 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2009-02-21 00:25:50 ----A---- C:\Windows\system32\XAudio2_2.dll
2009-02-21 00:25:50 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2009-02-21 00:25:48 ----A---- C:\Windows\system32\xactengine3_2.dll
2009-02-21 00:25:47 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2009-02-21 00:25:46 ----A---- C:\Windows\system32\d3dx10_39.dll
2009-02-21 00:25:45 ----A---- C:\Windows\system32\D3DX9_39.dll
2009-02-21 00:25:42 ----A---- C:\Windows\system32\XAudio2_1.dll
2009-02-21 00:25:42 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2009-02-21 00:25:39 ----A---- C:\Windows\system32\xactengine3_1.dll
2009-02-21 00:25:38 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2009-02-21 00:25:36 ----A---- C:\Windows\system32\d3dx10_38.dll
2009-02-21 00:25:36 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2009-02-21 00:25:34 ----A---- C:\Windows\system32\D3DX9_38.dll
2009-02-21 00:23:54 ----D---- C:\Windows\system32\directx
2009-02-19 16:14:30 ----D---- C:\Users\Raven\AppData\Roaming\Final Draft
2009-02-19 16:08:42 ----A---- C:\Windows\system32\cdintf210.dll
2009-02-19 16:08:41 ----D---- C:\ProgramData\Final Draft
2009-02-19 16:08:32 ----D---- C:\Program Files (x86)\Final Draft 7
2009-02-17 17:10:33 ----A---- C:\Windows\game.ini
2009-02-17 16:31:53 ----SHD---- C:\Windows\ftpcache
2009-02-17 01:07:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-02-16 16:33:25 ----D---- C:\ProgramData\Futuremark
2009-02-16 16:28:32 ----D---- C:\Windows\system32\Futuremark
2009-02-16 16:28:32 ----D---- C:\Program Files (x86)\Common Files\Futuremark Shared
2009-02-16 16:26:50 ----D---- C:\Windows\system32\AGEIA
2009-02-16 16:26:49 ----D---- C:\Program Files (x86)\AGEIA Technologies
2009-02-16 16:26:27 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2009-02-16 16:26:23 ----A---- C:\Windows\system32\XAudio2_0.dll
2009-02-16 16:26:22 ----A---- C:\Windows\system32\xactengine3_0.dll
2009-02-16 16:26:21 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2009-02-16 16:26:20 ----A---- C:\Windows\system32\d3dx10_37.dll
2009-02-16 16:26:20 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2009-02-16 16:26:18 ----A---- C:\Windows\system32\D3DX9_37.dll
2009-02-16 16:26:17 ----A---- C:\Windows\system32\xactengine2_10.dll
2009-02-16 16:26:15 ----A---- C:\Windows\system32\d3dx10_36.dll
2009-02-16 16:26:15 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2009-02-16 16:26:14 ----A---- C:\Windows\system32\d3dx9_36.dll
2009-02-16 16:26:13 ----A---- C:\Windows\system32\xactengine2_9.dll
2009-02-16 16:26:08 ----A---- C:\Windows\system32\xactengine2_8.dll
2009-02-16 16:26:08 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2009-02-16 16:26:03 ----A---- C:\Windows\system32\xactengine2_7.dll
2009-02-16 16:26:02 ----A---- C:\Windows\system32\d3dx10_33.dll
2009-02-16 16:26:02 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2009-02-16 16:26:01 ----A---- C:\Windows\system32\d3dx9_33.dll
2009-02-16 16:25:59 ----A---- C:\Windows\system32\xactengine2_6.dll
2009-02-16 16:25:58 ----A---- C:\Windows\system32\xactengine2_5.dll
2009-02-16 16:25:57 ----A---- C:\Windows\system32\d3dx10.dll
2009-02-16 16:25:55 ----A---- C:\Windows\system32\xactengine2_4.dll
2009-02-16 16:25:55 ----A---- C:\Windows\system32\x3daudio1_1.dll
2009-02-16 16:25:54 ----A---- C:\Windows\system32\d3dx9_31.dll
2009-02-16 16:25:52 ----A---- C:\Windows\system32\xactengine2_3.dll
2009-02-16 16:25:51 ----A---- C:\Windows\system32\xinput1_2.dll
2009-02-16 16:25:50 ----A---- C:\Windows\system32\xactengine2_2.dll
2009-02-16 16:25:49 ----A---- C:\Windows\system32\xinput1_1.dll
2009-02-16 16:25:47 ----A---- C:\Windows\system32\xactengine2_1.dll
2009-02-16 16:25:37 ----A---- C:\Windows\system32\d3dx9_30.dll
2009-02-16 16:25:34 ----A---- C:\Windows\system32\xactengine2_0.dll
2009-02-16 16:25:34 ----A---- C:\Windows\system32\x3daudio1_0.dll
