Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

"Ending Program - n"

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

"Ending Program - n"

Unread postby Jonah11 » October 24th, 2009, 3:08 pm

Hi,

I noticed when I shut down today a popup that said "Ending Program - n," and that seemed like a red flag for an infection of some sort. After googling, I found nothing definitive on this answer, though it's listed as a trojan on process library:

http://www.processlibrary.com/directory/files/n/

In any case, I ran esetnod32, malwarebytes, and spybot s&d. eset and spybot came up clean and malware bytes found a suspicous .log and .dat file. Below I've pasted both the HijackThis log and then, after it, the malwarebytes log.

Thanks for any help with this. For what it's worth, I'm not longer seeing the "Ending program - n" message when I shutdown, but I'm still worried.

-------------------HijackThis Log-----------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:29 PM, on 10/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBServer\bin\fbguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBAdminUtils\BridgeService.exe
C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBServer\bin\fbserver.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Documents and Settings\JG\Local Settings\Application Data\HumanizedEnso\Enso.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Documents and Settings\JG\Application Data\Dropbox\bin\Dropbox.exe
E:\Data\Documents\Coding\AutoIt\EggCrack.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [HumanizedEnso] C:\Documents and Settings\JG\Local Settings\Application Data\HumanizedEnso\Enso.exe --disable-monologue-boxes
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1715567821-1644491937-839522115-1008\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\JG\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: EggCrack.exe.lnk = E:\Data\Documents\Coding\AutoIt\EggCrack.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files\Evernote\Evernote3.5\enbar.dll/2000
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PDFill\DownloadPDF.exe
O9 - Extra button: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\Documents and Settings\All Users\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\Documents and Settings\All Users\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5097986171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5687307593
O18 - Protocol: nyf - {C4BA8816-8761-4164-8E33-56F3024A09E4} - C:\Program Files\myBase\ienyf.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBServer\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBServer\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: VIP DB Bridge Service (VIPBridgeService) - VIP Quality Software, Ltd - C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBAdminUtils\BridgeService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe

--
End of file - 12523 bytes



-------------------Malware Bytes Log-----------------------

Malwarebytes' Anti-Malware 1.41
Database version: 3026
Windows 5.1.2600 Service Pack 3

10/24/2009 12:48:17 PM
mbam-log-2009-10-24 (12-48-17).txt

Scan type: Quick Scan
Objects scanned: 122460
Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK090508.log (Malware.Trace) -> Quarantined and deleted successfully.
Jonah11
Active Member
 
Posts: 7
Joined: October 24th, 2009, 2:56 pm
Advertisement
Register to Remove

Re: "Ending Program - n"

Unread postby MWR 3 day Mod » October 27th, 2009, 6:27 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: "Ending Program - n"

Unread postby peku006 » October 30th, 2009, 9:00 am

Hello and welcome to Malware Removal.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

  • If you don't know or understand something please don't hesitate to ask
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

1 - download and run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

2 - Status Check
Please reply with

logs from RSIT (log.txt ,info.txt)

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: "Ending Program - n"

Unread postby Jonah11 » October 30th, 2009, 5:10 pm

Here is log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by JG at 2009-10-30 16:05:20
Microsoft Windows XP Professional Service Pack 3
System drive C: has 86 GB (71%) free of 120 GB
Total RAM: 2047 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:05:24 PM, on 10/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBServer\bin\fbguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBAdminUtils\BridgeService.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Documents and Settings\JG\Local Settings\Application Data\HumanizedEnso\Enso.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Documents and Settings\JG\Application Data\Dropbox\bin\Dropbox.exe
E:\Data\Documents\Coding\AutoIt\EggCrack.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBServer\bin\fbserver.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Radmin Viewer 3\Radmin.exe
C:\Program Files\Evernote\Evernote3.5\Evernote.exe
C:\Program Files\Klok\Klok.exe
C:\Program Files\Hoversnap\HoverSnap.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Vim\vim72\gvim.exe
C:\Program Files\Mozilla Thunderbird 3.0 Beta 4\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\eclipse\eclipse.exe
C:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe
C:\Documents and Settings\JG\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\JG.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [HumanizedEnso] C:\Documents and Settings\JG\Local Settings\Application Data\HumanizedEnso\Enso.exe --disable-monologue-boxes
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1715567821-1644491937-839522115-1008\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\JG\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: EggCrack.exe.lnk = E:\Data\Documents\Coding\AutoIt\EggCrack.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files\Evernote\Evernote3.5\enbar.dll/2000
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PDFill\DownloadPDF.exe
O9 - Extra button: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\Documents and Settings\All Users\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\Documents and Settings\All Users\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5097986171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5687307593
O18 - Protocol: nyf - {C4BA8816-8761-4164-8E33-56F3024A09E4} - C:\Program Files\myBase\ienyf.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBServer\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBServer\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: VIP DB Bridge Service (VIPBridgeService) - VIP Quality Software, Ltd - C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBAdminUtils\BridgeService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe

--
End of file - 13145 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-07-06 5956424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-31 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-07-06 5956424]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HumanizedEnso"=C:\Documents and Settings\JG\Local Settings\Application Data\HumanizedEnso\Enso.exe [2008-01-14 117232]
"Taskbar Shuffle"=C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe [2008-04-17 818176]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2009-07-06 160592]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
C:\Program Files\Replay Media Catcher\FLVSrvc.exe [2009-09-22 156672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2004-08-25 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-25 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firefly]
C:\Program Files\SnapStream Media\Firefly\Firefly.exe [2006-06-05 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-28 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
C:\Program Files\Sandboxie\SbieCtrl.exe [2009-01-05 336896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-01-29 23975720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-31 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files\VirtualCloneDrive\VCDDaemon.exe [2008-06-29 52168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe [2004-08-25 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2009-07-20 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^JG^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
C:\PROGRA~1\COMMON~1\Logishrd\eReg\SetPoint\eReg.exe [2008-11-07 517384]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
UltraMon.lnk - C:\WINDOWS\Installer\{1C94C999-15D2-4C75-9A73-BCC8A677D42E}\IcoUltraMon.ico

C:\Documents and Settings\JG\Start Menu\Programs\Startup
Dropbox.lnk - C:\Documents and Settings\JG\Application Data\Dropbox\bin\Dropbox.exe
EggCrack.exe.lnk - E:\Data\Documents\Coding\AutoIt\EggCrack.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-25 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian"
"C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBAdminUtils\BridgeService.exe"="C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBAdminUtils\BridgeService.exe:*:Enabled:VIP DB Bridge Service"
"C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBServer\bin\fbserver.exe"="C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBServer\bin\fbserver.exe:*:Enabled:Firebird SQL Server"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\WINDOWS\system32\rserver30\rserver3.exe"="C:\WINDOWS\system32\rserver30\rserver3.exe:*:Enabled:Radmin Server 3"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\Boxee\BOXEE.exe"="C:\Program Files\Boxee\BOXEE.exe:*:Enabled:Boxee "
"C:\Program Files\cwRsync\bin\rsync.exe"="C:\Program Files\cwRsync\bin\rsync.exe:*:Enabled:rsync"
"C:\Program Files\Pidgin\pidgin.exe"="C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-10-30 16:05:20 ----D---- C:\rsit
2009-10-27 10:32:04 ----D---- C:\Program Files\Java Decompiler
2009-10-27 10:29:05 ----D---- C:\Program Files\AVI-Mux_GUI-1.17.8
2009-10-26 17:53:28 ----D---- C:\Program Files\ExactFile
2009-10-24 14:45:49 ----D---- C:\Documents and Settings\JG\Application Data\Doit.im.2A4FBC65A8766CA36EFEAC67D621E1CEDF0FC84D.1
2009-10-24 14:45:47 ----D---- C:\Program Files\Doit.im
2009-10-24 14:10:32 ----D---- C:\Program Files\ProcessExplorer
2009-10-24 12:58:50 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-10-24 12:58:50 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-24 12:33:15 ----D---- C:\Documents and Settings\JG\Application Data\Malwarebytes
2009-10-24 12:33:08 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-24 12:33:07 ----D---- C:\Program Files\Malwarebytes
2009-10-22 18:10:21 ----D---- C:\Documents and Settings\All Users\Application Data\SnapStream
2009-10-22 18:10:08 ----D---- C:\Program Files\Common Files\Snapstream
2009-10-22 18:09:41 ----D---- C:\Program Files\SnapStream Media
2009-10-21 15:10:19 ----D---- C:\Program Files\BMP Image Viewer
2009-10-20 00:17:36 ----D---- C:\Program Files\StarUML
2009-10-19 23:49:30 ----D---- C:\Documents and Settings\JG\Application Data\SmartDraw
2009-10-19 23:47:37 ----D---- C:\Program Files\SmartDraw 2010
2009-10-19 22:55:47 ----D---- C:\Documents and Settings\JG\Application Data\Any Video Converter
2009-10-19 22:55:34 ----D---- C:\Program Files\Any Video Converter
2009-10-15 22:05:02 ----D---- C:\Program Files\Hoversnap
2009-10-15 21:46:11 ----D---- C:\Program Files\DoylesRoom Casino
2009-10-14 20:17:21 ----D---- C:\Documents and Settings\JG\Application Data\Logitech
2009-10-14 20:16:59 ----D---- C:\Documents and Settings\JG\Application Data\Leadertech
2009-10-14 20:16:39 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2009-10-14 20:13:36 ----A---- C:\WINDOWS\system32\BtCoreIf.dll
2009-10-14 20:13:32 ----A---- C:\WINDOWS\system32\KemXML.dll
2009-10-14 20:13:32 ----A---- C:\WINDOWS\system32\KemWnd.dll
2009-10-14 20:13:32 ----A---- C:\WINDOWS\system32\KemUtil.dll
2009-10-14 20:13:32 ----A---- C:\WINDOWS\system32\kemutb.dll
2009-10-14 20:13:17 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2009-10-14 20:13:03 ----D---- C:\Program Files\Common Files\Logishrd
2009-10-14 20:12:58 ----D---- C:\Program Files\Logitech
2009-10-13 20:34:52 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-13 20:34:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-13 20:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-13 20:34:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-13 20:34:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-13 20:34:17 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-13 20:34:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-13 20:34:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-13 20:33:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-13 20:30:11 ----D---- C:\WINDOWS\SQLTools9_KB970892_ENU
2009-10-13 20:28:25 ----D---- C:\WINDOWS\SQL9_KB970892_ENU
2009-10-12 15:05:26 ----D---- C:\python-projects
2009-10-12 13:08:09 ----D---- C:\Program Files\Ghostview
2009-10-05 17:48:18 ----D---- C:\Python25
2009-10-05 17:20:08 ----D---- C:\django-projects
2009-10-05 13:28:28 ----D---- C:\Program Files\7-Zip
2009-10-04 15:29:43 ----D---- C:\Documents and Settings\JG\Application Data\Mp3tag
2009-10-04 15:28:32 ----D---- C:\Program Files\Mp3tag
2009-10-03 22:10:08 ----D---- C:\Documents and Settings\JG\Application Data\XBMC
2009-10-03 22:08:48 ----D---- C:\Program Files\XBMC
2009-10-02 12:06:00 ----A---- C:\WINDOWS\system32\gfkernel.dll
2009-10-02 12:05:57 ----A---- C:\WINDOWS\system32\vbsgf.dll
2009-10-02 12:05:55 ----D---- C:\Program Files\GetFLV
2009-10-02 11:55:27 ----D---- C:\Documents and Settings\JG\Application Data\Wireshark
2009-10-02 11:27:04 ----D---- C:\Program Files\Wireshark
2009-10-02 02:19:23 ----D---- C:\Documents and Settings\JG\Application Data\DonationCoder
2009-10-02 02:18:41 ----D---- C:\Program Files\WinPcap
2009-10-02 02:18:22 ----D---- C:\Documents and Settings\All Users\Application Data\DonationCoder
2009-10-02 02:18:21 ----D---- C:\Program Files\URLSnooper2