2009-02-16 16:25:33 ----A---- C:\Windows\system32\d3dx9_29.dll
2009-02-16 16:25:32 ----A---- C:\Windows\system32\d3dx9_28.dll
2009-02-16 16:25:29 ----A---- C:\Windows\system32\d3dx9_26.dll
2009-02-16 16:25:27 ----A---- C:\Windows\system32\d3dx9_25.dll
2009-02-16 16:25:26 ----A---- C:\Windows\system32\d3dx9_24.dll
2009-02-16 10:31:43 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2009-02-15 16:29:30 ----A---- C:\Windows\BlendSettings.ini
2009-02-15 15:26:02 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-02-15 15:25:10 ----D---- C:\Program Files (x86)\Bethesda Softworks
2009-02-15 15:22:47 ----A---- C:\Windows\system32\CmdLineExt_x64.dll
2009-02-15 15:21:17 ----D---- C:\Users\Raven\AppData\Roaming\WinRAR
2009-02-15 15:19:44 ----D---- C:\Users\Raven\AppData\Roaming\DAEMON Tools
2009-02-15 15:19:43 ----D---- C:\Users\Raven\AppData\Roaming\DAEMON Tools Pro
2009-02-15 15:19:00 ----D---- C:\ProgramData\DAEMON Tools Lite
2009-02-15 15:18:53 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2009-02-15 15:13:34 ----D---- C:\Users\Raven\AppData\Roaming\DAEMON Tools Lite
2009-02-15 11:07:41 ----D---- C:\Users\Raven\AppData\Roaming\CyberLink
2009-02-15 09:26:11 ----D---- C:\Program Files (x86)\uTorrent
2009-02-15 09:25:47 ----D---- C:\Users\Raven\AppData\Roaming\uTorrent
2009-02-14 23:34:36 ----A---- C:\Windows\system32\msshooks.dll
2009-02-14 23:34:36 ----A---- C:\Windows\system32\msscb.dll
2009-02-14 23:34:36 ----A---- C:\Windows\system32\mimefilt.dll
2009-02-14 23:34:34 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-02-14 23:34:34 ----A---- C:\Windows\system32\propdefs.dll
2009-02-14 23:34:34 ----A---- C:\Windows\system32\msstrc.dll
2009-02-14 23:34:34 ----A---- C:\Windows\system32\mssitlb.dll
2009-02-14 23:34:34 ----A---- C:\Windows\system32\chsbrkr.dll
2009-02-14 23:34:33 ----A---- C:\Windows\system32\thawbrkr.dll
2009-02-14 23:34:33 ----A---- C:\Windows\system32\rtffilt.dll
2009-02-14 23:34:33 ----A---- C:\Windows\system32\propsys.dll
2009-02-14 23:34:33 ----A---- C:\Windows\system32\offfilt.dll
2009-02-14 23:34:33 ----A---- C:\Windows\system32\mssprxy.dll
2009-02-14 23:34:33 ----A---- C:\Windows\system32\msshsq.dll
2009-02-14 23:34:33 ----A---- C:\Windows\system32\korwbrkr.dll
2009-02-14 23:34:32 ----A---- C:\Windows\system32\xmlfilter.dll
2009-02-14 23:34:32 ----A---- C:\Windows\system32\tquery.dll
2009-02-14 23:34:32 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-02-14 23:34:32 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-02-14 23:34:32 ----A---- C:\Windows\system32\nlhtml.dll
2009-02-14 23:34:32 ----A---- C:\Windows\system32\mssvp.dll
2009-02-14 23:34:32 ----A---- C:\Windows\system32\mssrch.dll
2009-02-14 23:34:32 ----A---- C:\Windows\system32\mssphtb.dll
2009-02-14 23:34:32 ----A---- C:\Windows\system32\mssph.dll
2009-02-14 23:34:32 ----A---- C:\Windows\system32\msscntrs.dll
2009-02-14 23:34:32 ----A---- C:\Windows\system32\chtbrkr.dll
2009-02-14 23:22:59 ----A---- C:\Windows\system32\tzres.dll
2009-02-14 23:11:17 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-02-14 23:11:15 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-02-14 23:10:59 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-02-14 23:10:57 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-02-14 23:10:33 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-02-14 23:09:09 ----A---- C:\Windows\system32\mf.dll
2009-02-14 23:09:07 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-02-14 23:09:06 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-02-14 23:09:06 ----A---- C:\Windows\system32\logagent.exe
2009-02-14 23:09:04 ----A---- C:\Windows\system32\win32spl.dll
2009-02-14 23:08:47 ----A---- C:\Windows\system32\shell32.dll
2009-02-14 23:08:40 ----A---- C:\Windows\system32\gdi32.dll
2009-02-14 23:08:37 ----A---- C:\Windows\system32\wshext.dll
2009-02-14 23:08:37 ----A---- C:\Windows\system32\wscript.exe
2009-02-14 23:08:37 ----A---- C:\Windows\system32\vbscript.dll
2009-02-14 23:08:37 ----A---- C:\Windows\system32\scrrun.dll
2009-02-14 23:08:37 ----A---- C:\Windows\system32\scrobj.dll
2009-02-14 23:08:37 ----A---- C:\Windows\system32\jscript.dll
2009-02-14 23:08:37 ----A---- C:\Windows\system32\cscript.exe
2009-02-14 23:08:33 ----A---- C:\Windows\system32\EncDec.dll
2009-02-14 23:08:29 ----A---- C:\Windows\system32\psisdecd.dll
2009-02-14 23:08:18 ----A---- C:\Windows\system32\msxml3.dll
2009-02-14 23:08:08 ----A---- C:\Windows\system32\msxml6.dll
2009-02-14 23:08:06 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-02-14 23:08:03 ----A---- C:\Windows\system32\polstore.dll
2009-02-14 23:08:03 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-02-14 23:08:02 ----A---- C:\Windows\system32\winipsec.dll
2009-02-14 23:07:49 ----A---- C:\Windows\system32\es.dll
2009-02-14 23:07:48 ----A---- C:\Windows\system32\inetcomm.dll
2009-02-14 23:07:46 ----A---- C:\Windows\system32\dataclen.dll
2009-02-14 23:07:44 ----A---- C:\Windows\system32\connect.dll
2009-02-14 23:07:42 ----A---- C:\Windows\system32\wmpeffects.dll
2009-02-14 23:07:39 ----A---- C:\Windows\system32\explorer.exe
2009-02-14 23:07:39 ----A---- C:\Windows\explorer.exe
2009-02-14 23:03:35 ----A---- C:\Windows\system32\wshqos.dll
2009-02-14 23:03:35 ----A---- C:\Windows\system32\traffic.dll
2009-02-14 23:03:35 ----A---- C:\Windows\system32\rpcrt4.dll
2009-02-14 23:03:35 ----A---- C:\Windows\system32\pacerprf.dll
2009-02-14 23:03:18 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-02-14 23:03:18 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-02-14 23:03:18 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-02-14 23:03:07 ----A---- C:\Windows\system32\Faultrep.dll
2009-02-14 23:02:14 ----A---- C:\Windows\system32\netapi32.dll
2009-02-14 22:57:00 ----A---- C:\Windows\system32\wups.dll
2009-02-14 22:57:00 ----A---- C:\Windows\system32\wudriver.dll
2009-02-14 22:57:00 ----A---- C:\Windows\system32\wuapi.dll
2009-02-14 22:56:50 ----A---- C:\Windows\system32\wuwebv.dll
2009-02-14 22:56:50 ----A---- C:\Windows\system32\wuapp.exe
2009-02-14 22:50:35 ----A---- C:\Windows\system32\d3dx10_35.dll
2009-02-14 22:50:35 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2009-02-14 22:50:34 ----A---- C:\Windows\system32\d3dx9_35.dll
2009-02-14 22:50:32 ----A---- C:\Windows\system32\d3dx10_34.dll
2009-02-14 22:50:32 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2009-02-14 22:50:31 ----A---- C:\Windows\system32\d3dx9_34.dll
2009-02-14 22:50:29 ----A---- C:\Windows\system32\xinput1_3.dll
2009-02-14 22:49:47 ----D---- C:\ProgramData\Media Center Programs
2009-02-14 22:47:45 ----D---- C:\Program Files (x86)\Electronic Arts
2009-02-14 20:22:12 ----D---- C:\Users\Raven\AppData\Roaming\Mount&Blade
2009-02-14 18:57:57 ----D---- C:\Program Files (x86)\Microsoft
2009-02-14 18:57:42 ----D---- C:\Program Files (x86)\Windows Live SkyDrive
2009-02-14 18:57:27 ----D---- C:\Program Files (x86)\Windows Live
2009-02-14 18:53:52 ----D---- C:\Program Files (x86)\Common Files\Windows Live
2009-02-14 18:52:30 ----D---- C:\Users\Raven\AppData\Roaming\Mozilla
2009-02-14 18:52:24 ----D---- C:\Program Files (x86)\Mozilla Firefox
2009-02-14 18:50:46 ----D---- C:\Users\Raven\AppData\Roaming\Macromedia
2009-02-14 18:47:47 ----D---- C:\Users\Raven\AppData\Roaming\Adobe
2009-02-14 18:13:15 ----D---- C:\Program Files (x86)\Sauerbraten
2009-02-14 17:36:00 ----D---- C:\Users\Raven\AppData\Roaming\Google
2009-02-14 17:16:19 ----D---- C:\Users\Raven\AppData\Roaming\Symantec
2009-02-14 17:16:18 ----D---- C:\Users\Raven\AppData\Roaming\ATI
2009-02-14 17:15:47 ----D---- C:\Users\Raven\AppData\Roaming\Identities
2009-02-14 17:15:33 ----SD---- C:\Users\Raven\AppData\Roaming\Microsoft
2009-02-14 17:15:33 ----D---- C:\Users\Raven\AppData\Roaming\Media Center Programs
2009-02-06 21:52:40 ----A---- C:\Windows\system32\sirenacm.dll