======List of files/folders modified in the last 1 months======

2009-10-30 16:05:19 ----D---- C:\WINDOWS\Prefetch
2009-10-30 16:04:59 ----D---- C:\WINDOWS\temp
2009-10-30 16:02:39 ----D---- C:\Documents and Settings\JG\Application Data\Hamachi
2009-10-30 16:00:55 ----D---- C:\Documents and Settings\JG\Application Data\.purple
2009-10-30 13:50:24 ----D---- C:\eclipse
2009-10-30 12:47:28 ----D---- C:\Program Files\Mozilla Firefox
2009-10-29 23:57:58 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-29 23:52:46 ----D---- C:\Documents and Settings\JG\Application Data\vlc
2009-10-29 22:40:59 ----D---- C:\Documents and Settings\JG\Application Data\uTorrent
2009-10-29 17:25:41 ----RSD---- C:\WINDOWS\Fonts
2009-10-29 17:25:41 ----D---- C:\WINDOWS\system32
2009-10-29 16:58:51 ----D---- C:\Documents and Settings\JG\Application Data\Dropbox
2009-10-29 10:58:50 ----D---- C:\Program Files\Mozilla Thunderbird 3.0 Beta 4
2009-10-27 10:32:07 ----RD---- C:\Program Files
2009-10-27 10:27:06 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-26 18:30:57 ----SH---- C:\boot.ini
2009-10-26 18:30:57 ----A---- C:\WINDOWS\win.ini
2009-10-26 18:30:57 ----A---- C:\WINDOWS\system.ini
2009-10-26 18:27:18 ----D---- C:\Program Files\Taskbar Shuffle
2009-10-26 18:25:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-26 16:29:18 ----D---- C:\Documents and Settings\JG\Application Data\Adobe
2009-10-25 16:35:43 ----D---- C:\Documents and Settings\JG\Application Data\Canon
2009-10-24 14:45:48 ----SHD---- C:\WINDOWS\Installer
2009-10-24 14:45:48 ----HD---- C:\Config.Msi
2009-10-24 14:10:39 ----D---- C:\WINDOWS\system32\drivers
2009-10-24 12:48:17 ----D---- C:\WINDOWS
2009-10-22 18:23:24 ----HD---- C:\WINDOWS\inf
2009-10-22 18:10:08 ----D---- C:\Program Files\Common Files
2009-10-21 11:19:18 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-10-20 16:43:08 ----D---- C:\Documents and Settings\JG\Application Data\Skype
2009-10-20 16:38:31 ----D---- C:\Documents and Settings\JG\Application Data\skypePM
2009-10-20 14:59:27 ----SD---- C:\WINDOWS\Tasks
2009-10-15 13:23:56 ----D---- C:\WINDOWS\pss
2009-10-15 11:26:49 ----D---- C:\Documents and Settings\JG\Application Data\gtk-2.0
2009-10-14 20:15:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-14 20:15:25 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-10-14 20:13:08 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-14 12:52:09 ----D---- C:\Program Files\internet explorer
2009-10-13 21:44:45 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-13 21:44:15 ----RSD---- C:\WINDOWS\assembly
2009-10-13 20:42:49 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-10-13 20:34:48 ----A---- C:\WINDOWS\imsins.BAK
2009-10-13 20:34:46 ----D---- C:\WINDOWS\WinSxS
2009-10-13 20:34:36 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-13 20:33:40 ----D---- C:\WINDOWS\ie8updates
2009-10-13 20:33:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-13 20:30:21 ----D---- C:\Program Files\Microsoft SQL Server
2009-10-13 20:30:19 ----D---- C:\WINDOWS\Registration
2009-10-11 22:57:23 ----D---- C:\Program Files\Replay Media Catcher
2009-10-11 22:54:07 ----A---- C:\WINDOWS\system32\rmc_fixasf.exe
2009-10-11 22:54:05 ----A---- C:\WINDOWS\system32\rmc_rtspdl.dll
2009-10-06 13:19:12 ----D---- C:\WINDOWS\Help
2009-10-05 17:45:48 ----D---- C:\Python26
2009-10-05 17:37:18 ----D---- C:\Documents and Settings\JG\Application Data\MySQL
2009-10-05 01:46:32 ----D---- C:\Program Files\AutoIt3
2009-10-02 13:01:57 ----A---- C:\WINDOWS\system32\MRT.exe
2009-10-02 12:00:25 ----A---- C:\WINDOWS\system32\AUDIOGENIE2.DLL

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 atitray;atitray; \??\C:\Program Files\ATI Tray Tools\atitray.sys []
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-03-06 3840]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 raddrvv3;raddrvv3; \??\C:\WINDOWS\system32\rserver30\raddrvv3.sys []
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2009-06-17 10384]
R2 UltraMonUtility;UltraMon Utility Driver; \??\C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-02-20 25280]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2009-06-17 20240]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2009-06-17 63248]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2009-06-17 79248]
R3 mirrorv3;mirrorv3; C:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-10-19 33280]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-10-19 12928]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-03-20 47360]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys []
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2008-09-24 29184]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-10-26 223104]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2008-12-23 50704]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBServer\bin\fbguard.exe [2006-01-29 65536]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-31 153376]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Program Files\MySQL\MySQL Server 5.1\my.ini MySQL []
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-04 69632]
R2 RServer3;Radmin Server V3; C:\WINDOWS\system32\rserver30\RServer3.exe [2008-11-08 1238344]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2009-01-05 52224]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 VIPBridgeService;VIP DB Bridge Service; C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBAdminUtils\BridgeService.exe [2008-02-13 3668992]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBServer\bin\fbserver.exe [2006-01-29 1531972]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-25 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-20 655624]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2008-12-23 117264]
S3 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe [2003-12-21 20480]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------




Here is info.txt

info.txt logfile of random's system information tool 1.06 2009-10-30 16:05:26

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /X{27579b3c-5470-4496-be6c-0c872674f19f}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Acrobat 9 Pro - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000004}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Any Video Converter 2.7.8-->"C:\Program Files\Any Video Converter\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Aspell English Dictionary-0.50-2-->"C:\Program Files\Aspell\unins001.exe"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{CDC131DB-C744-460C-832E-6E0C25AB6F03}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoIt v3.3.0.0-->C:\Program Files\AutoIt3\Uninstall.exe
Belarc Advisor 8.1-->"C:\PROGRA~1\Belarc\Advisor\Uninstall.exe" "C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon MP Navigator EX 2.0-->"C:\Program Files\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 2.0\uninst.ini
Canon MP480 series MP Drivers-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP480_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP480_series /L0x0009
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Command Prompt Here PowerToy-->rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 132 C:\WINDOWS\INF\DosHere.inf
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
CrossFont version 5.4-->"C:\Program Files\CrossFnt\unins000.exe"
CuteFTP 8 Professional-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91F34319-08DE-457A-99C0-0BCDFAC145B9}\Setup.exe" -l0x9
cwRsync (remove only)-->"C:\Program Files\cwRsync\uninstall.exe"
Debugging Tools for Windows (x86)-->MsiExec.exe /I{300A2961-B2B5-4889-9CB9-5C2A570D08AD}
DeltaCopy-->MsiExec.exe /I{D6E5F58F-C879-4EC1-90F7-BA31BABF10C9}
Doit.im-->msiexec /qb /x {7FDF5BD1-CF0D-7484-3CF5-6ED1C55FDAD5}
Doit.im-->MsiExec.exe /I{7FDF5BD1-CF0D-7484-3CF5-6ED1C55FDAD5}
Doyles Room-->"C:\Program Files\DoylesRoom Casino\Install.exe" -u
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2-->"C:\Program Files\DVDFab 5\unins000.exe"
erLT-->MsiExec.exe /I{A498D9EB-927B-459B-85D6-DD6EF8C2C564}
Evernote-->MsiExec.exe /X{F761359C-9CED-45AE-9A51-9D6605CD55C4}
ExactFile 1.0.0.15-->"C:\Program Files\ExactFile\unins000.exe"
FileZilla Client 3.2.7.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Final Draft-->MsiExec.exe /I{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}
Firebird 1.5.3.4870 with CollatePTBR-->"C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBServer\unins000.exe"
Flopzilla-->MsiExec.exe /I{1018E89B-3FEE-46C0-B500-A6CD304E0EE4}
Flopzilla-->MsiExec.exe /I{E3FD9B2D-E9E6-48D4-BB13-924D1994CCB9}
Font Xplorer 1.2.2 -->C:\Program Files\Font Xplorer\Uninstall.exe C:\PROGRA~1\FONTXP~1\Install.log
Foxit PDF Editor-->C:\Program Files\Foxit Software\PDF Editor\uninstall.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
FTPGetter 3 3.20.0.15-->"C:\Program Files\FTPGetter\unins000.exe"
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)-->C:\WINDOWS\SQL9_KB970892_ENU\Hotfix.exe /Uninstall
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)-->C:\WINDOWS\SQLTools9_KB970892_ENU\Hotfix.exe /Uninstall
GetFLV Pro 8.8.46-->"C:\Program Files\GetFLV\unins000.exe"
GNU Aspell 0.50-3-->"C:\Program Files\Aspell\unins000.exe"
GPL Ghostscript 8.64-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.64\uninstal.txt"
GSview 4.9-->C:\Program Files\Ghostview\gsview\uninstgs.exe "C:\Program Files\Ghostview\gsview\uninstal.txt"
GTK+ Runtime 2.14.7 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Holdem Manager-->MsiExec.exe /I{42DE940E-8037-4266-9FBF-5A3AEDA39E96}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Document Viewer 7.0-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Klok-->msiexec /qb /x {86079CC9-FDED-0395-3726-FC05CF44A651}
Klok-->MsiExec.exe /I{86079CC9-FDED-0395-3726-FC05CF44A651}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Link Shell Extension-->"C:\Program Files\LinkShellExtension\uninst-HardlinkShellExt_win32.exe"
Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Magic ISO Maker v5.5 (build 0276)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Device Emulator version 1.0 - ENU-->MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools-->MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
Microsoft Sync Framework Runtime v1.0 (x86)-->MsiExec.exe /I{A8BD5A60-E843-46DC-8271-ABF20756BE0F}
Microsoft Sync Framework Services v1.0 (x86)-->MsiExec.exe /I{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Microsoft Visual Studio 2005 Professional Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
MiKTeX 2.7-->"C:\Program Files\MiKTeX 2.7\miktex\bin\copystart_admin.exe" "C:\Program Files\MiKTeX 2.7\miktex\config\uninstall.dat"
Mozilla Firefox (3.5.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
Mozilla Thunderbird (3.0b4)-->C:\Program Files\Mozilla Thunderbird 3.0 Beta 4\uninstall\helper.exe
Mp3tag v2.44-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
myBase Desktop 5.5.1 (Unicode Build)-->"C:\Program Files\myBase\unins000.exe"
MySQL Server 5.1-->MsiExec.exe /I{2496F1D4-B171-4070-955C-2CF9FCAB2194}
MySQL Tools for 5.0-->MsiExec.exe /I{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}
Nero 8-->MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NewsLeecher v3.9 Beta 15-->"C:\Program Files\NewsLeecher\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PDFill PDF Editor with FREE Writer and Free Tools-->MsiExec.exe /I{D1399216-81B2-457C-A0F7-73B9A2EF6902}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
Pokerazor 1.38-->c:\Pokerazor\uninst.exe
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PokerStove version 1.23-->"C:\Program Files\PokerStove\unins000.exe"
PostgreSQL 8.3-->MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224}
Python 2.5 MySQL-python-1.2.2-->"C:\Python25\RemoveMySQL-python.exe" -u "C:\Python25\MySQL-python-wininst.log"
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Radmin Server 3.3-->MsiExec.exe /X{3CC6CDEA-692E-45C4-8FF8-3AB0C198B785}
Radmin Viewer 3.3-->MsiExec.exe /X{EEAA3E5E-1296-45AD-A59E-5D63F604867D}
Ray Adams ATI Tray Tools-->"C:\Program Files\ATI Tray Tools\uninstall.exe"
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Replay Media Catcher 2.40-->"C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Program Files\Replay Media Catcher\Uninstall\uninstall.xml"
Replay Media Catcher 3.01-->"C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Program Files\Replay Media Catcher\Uninstall\uninstall.xml"
Replay Media Catcher 3.11-->"C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Program Files\Replay Media Catcher\Uninstall\uninstall.xml"
Sandboxie 3.34-->"C:\WINDOWS\Installer\SandboxieInstall.exe" /remove
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {94E2AAC1-CAE5-4F73-B0D1-C471BA1F8E2A} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB947738)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {66DA9ADD-B1C4-4891-84D6-706E216B411B} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971023)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {6803DF8A-43CE-4E52-B455-0B9B09D6E2D1} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971090)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {BECB938C-6BC2-48C6-A0A6-4B61E85F584C} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB973673)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {964C8238-245C-4475-BB6E-D19D2C1220F2} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Snapstream Firefly 1.2.1.916-->"C:\Program Files\SnapStream Media\Firefly\uninstall-ff.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StarUML 5.0.2.1570-->"C:\Program Files\StarUML\unins000.exe"
StoxEV-->MsiExec.exe /I{4AEAEC17-6C93-485C-A6A3-B457396F9BA0}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
SyncToy 2.0 (x86)-->MsiExec.exe /I{AFDFC350-C142-4790-BE12-8357AECD028F}
Taskbar Shuffle version 2.5-->"C:\Program Files\Taskbar Shuffle\unins000.exe"
TortoiseSVN 1.5.8.15348 (32 bit)-->MsiExec.exe /X{790E65B3-909D-422C-971D-B58B304F81B5}
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
uberOptions 4.80.4.1-->C:\Program Files\Logitech\SetPoint\uberOptions\uninst.exe
UltimateBet-->"C:\Program Files\UltimateBet\unins000.exe"
UltraMon-->MsiExec.exe /I{1C94C999-15D2-4C75-9A73-BCC8A677D42E}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB969497)-->"C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
URL Snooper v2.23.01-->"C:\Program Files\URLSnooper2\unins000.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
ViEmu 1.5 for Word and Outlook-->MsiExec.exe /I{F773DB35-971D-4409-8DC7-74F080ED374E}
ViEmu 2.2 for Visual Studio-->MsiExec.exe /I{D93B8799-422C-46EC-B78E-04194CB4EF59}
Vim 7.2 (self-installing)-->C:\Program Files\Vim\vim72\uninstall-gui.exe
VIP Task Manager Professional 4.0.1.602-->"C:\Program Files\VIP Quality Software\VIP Task Manager Professional\unins000.exe"
VirtualCloneDrive-->"C:\Program Files\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\VirtualCloneDrive"
VLC media player 1.0.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WhoCrashed 1.01-->"C:\Program Files\WhoCrashed\unins000.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 4.1 beta5-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wireshark 1.2.2-->"C:\Program Files\Wireshark\uninstall.exe"
XNote Stopwatch-->C:\Program Files\XNote Stopwatch\uninstall.exe