======List of files/folders modified in the last 3 months======

2009-04-26 11:35:29 ----D---- C:\Windows\Prefetch
2009-04-26 11:35:25 ----D---- C:\Windows\Temp
2009-04-26 11:07:37 ----ASH---- C:\Windows\system32\yireniye.dll
2009-04-26 11:07:35 ----D---- C:\Windows\SysWOW64
2009-04-26 11:07:29 ----ASH---- C:\Windows\system32\rokusuvu.dll
2009-04-26 11:07:29 ----ASH---- C:\Windows\system32\lazahuji.exe
2009-04-26 08:59:42 ----SHD---- C:\System Volume Information
2009-04-26 07:34:47 ----D---- C:\Windows\System32
2009-04-26 07:34:46 ----D---- C:\Windows\inf
2009-04-26 07:30:22 ----D---- C:\Windows\Tasks
2009-04-26 07:28:45 ----D---- C:\Windows
2009-04-26 07:28:19 ----D---- C:\Program Files (x86)
2009-04-26 07:16:53 ----HD---- C:\ProgramData
2009-04-25 22:09:08 ----ASH---- C:\Windows\system32\nayukesu.exe
2009-04-25 22:09:07 ----ASH---- C:\Windows\system32\lovalayi.dll
2009-04-25 22:09:05 ----N---- C:\Windows\system32\mujijiza.dll
2009-04-22 19:46:19 ----SHD---- C:\Windows\Installer
2009-04-22 12:31:55 ----D---- C:\Program Files (x86)\Common Files
2009-04-21 18:06:21 ----ASH---- C:\Windows\system32\tuhuduta.dll
2009-04-21 18:06:18 ----ASH---- C:\Windows\system32\digoteri.exe
2009-04-21 18:06:18 ----ASH---- C:\Windows\system32\bowagina.exe
2009-04-20 19:18:17 ----D---- C:\Windows\Microsoft.NET
2009-04-20 19:18:01 ----RSD---- C:\Windows\assembly
2009-04-20 17:05:18 ----D---- C:\Windows\rescache
2009-04-20 16:59:46 ----D---- C:\Windows\winsxs
2009-04-20 16:58:57 ----D---- C:\Program Files (x86)\Google
2009-04-20 16:46:39 ----D---- C:\Windows\system32\manifeststore
2009-04-20 16:46:39 ----D---- C:\Windows\AppPatch
2009-04-20 16:46:38 ----D---- C:\Program Files (x86)\Internet Explorer
2009-04-20 16:46:36 ----D---- C:\Windows\system32\XPSViewer
2009-04-20 16:46:30 ----D---- C:\Windows\system32\wbem
2009-04-20 16:46:30 ----D---- C:\Windows\system32\en-US
2009-04-20 16:40:00 ----D---- C:\Windows\Debug
2009-04-20 16:22:34 ----D---- C:\Program Files (x86)\Windows Mail
2009-04-20 16:22:22 ----D---- C:\ProgramData\Microsoft Help
2009-04-20 09:33:27 ----D---- C:\Windows\system32\drivers
2009-04-20 09:23:40 ----D---- C:\Windows\registration
2009-04-19 20:35:09 ----RSD---- C:\Windows\Fonts
2009-04-13 12:02:07 ----HD---- C:\Windows\msdownld.tmp
2009-04-13 10:46:47 ----RD---- C:\Program Files
2009-04-13 10:41:52 ----D---- C:\Program Files (x86)\Common Files\Symantec Shared
2009-04-13 10:39:46 ----D---- C:\ProgramData\Symantec
2009-04-05 20:34:43 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2009-04-05 07:06:26 ----D---- C:\Program Files (x86)\Java
2009-04-03 15:08:38 ----D---- C:\MaxPayne
2009-03-26 18:55:25 ----D---- C:\Program Files (x86)\Adobe
2009-02-25 20:48:24 ----D---- C:\ProgramData\Adobe
2009-02-25 20:47:52 ----D---- C:\Program Files (x86)\Common Files\Adobe
2009-02-21 00:24:07 ----D---- C:\Windows\Logs
2009-02-19 16:08:48 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2009-02-17 10:53:25 ----D---- C:\Program Files (x86)\Toshiba Registration
2009-02-15 15:27:14 ----SD---- C:\ProgramData\Microsoft
2009-02-15 11:07:44 ----D---- C:\ProgramData\CyberLink
2009-02-15 07:21:06 ----D---- C:\Windows\LiveKernelReports
2009-02-14 23:38:23 ----D---- C:\Windows\PolicyDefinitions
2009-02-14 23:38:20 ----D---- C:\Windows\ehome
2009-02-14 23:38:16 ----D---- C:\Windows\system32\migration
2009-02-14 23:21:14 ----A---- C:\Windows\win.ini
2009-02-14 23:14:46 ----D---- C:\Windows\SoftwareDistribution
2009-02-14 19:08:56 ----D---- C:\Program Files (x86)\Toshiba
2009-02-14 19:07:35 ----D---- C:\ProgramData\Google
2009-02-14 19:05:58 ----D---- C:\ProgramData\WildTangent
2009-02-14 17:16:02 ----SHD---- C:\$RECYCLE.BIN
2009-02-14 17:15:50 ----D---- C:\Windows\system32\sysprep
2009-02-14 17:15:33 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys []
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys []
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmpx64.sys []
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimspx64.sys []
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdpx64.sys []
R3 AgereSoftModem;TOSHIBA Software Modem; C:\Windows\system32\DRIVERS\agrsm64.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam_x64.sys []
R3 NETw5v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ; C:\Windows\system32\DRIVERS\NETw5v64.sys []
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys []
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys []
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS []
S3 a60vf93n;a60vf93n; C:\Windows\system32\drivers\a60vf93n.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 dump_wmimmc;dump_wmimmc; \??\C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys []
S3 ENTECH64;ENTECH64; \??\C:\Windows\system32\DRIVERS\ENTECH64.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2005-01-01 4682]
S3 SVRPEDRV;SVRPEDRV; \??\C:\Windows\SysWOW64\sysprep\UP_date\PEDrv.sys []
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 KR10I64;KR10I64; C:\Windows\system32\drivers\kr10i64.sys []
S4 KR10N64;KR10N64; C:\Windows\system32\drivers\kr10n64.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agr64svc.exe []
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2008-06-27 36864]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2008-07-10 40960]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-02-06 727720]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-04-30 1371136]
R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Program Files\MySQL\MySQL Server 5.1\my.ini MySQL []
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-04-30 826368]
R2 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-07-18 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe []
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2008-02-06 434016]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2008-04-11 158568]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 175104]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 84992]
S2 gupdate1c9c20354573cf2;Google Update Service (gupdate1c9c20354573cf2); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-04-20 133104]
S2 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-20 183280]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 23296]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-25 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-02-16 2741114]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]