======Hosts File======

127.0.0.1 swupmf.adobe.com activate.adobe.com
127.0.0.1 www.newsleecher.com
127.0.0.1 newsleecher.com

======Security center information======

AV: ESET NOD32 Antivirus 4.0

======System event log======

Computer Name: JONAH
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000FEAECF509. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 7508
Source Name: Dhcp
Time Written: 20090901165437.000000-300
Event Type: warning
User:

Computer Name: JONAH
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000FEAECF509. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 7506
Source Name: Dhcp
Time Written: 20090901165433.000000-300
Event Type: warning
User:

Computer Name: JONAH
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000FEAECF509. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 7504
Source Name: Dhcp
Time Written: 20090901165428.000000-300
Event Type: warning
User:

Computer Name: JONAH
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000FEAECF509. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 7502
Source Name: Dhcp
Time Written: 20090901165423.000000-300
Event Type: warning
User:

Computer Name: JONAH
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000FEAECF509. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 7500
Source Name: Dhcp
Time Written: 20090901165419.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: JONAH
Event Code: 3
Message: The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Record Number: 962
Source Name: SQLBrowser
Time Written: 20090714090459.000000-300
Event Type: warning
User:

Computer Name: JONAH
Event Code: 3
Message: The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Record Number: 914
Source Name: SQLBrowser
Time Written: 20090712094242.000000-300
Event Type: warning
User:

Computer Name: JONAH
Event Code: 3
Message: The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Record Number: 866
Source Name: SQLBrowser
Time Written: 20090707094018.000000-300
Event Type: warning
User:

Computer Name: JONAH
Event Code: 3
Message: The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Record Number: 818
Source Name: SQLBrowser
Time Written: 20090706200608.000000-300
Event Type: warning
User:

Computer Name: JONAH
Event Code: 3
Message: The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Record Number: 771
Source Name: SQLBrowser
Time Written: 20090706195733.000000-300
Event Type: warning
User:

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip;E:\Data\Documents\BlackjackStuff\blackjack\blackjack.jar
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\MiKTeX 2.7\miktex\bin;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\TortoiseSVN\bin;C:\Program Files\QuickTime\QTSystem;c:\python25;C:\Python25\Lib\site-packages\django\bin;C:\Program Files\Microsoft SQL Server\90\Tools\binn\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 31 Stepping 0, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=1f00
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VS80COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
"windir"=%SystemRoot%

-----------------EOF-----------------
Jonah11
Active Member
 
Posts: 7
Joined: October 24th, 2009, 2:56 pm

Re: "Ending Program - n"

Unread postby peku006 » October 31st, 2009, 4:50 am

Hi Jonah11

Download and run OTS

  • Download OTS by Oldtimer to your Desktop and double-click on it to extract the files.

      NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Click the Scan All Users checkbox on the toolbar.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessry).

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: "Ending Program - n"

Unread postby Jonah11 » October 31st, 2009, 1:05 pm

Code: Select all
OTS logfile created on: 10/31/2009 12:00:05 PM - Run 1
OTS by OldTimer - Version 3.1.1.5     Folder = C:\Documents and Settings\JG\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.69% Memory free
3.85 Gb Paging File | 3.20 Gb Available in Paging File | 83.04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 117.19 Gb Total Space | 83.61 Gb Free Space | 71.35% Space Free | Partition Type: NTFS
Drive D: | 53.70 Gb Total Space | 38.28 Gb Free Space | 71.28% Space Free | Partition Type: FAT32
Drive E: | 180.90 Gb Total Space | 155.71 Gb Free Space | 86.08% Space Free | Partition Type: NTFS
Drive F: | 95.33 Gb Total Space | 14.01 Gb Free Space | 14.70% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 931.52 Gb Total Space | 68.31 Gb Free Space | 7.33% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
 
Computer Name: JONAH
Current User Name: JG
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\JG\Desktop\OTS.exe -> [2009/10/31 11:45:46 | 00,523,264 | ---- | M] (OldTimer Tools)
eggcrack.exe -> E:\Data\Documents\Coding\AutoIt\EggCrack.exe -> [2009/10/05 11:03:01 | 00,299,353 | ---- | M] ()
mysqld.exe -> C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe -> [2009/09/04 20:37:40 | 06,041,600 | ---- | M] ()
dropbox.exe -> C:\Documents and Settings\JG\Application Data\Dropbox\bin\Dropbox.exe -> [2009/08/27 22:27:42 | 26,784,939 | ---- | M] ()
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/07/31 15:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
setpoint.exe -> C:\Program Files\Logitech\SetPoint\SetPoint.exe -> [2009/07/20 12:30:50 | 00,813,584 | ---- | M] (Logitech, Inc.)
khalmnpr.exe -> C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe -> [2009/07/10 12:42:32 | 00,055,824 | ---- | M] (Logitech, Inc.)
robotaskbaricon.exe -> C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe -> [2009/07/06 20:18:04 | 00,160,592 | ---- | M] (Siber Systems)
sqlservr.exe -> C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -> [2009/05/27 03:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.)
hamachi.exe -> C:\Program Files\Hamachi\hamachi.exe -> [2009/02/20 01:31:45 | 00,625,952 | ---- | M] (LogMeIn Inc.)
tsvncache.exe -> C:\Program Files\TortoiseSVN\bin\TSVNCache.exe -> [2009/02/13 19:16:20 | 00,577,536 | ---- | M] (http://tortoisesvn.net)
ekrn.exe -> C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2009/02/06 14:23:36 | 00,727,720 | ---- | M] (ESET)
egui.exe -> C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe -> [2009/02/06 14:23:12 | 02,021,400 | ---- | M] (ESET)
ultramontaskbar.exe -> C:\Program Files\UltraMon\UltraMonTaskbar.exe -> [2009/01/12 02:03:56 | 00,329,728 | ---- | M] (Realtime Soft Ltd)
ultramon.exe -> C:\Program Files\UltraMon\UltraMon.exe -> [2009/01/12 01:41:22 | 00,471,040 | ---- | M] (Realtime Soft Ltd)
sbiesvc.exe -> C:\Program Files\Sandboxie\SbieSvc.exe -> [2009/01/05 09:39:52 | 00,052,224 | ---- | M] (tzuk)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
sqlwriter.exe -> C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -> [2008/11/24 23:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation)
sqlbrowser.exe -> C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -> [2008/11/24 23:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation)
rserver3.exe -> C:\WINDOWS\system32\rserver30\rserver3.exe -> [2008/11/08 16:11:10 | 01,238,344 | ---- | M] (Famatech International Corp.)
famitrfc.exe -> C:\WINDOWS\system32\rserver30\FamItrfc.Exe -> [2008/11/08 16:10:54 | 00,124,232 | ---- | M] (Famatech International Corp.)
postgres.exe -> C:\Program Files\PostgreSQL\8.3\bin\postgres.exe -> [2008/09/19 07:30:34 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group)
postgres.exe -> C:\Program Files\PostgreSQL\8.3\bin\postgres.exe -> [2008/09/19 07:30:34 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group)
postgres.exe -> C:\Program Files\PostgreSQL\8.3\bin\postgres.exe -> [2008/09/19 07:30:34 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group)
postgres.exe -> C:\Program Files\PostgreSQL\8.3\bin\postgres.exe -> [2008/09/19 07:30:34 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group)
postgres.exe -> C:\Program Files\PostgreSQL\8.3\bin\postgres.exe -> [2008/09/19 07:30:34 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group)
postgres.exe -> C:\Program Files\PostgreSQL\8.3\bin\postgres.exe -> [2008/09/19 07:30:34 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group)
pg_ctl.exe -> C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -> [2008/09/19 03:03:58 | 00,065,536 | ---- | M] (PostgreSQL Global Development Group)
presentationfontcache.exe -> C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation)
taskbarshuffle.exe -> C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe -> [2008/04/17 02:28:48 | 00,818,176 | ---- | M] (Jay Elaraj)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
nbservice.exe -> C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -> [2008/02/18 17:29:12 | 00,877,864 | ---- | M] (Nero AG)
bridgeservice.exe -> C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBAdminUtils\BridgeService.exe -> [2008/02/13 15:13:40 | 03,668,992 | ---- | M] (VIP Quality Software, Ltd)
enso.exe -> C:\Documents and Settings\JG\Local Settings\Application Data\HumanizedEnso\Enso.exe -> [2008/01/14 15:42:04 | 00,117,232 | ---- | M] ()
ioctlsvc.exe -> C:\WINDOWS\system32\IoctlSvc.exe -> [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.)
hpzipm12.exe -> C:\WINDOWS\system32\HPZipm12.exe -> [2006/03/04 00:03:10 | 00,069,632 | ---- | M] (HP)
fbserver.exe -> C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBServer\bin\fbserver.exe -> [2006/01/29 02:05:20 | 01,531,972 | ---- | M] (The Firebird Project)
fbguard.exe -> C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBServer\bin\fbguard.exe -> [2006/01/29 02:05:20 | 00,065,536 | ---- | M] (The Firebird Project)
ati2evxx.exe -> C:\WINDOWS\system32\ati2evxx.exe -> [2004/08/25 00:26:56 | 00,389,120 | ---- | M] ()
ati2evxx.exe -> C:\WINDOWS\system32\ati2evxx.exe -> [2004/08/25 00:26:56 | 00,389,120 | ---- | M] ()
wdfmgr.exe -> C:\WINDOWS\system32\wdfmgr.exe -> [2004/08/11 02:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation)
hoversnap.exe -> C:\Program Files\Hoversnap\HoverSnap.exe -> [2003/08/26 13:40:48 | 00,404,480 | ---- | M] ()
 