---

EOF

---

RaRaRaven

And the info.txt:


info.txt logfile of random's system information tool 1.06 2009-04-26 11:35:31

======Uninstall list======

-->"C:\Program Files (x86)\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->MsiExec /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
-->MsiExec.exe /I{0CDCA5CD-C404-41FD-9216-9B4B3D24A7AA}
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {00C5525B-3CB3-467D-8100-2E6FB306CD86}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office system-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files (x86)\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Burnout(TM) Paradise The Ultimate Box-->MsiExec.exe /X{9A996B6A-846E-4A89-B9C4-17546B7BE49F}
Camera Assistant Software for Toshiba-->C:\Program Files (x86)\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x0009
Catalyst Control Center - Branding-->MsiExec.exe /I{69E5255D-9D43-4CFF-8984-843ABD7753B7}
Cave Story Deluxe-->C:\Program Files (x86)\Cave Story Deluxe\Uninstal.exe
CCleaner (remove only)-->"C:\Program Files (x86)\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->C:\Program Files (x86)\InstallShield Installation Information\{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}\setup.exe -runfromtemp -l0x0009 -removeonly
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CINEMA 4D Release 11-->C:\Windows\unvise32.exe C:\Program Files (x86)\MAXON\CINEMA 4D R11\uninstal_C4D.log
Comical 0.8-->"C:\Program Files (x86)\Comical\unins000.exe"
ConcealedStory-->MsiExec.exe /I{2BF01869-AD94-4DF3-92BF-383C33ED9447}
CryEngine(R)2 Sandbox(TM)2-->MsiExec.exe /I{EA0B63C1-E579-43DD-A5F7-0DA5E9092554}
Crysis(R) SP Demo-->MsiExec.exe /I{92AF2F5A-4407-4A03-A80A-5A2582264746}
CyberLink PowerCinema for TOSHIBA-->"C:\Program Files (x86)\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" /z-uninstall
CyberLink PowerCinema for TOSHIBA-->"C:\Program Files (x86)\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" /z-uninstall
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
Futuremark SystemInfo-->C:\Program Files (x86)\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe -runfromtemp -l0x0009 -removeonly
Game Maker 7.0-->C:\Program Files (x86)\Game_Maker7\Uninstal.exe
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe" -uninstall
Grand Theft Auto Vice City-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\setup.exe" -l0x9
HijackThis 2.0.2-->"C:\Program Files (x86)\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
ijji - Gunz-->C:\ijji\ENGLISH\Gunz\Uninstall.exe
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
La Tale-->C:\Games\OGP\La Tale\Uninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
ManyCam 2.4 (remove only)-->"C:\Program Files (x86)\ManyCam 2.4\uninstall.exe"
MapleStory-->MsiExec.exe /I{3062D9D0-0EF0-4F0D-9575-26013FF60FC9}
Max Payne 2-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}\Setup.exe" -l0x9
Max Payne-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{39930321-4C58-4B8B-BCBF-342698C9801D}\Setup.exe" uninstall uninstall
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mirror's Edgeâ„¢-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
Mozilla Firefox (3.0.9)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 8 Micro v8.3.6.0-->"C:\Program Files (x86)\Nero\unins000.exe"
NET Render Release 11-->C:\Windows\unvise32.exe C:\Program Files (x86)\MAXON\NET Render R11\uninstal_NET.log
NVIDIA PhysX v8.10.17-->MsiExec.exe /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
Oblivion - Horse Armor Pack-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}\setup.exe" -l0x9 -removeonly
Oblivion - Mehrunes Razor-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}\setup.exe" -l0x9 -removeonly
Oblivion - Orrery-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}\setup.exe" -l0x9 -removeonly
Oblivion - Spell Tomes-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}\setup.exe" -l0x9 -removeonly
Oblivion - Thieves Den-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}\setup.exe" -l0x9 -removeonly
Oblivion - Vile Lair-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}\setup.exe" -l0x9 -removeonly
Oblivion - Wizard's Tower-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{2F2E3D62-8B8C-448F-8900-451325E50948}\setup.exe" -l0x9 -removeonly
Oblivion-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
Operation Optimization v1.1.1-->"C:\Program Files (x86)\Bethesda Softworks\Oblivion\Operation Optimization\unins000.exe"
Pcsx2 0.9.6-->MsiExec.exe /I{0E2B767B-EA6A-489B-BF83-8083FE1DB661}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickBooks Financial Center-->MsiExec.exe /I{890EF3F8-742F-46BD-9E8E-084B3A1F4364}
QuickPar 0.9-->C:\Program Files (x86)\QuickPar\uninst.exe
Ragnarok Battle Offline-->C:\Users\Raven\Desktop\Too Hard\Ragnarok Battle Offline\Uninstal.exe
RBO Extra Scenario Vol.1-->"C:\Users\Raven\Desktop\Too Hard\Ragnarok Battle Offline\unins000.exe"
RBO Extra Scenario Vol.2-->"C:\Users\Raven\Desktop\Too Hard\Ragnarok Battle Offline\unins001.exe"
RBO Extra Scenario Vol.3-->"C:\Users\Raven\Desktop\Too Hard\Ragnarok Battle Offline\unins002.exe"
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -removeonly
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Sauerbraten-->"C:\Program Files (x86)\Sauerbraten\uninstall.exe"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Skypeâ„¢ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sword of The New World-->"C:\Program Files (x86)\Sword of The New World\unins000.exe"
Topaz Adjust-->MsiExec.exe /I{59C2E0E4-0859-4EC1-BCD3-53DBCEFE7AFA}
Topaz Denoise-->MsiExec.exe /I{2E5BC664-72A6-45BB-9D80-6479DEBF8902}
Topaz Simplify-->MsiExec.exe /I{C1ABF5E0-C3C9-4AE6-B4F2-4CB8F5E6A27C}
Toshiba Assist-->C:\Program Files (x86)\InstallShield Installation Information\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA ConfigFree-->MsiExec.exe /X{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}
TOSHIBA Desktop Links-->C:\Program Files (x86)\InstallShield Installation Information\{E1E56B8A-1AAF-422A-91DB-625059FB9863}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA DVD PLAYER-->C:\Program Files (x86)\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files (x86)\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
TOSHIBA Face Recognition-->"C:\Program Files (x86)\InstallShield Installation Information\{F67FA545-D8E5-4209-86B1-AEE045D1003F}\setup.exe" -runfromtemp -l0x0409 -removeonly
TOSHIBA Hardware Setup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{2883F6F5-0509-43F3-868C-D50330DD9DD3}\setup.exe" -l0x9
TOSHIBA PowerCinema Helper-->MsiExec.exe /X{FB356619-7ECE-42BC-A28A-541973E29F28}
Toshiba Registration-->MsiExec.exe /I{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
TOSHIBA Service Station-->C:\Program Files (x86)\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA Supervisor Password-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}\setup.exe" -l0x9
TOSHIBA Value Added Package-->C:\Program Files (x86)\InstallShield Installation Information\{066CFFF8-12BF-4390-A673-75F95EFF188E}\setup.exe -runfromtemp -l0x0409
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
virtualPhotographer 1.5.6-->"C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Plug-Ins\Filters\unins000.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live OneCare safety scanner-->"C:\Program Files (x86)\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
World of Warcraft-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only)-->"C:\Program Files (x86)\Xfire\uninst.exe"

======Hosts File======

127.0.0.1 localhost
::1 localhost
82.98.231.89 url.adtrgt.com
82.98.231.89 googleads2.gdoubleclick.net

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Raven-Laptop
Event Code: 10010
Message: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
Record Number: 40011
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090426112432.000000-000
Event Type: Error
User:

Computer Name: Raven-Laptop
Event Code: 10002
Message: WLAN Extensibility Module has stopped.

Module Path: C:\Windows\System32\IWMSSvc.dll

Record Number: 40024
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090426122654.877200-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Raven-Laptop
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 40025
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090426122655.329600-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Raven-Laptop
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 40037
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090426122804.354224-000
Event Type: Error
User:

Computer Name: Raven-Laptop
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FA1ECABA. The following error occurred:
The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 40158
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090426152851.000000-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: Raven-Laptop
Event Code: 20
Message:
Record Number: 38563
Source Name: Google Update
Time Written: 20090426124313.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Raven-Laptop
Event Code: 20
Message:
Record Number: 38564
Source Name: Google Update
Time Written: 20090426134313.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Raven-Laptop
Event Code: 20
Message:
Record Number: 38568
Source Name: Google Update
Time Written: 20090426144313.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Raven-Laptop
Event Code: 1
Message: The application (Maple story, from vendor Wizet) has the following problem: Maple story is incompatible with this version of Windows. For more information, contact Wizet.
Record Number: 38569
Source Name: Microsoft-Windows-ApplicationExperienceInfrastructure
Time Written: 20090426154452.782924-000
Event Type: Warning
User: Raven-Laptop\Raven

Computer Name: Raven-Laptop
Event Code: 1
Message: The application (Maple story, from vendor Wizet) has the following problem: Maple story is incompatible with this version of Windows. For more information, contact Wizet.
Record Number: 38573
Source Name: Microsoft-Windows-ApplicationExperienceInfrastructure
Time Written: 20090426160339.336324-000
Event Type: Warning
User: Raven-Laptop\Raven

=====Security event log=====

Computer Name: Raven-Laptop
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2
Record Number: 6722
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090426152854.593424-000
Event Type: Audit Failure
User:

Computer Name: Raven-Laptop
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2
Record Number: 6723
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090426152854.593424-000
Event Type: Audit Failure
User:

Computer Name: Raven-Laptop
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: RAVEN-LAPTOP$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x304
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 6724
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090426152929.912824-000
Event Type: Audit Success
User:

Computer Name: Raven-Laptop
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: RAVEN-LAPTOP$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x304
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 6725
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090426152929.912824-000
Event Type: Audit Success
User:

Computer Name: Raven-Laptop
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 6726
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090426152929.912824-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~2\COMMON~1\ULEADS~1\MPEG;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Intel\WiFi\bin\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE

---

EOF

---

Katana

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

1. Please Read All Instructions Carefully
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you
4. Please continue to respond until I give you the "All Clear"
   (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

---

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.


Please note:-
Your log shows signs that this is a 64 bit machine.
Most of the tools we use don't run on 64 bit machines, so the help I can offer is limited.
I will do my best though

If you still require help please do the following



Download OTListIt2:

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
• Post both logs individually please.