[Win32 Services - Safe List]
(MySQL) MySQL [Win32_Own | Auto | Running] -> C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe -> [2009/09/04 20:37:40 | 06,041,600 | ---- | M] ()
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/07/31 15:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
(LBTServ) Logitech Bluetooth Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -> [2009/07/20 12:28:10 | 00,121,360 | ---- | M] (Logitech, Inc.)
(MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) [Win32_Own | Auto | Running] -> C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -> [2009/05/27 03:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.)
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009/02/20 02:45:05 | 00,655,624 | ---- | M] (Acresso Software Inc.)
(EhttpSrv) ESET HTTP Server [Win32_Own | On_Demand | Stopped] -> C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -> [2009/02/06 14:27:06 | 00,020,680 | ---- | M] (ESET)
(ekrn) ESET Service [Win32_Own | Auto | Running] -> C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2009/02/06 14:23:36 | 00,727,720 | ---- | M] (ESET)
(SbieSvc) Sandboxie Service [Win32_Own | Auto | Running] -> C:\Program Files\Sandboxie\SbieSvc.exe -> [2009/01/05 09:39:52 | 00,052,224 | ---- | M] (tzuk)
(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> C:\Program Files\WinPcap\rpcapd.exe -> [2008/12/23 10:35:20 | 00,117,264 | ---- | M] (CACE Technologies, Inc.)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(SQLWriter) SQL Server VSS Writer [Win32_Own | Auto | Running] -> C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -> [2008/11/24 23:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation)
(SQLBrowser) SQL Server Browser [Win32_Own | Auto | Running] -> C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -> [2008/11/24 23:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation)
(MSSQLServerADHelper) SQL Server Active Directory Helper [Win32_Own | Disabled | Stopped] -> C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -> [2008/11/24 23:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation)
(RServer3) Radmin Server V3 [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\rserver30\RServer3.exe -> [2008/11/08 16:11:10 | 01,238,344 | ---- | M] (Famatech International Corp.)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation)
(pgsql-8.3) PostgreSQL Database Server 8.3 [Win32_Own | Auto | Running] -> C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -> [2008/09/19 03:03:58 | 00,065,536 | ---- | M] (PostgreSQL Global Development Group)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Running] -> C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(Irmon) Infrared Monitor [Win32_Shared | Auto | Running] -> C:\WINDOWS\system32\irmon.dll -> [2008/04/13 19:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation)
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -> [2008/02/28 18:07:48 | 00,529,704 | ---- | M] (Nero AG)
(Nero BackItUp Scheduler 3) Nero BackItUp Scheduler 3 [Win32_Own | Auto | Running] -> C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -> [2008/02/18 17:29:12 | 00,877,864 | ---- | M] (Nero AG)
(VIPBridgeService) VIP DB Bridge Service [Win32_Own | Auto | Running] -> C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBAdminUtils\BridgeService.exe -> [2008/02/13 15:13:40 | 03,668,992 | ---- | M] (VIP Quality Software, Ltd)
(PLFlash DeviceIoControl Service) PLFlash DeviceIoControl Service [Win32_Own | Auto | Running] -> C:\WINDOWS\system32\IoctlSvc.exe -> [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.)
(msvsmon80) Visual Studio 2005 Remote Debugger [Win32_Own | Disabled | Stopped] -> C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -> [2006/12/02 07:17:54 | 02,805,000 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Running] -> C:\WINDOWS\system32\HPZipm12.exe -> [2006/03/04 00:03:10 | 00,069,632 | ---- | M] (HP)
(FirebirdServerDefaultInstance) Firebird Server - DefaultInstance [Win32_Own | On_Demand | Running] -> C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBServer\bin\fbserver.exe -> [2006/01/29 02:05:20 | 01,531,972 | ---- | M] (The Firebird Project)
(FirebirdGuardianDefaultInstance) Firebird Guardian - DefaultInstance [Win32_Own | Auto | Running] -> C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBServer\bin\fbguard.exe -> [2006/01/29 02:05:20 | 00,065,536 | ---- | M] (The Firebird Project)
(HP Status Server) HP Status Server [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE -> [2004/10/16 08:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> C:\WINDOWS\system32\ati2sgag.exe -> [2004/08/25 15:52:00 | 00,516,096 | ---- | M] ()
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> C:\WINDOWS\system32\ati2evxx.exe -> [2004/08/25 00:26:56 | 00,389,120 | ---- | M] ()
(UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Running] -> C:\WINDOWS\system32\wdfmgr.exe -> [2004/08/11 02:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation)
(x10nets) X10 Device Network Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Snapstream\Common\X10nets.exe -> [2003/12/21 15:30:54 | 00,020,480 | ---- | M] (X10)
 
[Driver Services - Safe List]
(LMouKE) SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\LMouKE.Sys -> [2009/06/17 11:56:24 | 00,079,248 | ---- | M] (Logitech, Inc.)
(LBeepKE) LBeepKE [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\LBeepKE.sys -> [2009/06/17 11:55:34 | 00,010,384 | ---- | M] (Logitech, Inc.)
(L8042mou) SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\L8042mou.Sys -> [2009/06/17 11:55:26 | 00,063,248 | ---- | M] (Logitech, Inc.)
(L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\L8042Kbd.sys -> [2009/06/17 11:55:18 | 00,020,240 | ---- | M] (Logitech, Inc.)
(pcouffin) VSO Software pcouffin [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pcouffin.sys -> [2009/03/20 17:23:53 | 00,047,360 | ---- | M] (VSO Software)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbaapl.sys -> [2009/03/05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.)
(hamachi) Hamachi Network Interface [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hamachi.sys -> [2009/02/20 01:31:45 | 00,025,280 | ---- | M] (LogMeIn, Inc.)
(epfwtdir) epfwtdir [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\epfwtdir.sys -> [2009/02/06 14:24:24 | 00,093,336 | ---- | M] (ESET)
(ehdrv) ehdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ehdrv.sys -> [2009/02/06 14:23:18 | 00,106,208 | ---- | M] (ESET)
(eamon) eamon [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\eamon.sys -> [2009/02/06 14:19:52 | 00,113,448 | ---- | M] (ESET)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -> [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.)
(SbieDrv) SbieDrv [Kernel | On_Demand | Running] -> C:\Program Files\Sandboxie\SbieDrv.sys -> [2009/01/05 09:39:52 | 00,103,936 | ---- | M] (tzuk)
(NPF) NetGroup Packet Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\npf.sys -> [2008/12/23 10:35:02 | 00,050,704 | ---- | M] (CACE Technologies, Inc.)
(UltraMonUtility) UltraMon Utility Driver [Kernel | Auto | Running] -> C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -> [2008/11/14 03:11:30 | 00,017,184 | ---- | M] (Realtime Soft Ltd)
(VClone) VClone [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\VClone.sys -> [2008/09/24 05:29:25 | 00,029,184 | ---- | M] (Elaborate Bytes AG)
(adfs) adfs [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\adfs.sys -> [2008/08/14 08:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.)
(ElbyCDIO) ElbyCDIO Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ElbyCDIO.sys -> [2008/07/21 07:11:58 | 00,024,392 | ---- | M] (Elaborate Bytes AG)
(raddrvv3) raddrvv3 [Kernel | System | Running] -> C:\WINDOWS\system32\rserver30\raddrvv3.sys -> [2008/04/24 07:49:26 | 00,045,848 | ---- | M] (Famatech International Corp.)
(nm) Network Monitor Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nmnt.sys -> [2008/04/13 13:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2008/04/13 11:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(BANTExt) Belarc SMBios Access [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\BANTExt.sys -> [2008/03/06 11:51:14 | 00,003,840 | ---- | M] ()
(atitray) atitray [Kernel | System | Running] -> C:\Program Files\ATI Tray Tools\atitray.sys -> [2007/05/22 04:04:54 | 00,018,088 | ---- | M] ()
(mirrorv3) mirrorv3 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\rminiv3.sys -> [2006/11/01 05:01:56 | 00,003,328 | ---- | M] (Famatech International Corp.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2006/02/28 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ALCXWDM.SYS -> [2004/11/17 06:05:38 | 02,297,664 | ---- | M] (Realtek Semiconductor Corp.)
(yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\yk51x86.sys -> [2004/10/26 18:24:00 | 00,223,104 | R--- | M] (Marvell)
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nvnetbus.sys -> [2004/10/19 15:01:04 | 00,012,928 | R--- | M] (NVIDIA Corporation)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NVENETFD.sys -> [2004/10/19 15:01:02 | 00,033,280 | R--- | M] (NVIDIA Corporation)
(nvatabus) nvatabus [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\nvatabus.sys -> [2004/09/02 01:24:38 | 00,082,816 | R--- | M] (NVIDIA Corporation)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2004/08/25 00:28:46 | 00,787,456 | ---- | M] (ATI Technologies Inc.)
(GVCplDrv) GVCplDrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\GVCplDrv.sys -> [2004/05/02 03:47:08 | 00,023,040 | R--- | M] ()
(StillCam) Still Serial Digital Camera Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\serscan.sys -> [2001/08/17 16:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation)
(irsir) Microsoft Serial Infrared Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\irsir.sys -> [2001/08/17 08:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation)
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\JG\Desktop\OTS.exe -> [2009/10/31 11:45:46 | 00,523,264 | ---- | M] (OldTimer Tools)
gdiplus.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll -> [2009/08/13 08:55:04 | 01,748,992 | ---- | M] (Microsoft Corporation)
lgscroll.dll -> C:\Program Files\Logitech\SetPoint\lgscroll.dll -> [2009/07/20 12:29:06 | 00,045,584 | ---- | M] (Logitech, Inc.)
msvcr80.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll -> [2009/07/12 01:12:06 | 00,632,656 | ---- | M] (Microsoft Corporation)
rtsultramonhook.dll -> C:\Program Files\UltraMon\RTSUltraMonHook.dll -> [2009/01/11 19:09:30 | 00,208,384 | ---- | M] (Realtime Soft Ltd)
ultramonresbuttons.dll -> C:\Program Files\UltraMon\UltraMonResButtons.dll -> [2009/01/10 05:01:52 | 00,283,648 | ---- | M] (Realtime Soft Ltd)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll -> [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation)
msi.dll -> C:\WINDOWS\system32\msi.dll -> [2008/04/13 19:11:59 | 02,843,136 | ---- | M] (Microsoft Corporation)
framedyn.dll -> C:\WINDOWS\system32\wbem\framedyn.dll -> [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003\] > -> -> 
HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003\: Main\\"Start Page" -> http://www.google.com/ -> 
HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003\: "ProxyOverride" -> *.local -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1008\] > -> -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\JG\Application Data\Mozilla\FireFox\Profiles\ver4fd3m.default\prefs.js -> 
browser.startup.homepage -> "http://www.google.com/" ->
extensions.enabledItems -> {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.95 ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 ->
extensions.enabledItems -> {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.85 ->
extensions.enabledItems -> piclens@cooliris.com:1.11.5 ->
extensions.enabledItems -> {E0B8C461-F8FB-49b4-8373-FE32E9252800}:3.0.0.57015 ->
extensions.enabledItems -> {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.6 ->
extensions.enabledItems -> firebug@software.joehewitt.com:1.4.3 ->
extensions.enabledItems -> {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.1 ->
extensions.enabledItems -> moveplayer@movenetworks.com:1.0.0.071302000002 ->
extensions.enabledItems -> {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 ->
extensions.enabledItems -> {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7 ->
extensions.enabledItems -> ubiquity@labs.mozilla.com:0.1.9 ->
extensions.enabledItems -> foxmarks@kei.com:3.3.3 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\DotNetAssistantExtension [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> File not found
HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115} -> C:\Program Files\Siber Systems\AI RoboForm\Firefox [C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX] -> [2009/02/19 23:57:50 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com -> C:\Program Files\Java\jre6\lib\deploy\jqs\ff [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/02/20 01:00:33 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/10/29 09:06:40 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/10/29 09:06:39 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions ->  -> 
HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components -> C:\Program Files\Mozilla Thunderbird\components [C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS] -> [2009/08/29 12:09:13 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins -> C:\Program Files\Mozilla Thunderbird\plugins [C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS] -> [2009/06/07 11:39:49 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 3.0b4\extensions ->  -> 
HKLM\software\mozilla\Mozilla Thunderbird 3.0b4\extensions\\Components -> C:\Program Files\Mozilla Thunderbird 3.0 Beta 4\components [C:\PROGRAM FILES\MOZILLA THUNDERBIRD 3.0 BETA 4\COMPONENTS] -> [2009/09/22 23:06:07 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 3.0b4\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA THUNDERBIRD 3.0 BETA 4\PLUGINS -> 
HKLM\software\mozilla\Thunderbird\Extensions ->  -> 
HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com -> C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD] -> [2009/05/09 11:00:32 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\JG\Application Data\Mozilla\Extensions -> [2009/09/22 23:07:55 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\JG\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} -> [2009/09/22 23:07:55 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\JG\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/02/19 22:24:43 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\JG\Application Data\Mozilla\Firefox\Profiles\ver4fd3m.default\extensions -> [2009/10/30 22:57:27 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\JG\Application Data\Mozilla\Firefox\Profiles\ver4fd3m.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30} -> [2009/05/08 06:18:10 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\JG\Application Data\Mozilla\Firefox\Profiles\ver4fd3m.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}(2) -> [2009/05/08 06:18:10 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\JG\Application Data\Mozilla\Firefox\Profiles\ver4fd3m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/06/25 17:40:37 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\JG\Application Data\Mozilla\Firefox\Profiles\ver4fd3m.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} -> [2009/10/30 12:47:24 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\JG\Application Data\Mozilla\Firefox\Profiles\ver4fd3m.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}(2) -> [2009/05/08 06:18:10 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\JG\Application Data\Mozilla\Firefox\Profiles\ver4fd3m.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} -> [2009/06/25 17:40:37 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\JG\Application Data\Mozilla\Firefox\Profiles\ver4fd3m.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} -> [2009/10/01 10:56:30 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\JG\Application Data\Mozilla\Firefox\Profiles\ver4fd3m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2009/09/12 11:55:46 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\JG\Application Data\Mozilla\Firefox\Profiles\ver4fd3m.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} -> [2009/09/25 10:56:39 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\JG\Application Data\Mozilla\Firefox\Profiles\ver4fd3m.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} -> [2009/09/27 13:52:09 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\JG\Application Data\Mozilla\Firefox\Profiles\ver4fd3m.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0} -> [2009/02/20 02:35:38 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\JG\Application Data\Mozilla\Firefox\Profiles\ver4fd3m.default\extensions\firebug@software.joehewitt.com -> [2009/10/01 10:56:24 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\JG\Application Data\Mozilla\Firefox\Profiles\ver4fd3m.default\extensions\foxmarks@kei(2).com -> [2009/05/08 06:17:23 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\JG\Application Data\Mozilla\Firefox\Profiles\ver4fd3m.default\extensions\foxmarks@kei.com -> [2009/09/12 11:55:39 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\JG\Application Data\Mozilla\Firefox\Profiles\ver4fd3m.default\extensions\moveplayer@movenetworks.com -> [2009/06/10 19:03:09 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\JG\Application Data\Mozilla\Firefox\Profiles\ver4fd3m.default\extensions\piclens@cooliris(2).com -> [2009/05/08 06:18:53 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\JG\Application Data\Mozilla\Firefox\Profiles\ver4fd3m.default\extensions\piclens@cooliris.com -> [2009/10/15 11:40:14 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\JG\Application Data\Mozilla\Firefox\Profiles\ver4fd3m.default\extensions\piclens@cooliris.com-trash -> [2009/10/15 11:40:14 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\JG\Application Data\Mozilla\Firefox\Profiles\ver4fd3m.default\extensions\ubiquity@labs.mozilla.com -> [2009/07/12 09:20:52 | 00,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2009/10/30 12:47:33 | 00,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/10/29 09:06:39 | 00,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} -> [2009/02/24 20:26:50 | 00,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} -> [2009/02/20 01:00:38 | 00,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} -> [2009/09/30 01:39:34 | 00,000,000 | ---D | M]
< FireFox Components [Program Folders] > -> 
 browserdirprovider.dll -> C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll -> [2009/10/29 09:06:34 | 00,023,544 | ---- | M] (Mozilla Foundation)
 brwsrcmp.dll -> C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll -> [2009/10/29 09:06:34 | 00,137,208 | ---- | M] (Mozilla Foundation)
< HOSTS File > (106 bytes and 3 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1 swupmf.adobe.com activate.adobe.com 
127.0.0.1	www.newsleecher.com
127.0.0.1	newsleecher.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/02/27 12:07:26 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{724d43a9-0d85-11d4-9908-00400523e39a} [HKLM] -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [Reg Error: Value error.] -> [2009/07/06 20:18:04 | 05,956,424 | ---- | M] (Siber Systems Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2008/06/11 23:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/07/31 15:23:13 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/07/31 15:22:51 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
{F4971EE7-DAA0-4053-9964-665D8EE6A077} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [SmartSelect Class] -> [2008/06/11 23:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2008/06/11 23:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
"{724d43a0-0d85-11d4-9908-00400523e39a}" [HKLM] -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> [2009/07/06 20:18:04 | 05,956,424 | ---- | M] (Siber Systems Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2008/06/11 23:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
WebBrowser\\"{724D43A0-0D85-11D4-9908-00400523E39A}" [HKLM] -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> [2009/07/06 20:18:04 | 05,956,424 | ---- | M] (Siber Systems Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"egui" -> C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe ["C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice] -> [2009/02/06 14:23:12 | 02,021,400 | ---- | M] (ESET)
"MSConfig" -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto] -> [2008/04/13 19:12:27 | 00,169,984 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"ATICCC" -> C:\Program Files\ATI Technologies\ATI.ACE\cli.exe ["C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime] -> [2004/08/25 17:25:56 | 00,028,672 | ---- | M] (ATI Technologies Inc.)
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"ATICCC" -> C:\Program Files\ATI Technologies\ATI.ACE\cli.exe ["C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime] -> [2004/08/25 17:25:56 | 00,028,672 | ---- | M] (ATI Technologies Inc.)
< Run [HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"HumanizedEnso" -> C:\Documents and Settings\JG\Local Settings\Application Data\HumanizedEnso\Enso.exe [C:\Documents and Settings\JG\Local Settings\Application Data\HumanizedEnso\Enso.exe --disable-monologue-boxes] -> [2008/01/14 15:42:04 | 00,117,232 | ---- | M] ()
"RoboForm" -> C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe ["C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"] -> [2009/07/06 20:18:04 | 00,160,592 | ---- | M] (Siber Systems)
"Taskbar Shuffle" -> C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe [C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe] -> [2008/04/17 02:28:48 | 00,818,176 | ---- | M] (Jay Elaraj)
< RunOnce [HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1008\] > -> HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"NeroHomeFirstStart" -> C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe ["C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"] -> [2008/02/28 18:07:48 | 00,019,752 | ---- | M] (Nero AG)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk -> C:\WINDOWS\Installer\{1C94C999-15D2-4C75-9A73-BCC8A677D42E}\IcoUltraMon.ico -> [2009/02/20 04:04:36 | 00,029,310 | R--- | M] ()
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< JG Startup Folder > -> C:\Documents and Settings\JG\Start Menu\Programs\Startup -> 
C:\Documents and Settings\JG\Start Menu\Programs\Startup\Dropbox.lnk -> C:\Documents and Settings\JG\Application Data\Dropbox\bin\Dropbox.exe -> [2009/08/27 22:27:42 | 26,784,939 | ---- | M] ()
C:\Documents and Settings\JG\Start Menu\Programs\Startup\EggCrack.exe.lnk -> E:\Data\Documents\Coding\AutoIt\EggCrack.exe -> [2009/10/05 11:03:01 | 00,299,353 | ---- | M] ()
< postgres Startup Folder > -> C:\Documents and Settings\postgres\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003] > -> HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"DisableRegistryTools" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003] > -> HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [255] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003] > -> HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1008] > -> HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to &Evernote -> C:\Program Files\Evernote\Evernote3.5\enbar.dll [res://C:\Program Files\Evernote\Evernote3.5\enbar.dll/2000] -> [2009/09/16 11:04:04 | 00,184,320 | ---- | M] (Evernote Corporation)
Append Link Target to Existing PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2008/06/11 23:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
Append to Existing PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html] -> [2008/06/11 23:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
Convert Link Target to Adobe PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2008/06/11 23:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html] -> [2008/06/11 23:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
Customize Menu -> C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html [file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html] -> [2009/07/06 20:18:22 | 00,000,212 | ---- | M] ()
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2009/05/04 08:40:04 | 18,333,536 | ---- | M] (Microsoft Corporation)
Fill Forms -> C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html [file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html] -> [2009/07/06 20:18:22 | 00,000,206 | ---- | M] ()
RoboForm Toolbar -> C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html] -> [2009/07/06 20:18:22 | 00,000,208 | ---- | M] ()
Save Forms -> C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html [file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html] -> [2009/07/06 20:18:22 | 00,000,205 | ---- | M] ()
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{320AF880-6646-11D3-ABEE-C5DBF3571F46}:file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html [HKLM] -> C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html [Button: Fill Forms] -> [2009/07/06 20:18:22 | 00,000,206 | ---- | M] ()
{320AF880-6646-11D3-ABEE-C5DBF3571F46}:file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html [HKLM] -> C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html [Menu: Fill Forms] -> [2009/07/06 20:18:22 | 00,000,206 | ---- | M] ()
{320AF880-6646-11D3-ABEE-C5DBF3571F49}:file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html [HKLM] -> C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html [Button: Save] -> [2009/07/06 20:18:22 | 00,000,205 | ---- | M] ()
{320AF880-6646-11D3-ABEE-C5DBF3571F49}:file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html [HKLM] -> C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html [Menu: Save Forms] -> [2009/07/06 20:18:22 | 00,000,205 | ---- | M] ()
{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}:Exec [HKLM] -> C:\Program Files\PokerStars\PokerStarsUpdate.exe [Button: PokerStars] -> [2009/03/07 15:39:10 | 00,603,416 | ---- | M] (PokerStars)
{724d43aa-0d85-11d4-9908-00400523e39a}:file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [HKLM] -> C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [Button: RoboForm] -> [2009/07/06 20:18:22 | 00,000,208 | ---- | M] ()
{724d43aa-0d85-11d4-9908-00400523e39a}:file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [HKLM] -> C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [Menu: RoboForm Toolbar] -> [2009/07/06 20:18:22 | 00,000,208 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 04:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
{E0B8C461-F8FB-49b4-8373-FE32E92528A6}:{BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} [HKLM] -> C:\Program Files\Evernote\Evernote3.5\enbar.dll [Button: Add to Evernote] -> [2009/09/16 11:04:04 | 00,184,320 | ---- | M] (Evernote Corporation)
{E0B8C461-F8FB-49b4-8373-FE32E92528A6}:{BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} [HKLM] -> C:\Program Files\Evernote\Evernote3.5\enbar.dll [Menu: Add to Evernote] -> [2009/09/16 11:04:04 | 00,184,320 | ---- | M] (Evernote Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB858B22-55E2-413f-87F5-30ADC5552151}:Exec [HKLM] -> C:\Program Files\PDFill\DownloadPDF.exe [Button: PDFill PDF Editor] -> [2008/04/11 08:30:14 | 00,171,064 | ---- | M] (PlotSoft LLC)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003\Software\Microsoft\Internet Explorer\Extensions\ -> 
{3EB3B7E8-1466-405A-B5BC-44513AF85E34}\\"ButtonText" [HKLM] ->  [Reg Error: Key error.] -> File not found
{3EB3B7E8-1466-405A-B5BC-44513AF85E34}\\"CLSID" [HKLM] ->  [{0000031A-0000-0000-C000-000000000046}] -> File not found
{3EB3B7E8-1466-405A-B5BC-44513AF85E34}\\"Default Visible" [HKLM] ->  [Reg Error: Key error.] -> File not found
{3EB3B7E8-1466-405A-B5BC-44513AF85E34}\\"Exec" [HKLM] ->  [Reg Error: Key error.] -> File not found
{3EB3B7E8-1466-405A-B5BC-44513AF85E34}\\"HotIcon" [HKLM] ->  [Reg Error: Key error.] -> File not found
{3EB3B7E8-1466-405A-B5BC-44513AF85E34}\\"Icon" [HKLM] ->  [Reg Error: Key error.] -> File not found
{3EB3B7E8-1466-405A-B5BC-44513AF85E34}\\"MenuStatusBar" [HKLM] ->  [Reg Error: Key error.] -> File not found
{3EB3B7E8-1466-405A-B5BC-44513AF85E34}\\"MenuText" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{320AF880-6646-11D3-ABEE-C5DBF3571F46}" [HKLM] ->  [Fill Forms] -> File not found
CmdMapping\\"{320AF880-6646-11D3-ABEE-C5DBF3571F49}" [HKLM] ->  [Save] -> File not found
CmdMapping\\"{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}" [HKLM] -> C:\Program Files\PokerStars\PokerStarsUpdate.exe [PokerStars] -> [2009/03/07 15:39:10 | 00,603,416 | ---- | M] (PokerStars)
CmdMapping\\"{3EB3B7E8-1466-405A-B5BC-44513AF85E34}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{724d43aa-0d85-11d4-9908-00400523e39a}" [HKLM] ->  [RoboForm] -> File not found
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2009/03/06 04:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1008\] > -> HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1008\] > -> HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1715567821-1644491937-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{4871A87A-BFDD-4106-8153-FFDE2BAC2967} [HKLM] -> http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab [DLM Control] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235097986171 [WUWebControl Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235687307593 [MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 74.84.119.150 97.64.180.153 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{1CD30B06-DBDE-4D44-9AC2-8B9621640756}\\DhcpNameServer -> 74.84.119.150 97.64.180.153   () -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> C:\WINDOWS\System32\ati2evxx.dll -> [2004/08/25 00:27:00 | 00,086,016 | ---- | M] ()
LBTWlgn -> c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll -> [2009/07/20 12:28:42 | 00,072,208 | ---- | M] (Logitech, Inc.)
< IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ -> 
taskmgr.exe -> C:\PROGRAM FILES\PROCESSEXPLORER\PROCEXP.EXE [Debugger: "C:\PROGRAM FILES\PROCESSEXPLORER\PROCEXP.EXE"] -> [2009/02/03 10:32:28 | 03,550,592 | ---- | M] (Sysinternals - www.sysinternals.com)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\Boxee\BOXEE.exe" -> C:\Program Files\Boxee\BOXEE.exe [C:\Program Files\Boxee\BOXEE.exe:*:Enabled:Boxee ] -> [2009/08/06 11:07:12 | 13,340,672 | ---- | M] (boxee.tv)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -> C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4] -> [2008/08/14 08:58:34 | 00,611,712 | ---- | M] (Adobe Systems Incorporated)
"C:\Program Files\cwRsync\bin\rsync.exe" -> C:\Program Files\cwRsync\bin\rsync.exe [C:\Program Files\cwRsync\bin\rsync.exe:*:Enabled:rsync] -> [2009/05/13 04:45:22 | 00,350,208 | ---- | M] ()
"C:\Program Files\Hamachi\hamachi.exe" -> C:\Program Files\Hamachi\hamachi.exe [C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client] -> [2009/02/20 01:31:45 | 00,625,952 | ---- | M] (LogMeIn Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> [2006/02/15 13:37:26 | 00,147,511 | R--- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2006/04/21 02:42:18 | 00,063,064 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2006/04/21 03:13:30 | 00,231,000 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2006/04/21 00:28:12 | 00,040,960 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2006/04/21 02:43:46 | 00,087,640 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> [2006/04/21 03:06:26 | 00,181,848 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2006/02/17 01:49:52 | 01,085,440 | R--- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe] -> [2006/02/19 08:29:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] -> [2006/02/17 03:19:34 | 00,192,512 | ---- | M] ()
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2006/02/19 08:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2006/02/19 07:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2006/04/21 03:13:00 | 00,456,280 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe] -> [2006/02/09 19:41:28 | 00,573,440 | ---- | M] ( )
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] -> [2006/02/09 19:43:36 | 00,110,592 | R--- | M] (Hewlett-Packard)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/03/12 20:56:54 | 13,498,664 | ---- | M] (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2008/11/24 22:16:44 | 01,020,776 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox] -> [2009/10/29 09:06:35 | 00,908,280 | ---- | M] (Mozilla Corporation)
"C:\Program Files\Pidgin\pidgin.exe" -> C:\Program Files\Pidgin\pidgin.exe [C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin] -> [2009/09/05 18:43:26 | 00,045,091 | ---- | M] (The Pidgin developer community)
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2009/01/29 15:01:36 | 23,975,720 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Trillian\trillian.exe" -> C:\Program Files\Trillian\trillian.exe [C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian] -> [2008/10/05 15:16:12 | 01,435,008 | ---- | M] (Cerulean Studios)
"C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2009/09/17 11:06:59 | 00,288,048 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBAdminUtils\BridgeService.exe" -> C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBAdminUtils\BridgeService.exe [C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBAdminUtils\BridgeService.exe:*:Enabled:VIP DB Bridge Service] -> [2008/02/13 15:13:40 | 03,668,992 | ---- | M] (VIP Quality Software, Ltd)
"C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBServer\bin\fbserver.exe" -> C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBServer\bin\fbserver.exe [C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBServer\bin\fbserver.exe:*:Enabled:Firebird SQL Server] -> [2006/01/29 02:05:20 | 01,531,972 | ---- | M] (The Firebird Project)
"C:\WINDOWS\system32\rserver30\rserver3.exe" -> C:\WINDOWS\System32\rserver30\rserver3.exe [C:\WINDOWS\system32\rserver30\rserver3.exe:*:Enabled:Radmin Server 3] -> [2008/11/08 16:11:10 | 01,238,344 | ---- | M] (Famatech International Corp.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2009/02/19 22:52:58 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> File not found
exefile [open] -> "%1" %* -> File not found
 
 
[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\JG\Desktop\OTS.exe -> [2009/10/31 11:45:23 | 00,523,264 | ---- | C] (OldTimer Tools)
rsit -> C:\rsit -> [2009/10/30 16:05:20 | 00,000,000 | ---D | C]
 C:\Program Files\Java Decompiler -> C:\Program Files\Java Decompiler -> [2009/10/27 10:32:04 | 00,000,000 | ---D | C]
 C:\Program Files\AVI-Mux_GUI-1.17.8 -> C:\Program Files\AVI-Mux_GUI-1.17.8 -> [2009/10/27 10:29:05 | 00,000,000 | ---D | C]
 C:\Program Files\ExactFile -> C:\Program Files\ExactFile -> [2009/10/26 17:53:28 | 00,000,000 | ---D | C]
 C:\Documents and Settings\JG\Application Data\Doit.im.2A4FBC65A8766CA36EFEAC67D621E1CEDF0FC84D.1 -> C:\Documents and Settings\JG\Application Data\Doit.im.2A4FBC65A8766CA36EFEAC67D621E1CEDF0FC84D.1 -> [2009/10/24 14:45:49 | 00,000,000 | ---D | C]
 C:\Program Files\Doit.im -> C:\Program Files\Doit.im -> [2009/10/24 14:45:47 | 00,000,000 | ---D | C]
 C:\Program Files\ProcessExplorer -> C:\Program Files\ProcessExplorer -> [2009/10/24 14:10:32 | 00,000,000 | ---D | C]
 C:\Program Files\Spybot - Search & Destroy -> C:\Program Files\Spybot - Search & Destroy -> [2009/10/24 12:58:50 | 00,000,000 | ---D | C]
 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [2009/10/24 12:58:50 | 00,000,000 | ---D | C]
 C:\Documents and Settings\JG\Application Data\Malwarebytes -> C:\Documents and Settings\JG\Application Data\Malwarebytes -> [2009/10/24 12:33:15 | 00,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/10/24 12:33:10 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/10/24 12:33:08 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
 C:\Documents and Settings\All Users\Application Data\Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/10/24 12:33:08 | 00,000,000 | ---D | C]
 C:\Program Files\Malwarebytes -> C:\Program Files\Malwarebytes -> [2009/10/24 12:33:07 | 00,000,000 | ---D | C]
 C:\Documents and Settings\All Users\Application Data\SnapStream -> C:\Documents and Settings\All Users\Application Data\SnapStream -> [2009/10/22 18:10:21 | 00,000,000 | ---D | C]
 C:\Program Files\Common Files\Snapstream -> C:\Program Files\Common Files\Snapstream -> [2009/10/22 18:10:08 | 00,000,000 | ---D | C]
 C:\Program Files\SnapStream Media -> C:\Program Files\SnapStream Media -> [2009/10/22 18:09:41 | 00,000,000 | ---D | C]
 C:\Program Files\BMP Image Viewer -> C:\Program Files\BMP Image Viewer -> [2009/10/21 15:10:19 | 00,000,000 | ---D | C]
 C:\Program Files\StarUML -> C:\Program Files\StarUML -> [2009/10/20 00:17:36 | 00,000,000 | ---D | C]
System -> C:\Documents and Settings\JG\System -> [2009/10/19 23:49:30 | 00,000,000 | ---D | C]
 C:\Documents and Settings\JG\Application Data\SmartDraw -> C:\Documents and Settings\JG\Application Data\SmartDraw -> [2009/10/19 23:49:30 | 00,000,000 | ---D | C]
 C:\Program Files\SmartDraw 2010 -> C:\Program Files\SmartDraw 2010 -> [2009/10/19 23:47:37 | 00,000,000 | ---D | C]
Any Video Converter -> E:\Data\Documents\Any Video Converter -> [2009/10/19 22:55:57 | 00,000,000 | ---D | C]
 C:\Documents and Settings\JG\Application Data\Any Video Converter -> C:\Documents and Settings\JG\Application Data\Any Video Converter -> [2009/10/19 22:55:47 | 00,000,000 | ---D | C]
 C:\Program Files\Any Video Converter -> C:\Program Files\Any Video Converter -> [2009/10/19 22:55:34 | 00,000,000 | ---D | C]
 C:\Program Files\Hoversnap -> C:\Program Files\Hoversnap -> [2009/10/15 22:05:02 | 00,000,000 | ---D | C]
 C:\Program Files\DoylesRoom Casino -> C:\Program Files\DoylesRoom Casino -> [2009/10/15 21:46:11 | 00,000,000 | ---D | C]
 C:\Documents and Settings\JG\Application Data\Logitech -> C:\Documents and Settings\JG\Application Data\Logitech -> [2009/10/14 20:17:21 | 00,000,000 | ---D | C]
 C:\Documents and Settings\JG\Application Data\Leadertech -> C:\Documents and Settings\JG\Application Data\Leadertech -> [2009/10/14 20:16:59 | 00,000,000 | ---D | C]
 C:\Documents and Settings\All Users\Application Data\LogiShrd -> C:\Documents and Settings\All Users\Application Data\LogiShrd -> [2009/10/14 20:16:39 | 00,000,000 | ---D | C]
LBeepKE.sys -> C:\WINDOWS\System32\drivers\LBeepKE.sys -> [2009/10/14 20:16:30 | 00,010,384 | ---- | C] (Logitech, Inc.)
BtCoreIf.dll -> C:\WINDOWS\System32\BtCoreIf.dll -> [2009/10/14 20:13:36 | 00,301,656 | ---- | C] (Broadcom Corporation.)
kemutb.dll -> C:\WINDOWS\System32\kemutb.dll -> [2009/10/14 20:13:32 | 00,170,512 | ---- | C] (Logitech, Inc.)
KemUtil.dll -> C:\WINDOWS\System32\KemUtil.dll -> [2009/10/14 20:13:32 | 00,145,936 | ---- | C] (Logitech, Inc.)
KemWnd.dll -> C:\WINDOWS\System32\KemWnd.dll -> [2009/10/14 20:13:32 | 00,117,264 | ---- | C] (Logitech, Inc.)
KemXML.dll -> C:\WINDOWS\System32\KemXML.dll -> [2009/10/14 20:13:32 | 00,084,496 | ---- | C] (Logitech, Inc.)
 C:\Documents and Settings\All Users\Application Data\Logitech -> C:\Documents and Settings\All Users\Application Data\Logitech -> [2009/10/14 20:13:17 | 00,000,000 | ---D | C]
 C:\Program Files\Common Files\Logishrd -> C:\Program Files\Common Files\Logishrd -> [2009/10/14 20:13:03 | 00,000,000 | ---D | C]
 C:\Program Files\Logitech -> C:\Program Files\Logitech -> [2009/10/14 20:12:58 | 00,000,000 | ---D | C]
SQLTools9_KB970892_ENU -> C:\WINDOWS\SQLTools9_KB970892_ENU -> [2009/10/13 20:30:11 | 00,000,000 | ---D | C]
SQL9_KB970892_ENU -> C:\WINDOWS\SQL9_KB970892_ENU -> [2009/10/13 20:28:25 | 00,000,000 | ---D | C]
python-projects -> C:\python-projects -> [2009/10/12 15:05:26 | 00,000,000 | ---D | C]
 C:\Program Files\Ghostview -> C:\Program Files\Ghostview -> [2009/10/12 13:08:09 | 00,000,000 | ---D | C]
Python25 -> C:\Python25 -> [2009/10/05 17:48:18 | 00,000,000 | ---D | C]
django-projects -> C:\django-projects -> [2009/10/05 17:20:08 | 00,000,000 | ---D | C]
 C:\Program Files\7-Zip -> C:\Program Files\7-Zip -> [2009/10/05 13:28:28 | 00,000,000 | ---D | C]
 C:\Documents and Settings\JG\Application Data\Mp3tag -> C:\Documents and Settings\JG\Application Data\Mp3tag -> [2009/10/04 15:29:43 | 00,000,000 | ---D | C]
 C:\Program Files\Mp3tag -> C:\Program Files\Mp3tag -> [2009/10/04 15:28:32 | 00,000,000 | ---D | C]
 C:\Documents and Settings\JG\Application Data\XBMC -> C:\Documents and Settings\JG\Application Data\XBMC -> [2009/10/03 22:10:08 | 00,000,000 | ---D | C]
 C:\Program Files\XBMC -> C:\Program Files\XBMC -> [2009/10/03 22:08:48 | 00,000,000 | ---D | C]
vbsgf.dll -> C:\WINDOWS\System32\vbsgf.dll -> [2009/10/02 12:05:57 | 04,198,912 | ---- | C] (GetFLV)
 C:\Program Files\GetFLV -> C:\Program Files\GetFLV -> [2009/10/02 12:05:55 | 00,000,000 | ---D | C]
 C:\Documents and Settings\JG\Application Data\Wireshark -> C:\Documents and Settings\JG\Application Data\Wireshark -> [2009/10/02 11:55:27 | 00,000,000 | ---D | C]
 C:\Program Files\Wireshark -> C:\Program Files\Wireshark -> [2009/10/02 11:27:04 | 00,000,000 | ---D | C]
 C:\Documents and Settings\JG\Application Data\DonationCoder -> C:\Documents and Settings\JG\Application Data\DonationCoder -> [2009/10/02 02:19:23 | 00,000,000 | ---D | C]
 C:\Program Files\WinPcap -> C:\Program Files\WinPcap -> [2009/10/02 02:18:41 | 00,000,000 | ---D | C]
 C:\Documents and Settings\All Users\Application Data\DonationCoder -> C:\Documents and Settings\All Users\Application Data\DonationCoder -> [2009/10/02 02:18:22 | 00,000,000 | ---D | C]
 C:\Program Files\URLSnooper2 -> C:\Program Files\URLSnooper2 -> [2009/10/02 02:18:21 | 00,000,000 | ---D | C]
 C:\Documents and Settings\JG\Local Settings\Application Data\mdnslib -> C:\Documents and Settings\JG\Local Settings\Application Data\mdnslib -> [2009/10/02 01:38:24 | 00,000,000 | ---D | C]
Ask and Record Toolbar -> E:\Data\Documents\Ask and Record Toolbar -> [2009/10/02 01:38:08 | 00,000,000 | ---D | C]
 C:\Documents and Settings\JG\Local Settings\Application Data\FLVService -> C:\Documents and Settings\JG\Local Settings\Application Data\FLVService -> [2009/10/02 01:38:08 | 00,000,000 | ---D | C]
ATIDEMGR.dll -> C:\WINDOWS\System32\ATIDEMGR.dll -> [2009/02/19 21:31:07 | 00,151,552 | R--- | C] ( )
 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
OTS.exe -> C:\Documents and Settings\JG\Desktop\OTS.exe -> [2009/10/31 11:45:46 | 00,523,264 | ---- | M] (OldTimer Tools)
_viminfo -> C:\Documents and Settings\JG\_viminfo -> [2009/10/31 11:44:57 | 00,010,226 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\JG\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/10/31 11:42:55 | 00,192,512 | ---- | M] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2009/10/31 11:42:55 | 00,000,069 | ---- | M] ()
ntuser.dat -> C:\Documents and Settings\JG\ntuser.dat -> [2009/10/31 02:30:24 | 08,388,608 | ---- | M] ()
answers.xlsx -> E:\Data\Documents\answers.xlsx -> [2009/10/30 12:18:36 | 00,009,282 | ---- | M] ()
mourning dog.jpg -> C:\Documents and Settings\JG\Desktop\mourning dog.jpg -> [2009/10/29 19:11:59 | 00,039,789 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\JG\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/10/27 18:53:29 | 00,063,000 | ---- | M] ()
SciTE.session -> C:\Documents and Settings\JG\SciTE.session -> [2009/10/26 21:00:46 | 00,000,932 | ---- | M] ()
win.ini -> C:\WINDOWS\win.ini -> [2009/10/26 18:30:57 | 00,000,604 | ---- | M] ()
system.ini -> C:\WINDOWS\system.ini -> [2009/10/26 18:30:57 | 00,000,227 | ---- | M] ()
boot.ini -> C:\boot.ini -> [2009/10/26 18:30:57 | 00,000,211 | -HS- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/10/26 18:27:28 | 00,013,646 | ---- | M] ()
UltraMon.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk -> [2009/10/26 18:27:17 | 00,002,299 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/10/26 18:26:47 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/10/26 18:26:46 | 00,002,048 | --S- | M] ()
ntuser.ini -> C:\Documents and Settings\JG\ntuser.ini -> [2009/10/26 18:25:43 | 00,000,178 | -HS- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/10/22 18:16:09 | 02,270,104 | ---- | M] ()
expenses.xlsx -> C:\Documents and Settings\JG\Desktop\expenses.xlsx -> [2009/10/20 16:20:32 | 00,011,229 | ---- | M] ()
BlackjackImgs.rar -> C:\BlackjackImgs.rar -> [2009/10/14 18:01:35 | 02,487,453 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/10/13 20:34:48 | 00,001,393 | ---- | M] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/10/13 20:33:15 | 00,567,588 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/10/13 20:33:15 | 00,488,162 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/10/13 20:33:15 | 00,088,906 | ---- | M] ()
PUTTY.RND -> C:\Documents and Settings\JG\Local Settings\Application Data\PUTTY.RND -> [2009/10/12 16:07:49 | 00,000,600 | ---- | M] ()
gsview32.ini -> C:\Documents and Settings\JG\gsview32.ini -> [2009/10/12 13:08:18 | 00,000,043 | ---- | M] ()
rmc_fixasf.exe -> C:\WINDOWS\System32\rmc_fixasf.exe -> [2009/10/11 22:54:07 | 00,156,672 | ---- | M] (Radioactive)
rmc_rtspdl.dll -> C:\WINDOWS\System32\rmc_rtspdl.dll -> [2009/10/11 22:54:05 | 00,237,568 | ---- | M] ()
.recently-used.xbel -> C:\Documents and Settings\JG\.recently-used.xbel -> [2009/10/07 13:04:45 | 00,000,218 | ---- | M] ()
MRT.exe -> C:\WINDOWS\System32\MRT.exe -> [2009/10/02 13:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation)
gfkernel.dll -> C:\WINDOWS\System32\gfkernel.dll -> [2009/10/02 12:06:22 | 00,640,512 | ---- | M] ()
gfbaksm.dat -> C:\WINDOWS\System32\gfbaksm.dat -> [2009/10/02 12:06:22 | 00,640,512 | ---- | M] ()
AUDIOGENIE2.DLL -> C:\WINDOWS\System32\AUDIOGENIE2.DLL -> [2009/10/02 12:00:25 | 00,323,584 | ---- | M] (Stefan Toengi)
DonationCoder_urlsnooper_InstallInfo.dat -> C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat -> [2009/10/02 02:19:23 | 00,000,046 | ---- | M] ()
 5 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 
[Files - No Company Name]
answers.xlsx -> E:\Data\Documents\answers.xlsx -> [2009/10/30 12:18:36 | 00,009,282 | ---- | C] ()
mourning dog.jpg -> C:\Documents and Settings\JG\Desktop\mourning dog.jpg -> [2009/10/29 19:11:57 | 00,039,789 | ---- | C] ()
BlackjackImgs.rar -> C:\BlackjackImgs.rar -> [2009/10/14 18:01:26 | 02,487,453 | ---- | C] ()
gsview32.ini -> C:\Documents and Settings\JG\gsview32.ini -> [2009/10/12 13:08:18 | 00,000,043 | ---- | C] ()
.recently-used.xbel -> C:\Documents and Settings\JG\.recently-used.xbel -> [2009/10/07 13:04:45 | 00,000,218 | ---- | C] ()
gfkernel.dll -> C:\WINDOWS\System32\gfkernel.dll -> [2009/10/02 12:06:00 | 00,640,512 | ---- | C] ()
gfbaksm.dat -> C:\WINDOWS\System32\gfbaksm.dat -> [2009/10/02 12:06:00 | 00,640,512 | ---- | C] ()
DonationCoder_urlsnooper_InstallInfo.dat -> C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat -> [2009/10/02 02:19:23 | 00,000,046 | ---- | C] ()
BANTExt.sys -> C:\WINDOWS\System32\drivers\BANTExt.sys -> [2009/09/27 13:58:23 | 00,003,840 | ---- | C] ()
OGACheckControl.dll -> C:\WINDOWS\System32\OGACheckControl.dll -> [2009/08/03 15:07:42 | 00,403,816 | ---- | C] ()
HMHud.INI -> C:\WINDOWS\HMHud.INI -> [2009/04/15 07:51:37 | 00,000,000 | ---- | C] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2009/03/01 02:03:22 | 00,000,069 | ---- | C] ()
rmc_rtspdl.dll -> C:\WINDOWS\System32\rmc_rtspdl.dll -> [2009/02/20 15:11:11 | 00,237,568 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2009/02/20 03:43:11 | 00,000,172 | ---- | C] ()
Sandboxie.ini -> C:\WINDOWS\Sandboxie.ini -> [2009/02/20 01:21:57 | 00,001,818 | ---- | C] ()
HPZIDS01.dll -> C:\WINDOWS\System32\HPZIDS01.dll -> [2009/02/20 00:19:39 | 00,077,824 | R--- | C] ()
AddPort.ini -> C:\WINDOWS\System32\AddPort.ini -> [2009/02/20 00:19:29 | 00,000,161 | ---- | C] ()
hpntwksetup.ini -> C:\WINDOWS\hpntwksetup.ini -> [2009/02/20 00:19:03 | 00,000,737 | ---- | C] ()
GVCplDrv.sys -> C:\WINDOWS\System32\drivers\GVCplDrv.sys -> [2009/02/19 21:28:16 | 00,023,040 | R--- | C] ()
RtlRack.ini -> C:\WINDOWS\RtlRack.ini -> [2009/02/19 21:26:51 | 00,000,169 | ---- | C] ()
avrack.ini -> C:\WINDOWS\avrack.ini -> [2009/02/19 21:22:51 | 00,000,164 | ---- | C] ()
RTLCPAPI.dll -> C:\WINDOWS\System32\RTLCPAPI.dll -> [2009/02/19 21:22:48 | 00,156,672 | ---- | C] ()
pthreadVC.dll -> C:\WINDOWS\System32\pthreadVC.dll -> [2008/12/23 10:33:18 | 00,053,299 | ---- | C] ()
ASPRTMM6.DLL -> C:\WINDOWS\System32\ASPRTMM6.DLL -> [2008/06/27 04:39:40 | 00,001,434 | ---- | C] ()
win.ini -> C:\WINDOWS\win.ini -> [2006/02/28 07:00:00 | 00,000,604 | ---- | C] ()
system.ini -> C:\WINDOWS\system.ini -> [2006/02/28 07:00:00 | 00,000,227 | ---- | C] ()
ati2evxx.dll -> C:\WINDOWS\System32\ati2evxx.dll -> [2004/08/25 00:27:00 | 00,086,016 | ---- | C] ()
hptcpmon.ini -> C:\WINDOWS\System32\hptcpmon.ini -> [2001/07/07 06:00:00 | 00,003,399 | ---- | C] ()
< End of report >
Jonah11
Active Member
 
Posts: 7
Joined: October 24th, 2009, 2:56 pm

Re: "Ending Program - n"

Unread postby peku006 » November 1st, 2009, 4:21 am

Hi Jonah11

"n.exe" does not exist, all logs are ok.

do you have any other problems
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: "Ending Program - n"

Unread postby Jonah11 » November 1st, 2009, 10:57 am

No other problems....

But what do you think that was when I originally saw it? Are they any known safe processes that could have created that?
Jonah11
Active Member
 
Posts: 7
Joined: October 24th, 2009, 2:56 pm

Re: "Ending Program - n"

Unread postby peku006 » November 1st, 2009, 11:30 am

Hi Jonah11

Are you absolutely sure that it was n.exe

Download and Run Blacklight

  • Please download F-Secure Blacklight (fsbl.exe) from here
  • Save into C:\ with a name of fsbl.exe
  • Go to Start > Run
  • Copy and paste the contents of the below codebox into the run box
    Code: Select all
    C:\fsbl.exe /expert
  • Click OK
  • This will launch BlackLight
  • Select I accept the agreement
  • Click Next
  • Click Scan
  • Wait for the scan to finish
  • Click on Next>
  • Click Exit
  • It will be named fsbl-xxxxxxxxxxxxxx.log where xxxxxxxxxxxxxx is the date and time of the scan
  • Use notepad to open that log
  • Post the contents of that log as a reply to this topic

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: "Ending Program - n"

Unread postby Jonah11 » November 2nd, 2009, 12:17 am

Yes, I am positive it said "Ending Program - n"

Blacklight did not find any hidden items:

11/01/09 21:45:32 [Info]: BlackLight Engine 2.2.1092 initialized
11/01/09 21:45:32 [Info]: OS: 5.1 build 2600 (Service Pack 3)
11/01/09 21:45:32 [Note]: 7019 4
11/01/09 21:45:32 [Note]: 7005 0
11/01/09 21:45:41 [Note]: 7006 0
11/01/09 21:45:41 [Note]: 7022 0
11/01/09 21:45:41 [Note]: 7011 3412
11/01/09 21:45:41 [Note]: 7035 0
11/01/09 21:45:42 [Note]: 7026 0
11/01/09 21:45:42 [Note]: 7026 0
11/01/09 21:45:42 [Note]: FSRAW library version 1.7.1024
11/01/09 21:47:03 [Note]: 4013 54991
11/01/09 21:47:03 [Note]: 4020 54920 196608
11/01/09 21:47:03 [Note]: 4020 54920 196608
11/01/09 21:47:03 [Note]: 4018 54920 196608
11/01/09 22:02:25 [Note]: 4020 7492 65536
11/01/09 22:02:25 [Note]: 4018 7492 65536
11/01/09 22:02:29 [Note]: 4020 7492 65536
11/01/09 22:02:29 [Note]: 4018 7492 65536
11/01/09 22:02:33 [Note]: 4020 7523 65536
11/01/09 22:02:33 [Note]: 4022 7523
11/01/09 22:16:00 [Note]: 7007 0
Jonah11
Active Member
 
Posts: 7
Joined: October 24th, 2009, 2:56 pm

Re: "Ending Program - n"

Unread postby peku006 » November 2nd, 2009, 3:22 am

Hi Jonah11

do not see anything suspicious , let's run one online scan to be sure

1 - Clean temp files

Please download ATF Cleaner by Atribune.

  • Save it to your desktop
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.

    NOTE: If you would like to keep your saved passwords
    please click No at the prompt.


    If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.

    NOTE: If you would like to keep your saved passwords
    please click No at the prompt.

  • Click Exit on the Main menu to close the program.

For Technical Support double-click the e-mail address located at the bottom of each menu.

2 - Kaspersky Online Scan

  • Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply along with a fresh HijackThis log.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with

1. the Kaspersky online scanner report
2. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: "Ending Program - n"

Unread postby Jonah11 » November 2nd, 2009, 2:52 pm

Ok, kaspersky found some infections but nothing that seems that serious to me. Mostly false positives (the holdemmanager files are known false positives for that software) or old files that have never been run, as well as a few things I downloaded but never ran (just scanned and deleted into the recycle bin). HijackThis log is also below....

Thanks,
Jonah

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, November 2, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, November 02, 2009 13:16:38
Records in database: 3114711
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Z:\

Scan statistics:
Objects scanned: 155440
Threats found: 9
Infected objects found: 13
Suspicious objects found: 1
Scan duration: 02:45:15


File name / Threat / Threats count
C:\Documents and Settings\JG\Application Data\Thunderbird\Profiles\5zbzzjvd.default\Mail\pop.gmail.com\Inbox728 Infected: Virus.MSWord.Marker.o 1
C:\Documents and Settings\JG\Application Data\Thunderbird\Profiles\5zbzzjvd.default\Mail\pop.gmail.com\Inbox728 Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\JG\Application Data\Thunderbird\Profiles\5zbzzjvd.default\Mail\pop.gmail.com\Inbox728 Infected: Backdoor.Win32.RAdmin.ab 1
C:\Documents and Settings\JG\Local Settings\Application Data\Mozilla\Firefox\Profiles\ver4fd3m.default\Cache\6C865E21d01 Infected: HackTool.Win32.RemoteShell.g 1
C:\Documents and Settings\JG\Local Settings\Application Data\Mozilla\Firefox\Profiles\ver4fd3m.default\Cache\945FF617d01 Infected: not-a-virus:Monitor.Win32.Hooker.s 1
C:\Documents and Settings\JG\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v65ED1E19\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\DBControlPanel.exe Infected: Backdoor.Win32.Poison.awjs 1
C:\Documents and Settings\JG\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v65ED1E19\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMHud.exe Infected: Backdoor.Win32.Poison.avaa 1
C:\Documents and Settings\JG\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v65ED1E19\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMImport.exe Infected: Backdoor.Win32.Poison.avbr 1
C:\Documents and Settings\JG\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v65ED1E19\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HoldemManager.exe Infected: Backdoor.Win32.Poison.awjp 1
C:\Program Files\AutoIt3\SciTE\AutoItMacroGenerator\TheHook.dll Infected: not-a-virus:Monitor.Win32.Hooker.s 1
C:\RECYCLER\S-1-5-21-1715567821-1644491937-839522115-1003\Dc79.exe Infected: HackTool.Win32.RemoteShell.g 1
C:\RECYCLER\S-1-5-21-1715567821-1644491937-839522115-1003\Dc85.zip Infected: HackTool.Win32.RemoteShell.g 1
C:\RECYCLER\S-1-5-21-1715567821-1644491937-839522115-1003\Dc88\cut_mbox.exe Infected: HackTool.Win32.RemoteShell.g 1
C:\RECYCLER\S-1-5-21-1715567821-1644491937-839522115-1003\Dc89.exe Infected: not-a-virus:Monitor.Win32.Hooker.s 1

Scanning stopped by the user.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:35 PM, on 11/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBServer\bin\fbguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBAdminUtils\BridgeService.exe
C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBServer\bin\fbserver.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Documents and Settings\JG\Local Settings\Application Data\HumanizedEnso\Enso.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Documents and Settings\JG\Application Data\Dropbox\bin\Dropbox.exe
E:\Data\Documents\Coding\AutoIt\EggCrack.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird 3.0 Beta 4\thunderbird.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Vim\vim72\gvim.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [HumanizedEnso] C:\Documents and Settings\JG\Local Settings\Application Data\HumanizedEnso\Enso.exe --disable-monologue-boxes
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1715567821-1644491937-839522115-1008\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\JG\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: EggCrack.exe.lnk = E:\Data\Documents\Coding\AutoIt\EggCrack.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files\Evernote\Evernote3.5\enbar.dll/2000
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PDFill\DownloadPDF.exe
O9 - Extra button: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\Documents and Settings\All Users\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\Documents and Settings\All Users\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5097986171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5687307593
O18 - Protocol: nyf - {C4BA8816-8761-4164-8E33-56F3024A09E4} - C:\Program Files\myBase\ienyf.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBServer\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBServer\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: VIP DB Bridge Service (VIPBridgeService) - VIP Quality Software, Ltd - C:\Program Files\VIP Quality Software\VIP Task Manager Professional\DBAdminUtils\BridgeService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe

--
End of file - 12796 bytes
Jonah11
Active Member
 
Posts: 7
Joined: October 24th, 2009, 2:56 pm

Re: "Ending Program - n"

Unread postby peku006 » November 2nd, 2009, 3:38 pm

Hi Jonah

It seems that your computer is clean......

To remove all of the tools we used and the files and folders they created do the following:

  • Double-click OTS.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Here are some things that I think are worth having a look at if you don't already know a bout them:.

Malwarebytes' Anti-Malware
Download it from Malewarebytes © Malwarebytes Corporation.
Tutorials are available for installing and running, Malwarebytes' Anti-Malware.
Powerful, easy to use and free. For real-time protection you will have to purchase the product.

Ad-Aware
Download it from Ad-Aware © Lavasoft. All rights reserved.
An Ad-Aware manual (PDF format) can be found Here.
This manual is for the purchased version, so the licensing info would not apply. Check the "Using Free version" when asked for the license.
Some features may not apply to the free version.

Spybot Search and Destroy
Download it from © Safer Networking Ltd. Just choose a mirror and off you go.
A Spybot tutorial can be found Here.

SpywareBlaster
Download it from © Javacool Software LLC.
A SpywareBlaster knowledgebase can be found Here.

WinPatrol
Download it from Copyright © BillP Studios
Information about how WinPatrol works, is available Here.
(The free version of WinPatrol...does not provide any real-time protection)

Firetrust SiteHound
You can find information and download it from © Firetrust Ltd

Read, stay informed.
Please check out these articles:
Tony Klein's "How did I get infected in the first place?"
How to prevent Malware:© miekiemoes - Microsoft MVP - Consumer Security .
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 394 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware