When I performed the HijackThis task and when it was done, I had trouble with my explorer, I basically couldn't use some of the features for work program (even though I only used only the R0 and R1 files), so I rolled the system back to before that...
Results SuperAntiSyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 06/02/2008 at 08:28 PM
Application Version : 4.1.1046
Core Rules Database Version : 3190
Trace Rules Database Version: 1459
Scan type : Complete Scan
Total Scan Time : 00:44:26
Memory items scanned : 430
Memory threats detected : 0
Registry items scanned : 6428
Registry threats detected : 0
File items scanned : 79664
File threats detected : 3
Adware.Tracking Cookie
C:\Documents and Settings\Silke\Cookies\
[email protected][2].txt
C:\Documents and Settings\Silke\Cookies\
[email protected][1].txt
C:\Documents and Settings\Silke\Cookies\silke@windowsmedia[1].txt
Log files dss:
main.txt:
Deckard's System Scanner v20071014.68
Run by Silke on 2008-06-02 22:47:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
63: 2008-06-03 05:47:59 UTC - RP63 - Deckard's System Scanner Restore Point
62: 2008-06-02 23:40:28 UTC - RP62 - Restore Operation
61: 2008-06-02 23:28:53 UTC - RP61 - BeforeHijackThis
60: 2008-06-02 06:49:51 UTC - RP60 - Software Distribution Service 3.0
59: 2008-06-02 05:43:38 UTC - RP59 - ComboFix created restore point
-- First Restore Point --
1: 2008-05-19 19:57:23 UTC - RP1 - Unsigned driver install
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Silke.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:23 PM, on 6/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Macromedia\Flash Communication Server MX\FlashComAdmin.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Macromedia\Flash Communication Server MX\FlashCom.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
C:\Documents and Settings\Silke\Desktop\dss.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Silke.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://att.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapp...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://authoring.eonline.comO15 - Trusted Zone:
http://www.eonline.comO15 - Trusted Zone: www.germandeli.com
O15 - Trusted Zone:
http://www.myspace.comO15 - Trusted Zone:
http://www.onlinetvrecorder.comO15 - Trusted Zone:
http://order.store.yahoo.netO15 - Trusted Zone:
http://us-dc2-order.store.yahoo.netO16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell....iler/SysPro.CABO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {79E7DCE2-6306-4996-B7CB-C2601B2B7BD1} (DownloadCtrl Class) -
https://stream.web.d...fy/Download.cabO16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
http://photos.yahoo....plorer1_9us.cabO16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) -
http://pccheckup.del...ll/gtdownde.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{964682B7-8147-48DE-8934-AB2CF8C4C2C7}: NameServer = 68.94.156.1 206.13.30.12
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Flash Communication Server (FlashCom) - Macromedia, Inc. - C:\Program Files\Macromedia\Flash Communication Server MX\FlashCom.exe
O23 - Service: Flash Communication Admin Service (FlashComAdmin) - Macromedia, Inc. - C:\Program Files\Macromedia\Flash Communication Server MX\FlashComAdmin.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NinjaVideo Helper (NinjaVideo Helper.exe) - NinjaVideo - C:\Program Files\NinjaVideo\NinjaVideo Helper\NinjaVideo Helper.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
--
End of file - 10615 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080602-163026-637 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20080602-163026-708 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
backup-20080602-163026-866 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 IPSECDRV (SafeNet IPSec Plugin) - c:\windows\system32\drivers\ipsecdrv.sys <Not Verified; SafeNet; SafeNet VPN Client>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 Crypto - c:\windows\system32\drivers\crypto.sys <Not Verified; SafeNet; SafeNet CSP>
R2 LBeepKE - c:\windows\system32\drivers\lbeepke.sys <Not Verified; Logitech Inc.; Logitech SetPoint>
R3 DNE (Deterministic Network Enhancer Miniport) - c:\windows\system32\drivers\dne2000.sys <Not Verified; Deterministic Networks, Inc.; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 catchme - c:\combofix\catchme.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - c:\program files\antivir personaledition classic\sched.exe <Not Verified; Avira GmbH; AntiVir Workstation>
R2 dsNcService (Juniper Network Connect Service) - c:\program files\juniper networks\common files\dsncservice.exe
R2 FlashCom (Flash Communication Server) - "c:\program files\macromedia\flash communication server mx\flashcom.exe" <Not Verified; Macromedia, Inc.; Flash Communication Server 1.0>
R2 FlashComAdmin (Flash Communication Admin Service) - "c:\program files\macromedia\flash communication server mx\flashcomadmin.exe" <Not Verified; Macromedia, Inc.; Flash Communication Server 1.0>
R2 IPSECMON (SafeNet Monitor Service) - "c:\program files\juniper\netscreen-remote\ipsecmon.exe" <Not Verified; SafeNet; SafeNet VPN Client>
R2 IreIKE (SafeNet IKE Service) - "c:\program files\juniper\netscreen-remote\ireike.exe" <Not Verified; SafeNet; SafeNet VPN Client>
S4 BreezeApp (Macromedia Breeze Application Service) -
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-06-02 17:00:45 438 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-02-25 03:05:39 372 --a------ C:\WINDOWS\Tasks\RegCure.job
-- Files created between 2008-05-02 and 2008-06-02 -----------------------------
2008-06-02 16:43:18 0 d-------- C:\WINDOWS\LastGood
2008-06-02 16:28:50 6684672 --a------ C:\Documents and Settings\Silke\ntuser.dat
2008-05-31 19:22:58 0 d-------- C:\Documents and Settings\NetworkService\Start Menu
2008-05-31 12:19:03 0 d-------- C:\WINDOWS\system32\vmm32
2008-05-31 12:01:54 68096 --a------ C:\WINDOWS\zip.exe
2008-05-31 12:01:54 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-31 12:01:54 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-31 12:01:54 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-31 12:01:54 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-31 12:01:54 98816 --a------ C:\WINDOWS\sed.exe
2008-05-31 12:01:54 80412 --a------ C:\WINDOWS\grep.exe
2008-05-31 12:01:54 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-28 23:40:35 0 d-------- C:\WINDOWS\ERUNT
2008-05-24 01:48:21 0 d-------- C:\Program Files\Trend Micro
2008-05-24 01:10:46 0 d-------- C:\Program Files\Panda Security
2008-05-23 23:50:26 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-23 23:50:22 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-23 23:50:22 0 d-------- C:\Documents and Settings\Silke\Application Data\SUPERAntiSpyware.com
2008-05-23 23:12:41 0 d-------- C:\Documents and Settings\Silke\Application Data\Malwarebytes
2008-05-23 23:12:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-23 23:12:29 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-23 23:12:02 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-20 12:56:14 0 d-------- C:\Documents and Settings\Silke\Application Data\Logitech
2008-05-20 12:56:10 0 d-------- C:\Documents and Settings\Silke\Application Data\ATI
2008-05-20 12:56:10 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-05-20 12:54:35 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-20 12:51:25 3712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-05-20 12:51:24 69632 --a------ C:\WINDOWS\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-05-20 12:51:24 110592 --a------ C:\WINDOWS\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-05-20 12:51:24 131072 --a------ C:\WINDOWS\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-05-20 12:51:24 155648 --a------ C:\WINDOWS\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-05-20 12:51:13 0 d-------- C:\Program Files\Logitech
2008-05-20 12:51:12 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-20 12:49:10 0 d-------- C:\Program Files\ATI
2008-05-20 12:48:28 0 d-------- C:\LXKZ600
2008-05-20 12:47:43 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-05-20 12:47:34 0 d-------- C:\Program Files\D-Link
2008-05-20 12:46:36 0 d-------- C:\ATI
2008-05-20 12:43:04 126976 --a------ C:\WINDOWS\system32\Imsmudlg.exe <Not Verified; Intel® Corporation; Uninstset Installation Utility>
2008-05-20 12:43:04 0 d-------- C:\WINDOWS\system32\ENU
2008-05-20 11:53:14 0 d-------- C:\Program Files\SymplisIT
2008-05-20 11:53:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SymplisIT
2008-05-20 11:25:16 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-05-19 12:48:59 0 d-------- C:\WINDOWS\Prefetch
2008-05-19 05:35:08 0 d-------- C:\Program Files\GetData
2008-05-19 03:16:54 0 d-------- C:\WINDOWS\setup.pss
2008-05-19 02:48:54 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-19 02:48:54 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-19 02:48:54 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-19 02:48:54 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-05-19 02:48:54 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-19 02:48:54 1048576 --ah----- C:\Documents and Settings\Administrator\ntuser.dat
2008-05-19 02:48:54 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-19 02:48:54 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-05-19 02:48:54 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-19 02:48:54 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-05-19 02:48:54 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-19 02:48:54 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-19 02:48:54 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-19 02:48:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-05-19 02:48:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-05-19 02:48:54 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-19 02:48:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Juniper Networks
2008-05-19 02:48:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-05-19 02:48:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-05-19 02:48:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Creative
2008-05-19 00:26:16 0 d-------- C:\Documents and Settings\Silke\Application Data\Uniblue
2008-05-17 15:59:41 0 d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2008-05-17 15:44:45 0 d-------- C:\Program Files\SBC Yahoo!
2008-05-17 15:42:22 0 d-------- C:\Program Files\Yahoo!
2008-05-05 00:30:41 0 d-------- C:\Program Files\PrevxCSI
2008-05-05 00:30:39 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
-- Find3M Report ---------------------------------------------------------------
2008-06-02 21:01:15 0 d-------- C:\Documents and Settings\Silke\Application Data\Juniper Networks
2008-06-02 16:21:21 0 d-------- C:\Program Files\GTS
2008-06-01 00:14:53 0 d-------- C:\Documents and Settings\Silke\Application Data\DigiDelivery
2008-05-31 12:52:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-30 16:38:21 0 d-------- C:\Program Files\Juniper Networks
2008-05-24 01:10:47 4306 --a------ C:\WINDOWS\mozver.dat
2008-05-23 23:49:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-23 23:12:02 0 d-------- C:\Program Files\Common Files
2008-05-20 12:48:52 0 d-------- C:\Program Files\ATI Technologies
2008-05-20 12:44:55 0 d-------- C:\Program Files\Intel
2008-05-20 12:03:39 0 d-------- C:\Program Files\Dell
2008-05-19 12:55:30 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-19 12:41:45 24808 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-17 16:08:35 0 d-------- C:\Documents and Settings\Silke\Application Data\Yahoo!
2008-05-17 15:03:01 0 d-------- C:\Program Files\Creative
2008-05-13 11:58:04 0 d-------- C:\Documents and Settings\Silke\Application Data\Adobe
2008-05-01 15:47:27 54840 --a------ C:\Documents and Settings\Silke\Application Data\GDIPFONTCACHEV1.DAT
2008-04-30 12:49:52 61510 --a------ C:\WINDOWS\system32\dsGinaLoader.dll <Not Verified; Juniper Networks; Network Connect GINA>
2008-04-27 22:46:29 0 d-------- C:\Program Files\DivX
2008-04-24 01:31:58 0 d-------- C:\Documents and Settings\Silke\Application Data\Symantec
2008-04-24 00:27:59 0 d-------- C:\Program Files\Macromedia
2008-04-23 23:48:20 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-23 23:48:11 0 d-------- C:\Program Files\Norton Ghost
2008-04-23 22:35:16 0 d-------- C:\Program Files\Norton Ghost 14
2008-04-23 00:10:37 1802740 --a------ C:\Program Files\Multidecoder_1.0.0.42.zip
2008-04-19 12:55:10 0 d-------- C:\Documents and Settings\Silke\Application Data\GTS
2008-04-03 15:18:52 0 d-a------ C:\Program Files\Multidecoder_1.0.0.42
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/16/2006 11:34 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 02:50 PM]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [09/29/2002 11:00 PM]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/04/2006 10:35 PM]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [04/17/2008 11:10 AM]
"ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [07/27/2004 02:50 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [02/29/2008 10:14 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/24/2008 12:50 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 05/24/2008 12:50 AM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdateManager]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
"C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\Surround Mixer\CTSysVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMagicSchedule]
"C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient]
C:\Program Files\Common Files\Dell\EUSW\Support.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E-Mail Alarm]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailAlarm]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\Program Files\Mozilla Firefox\plugins\GetFlash.exe -p
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hide-The-IP]
"C:\PROGRA~1\HIDETH~1\HIDETH~1.EXE" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
"C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 01]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
"C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0]
"C:\Program Files\Norton Ghost\Agent\VProTray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 14.0]
"C:\Program Files\Norton Ghost\Agent\VProTray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\Media Experience\PCMService.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM]
C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qttask]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecoverFromReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BreezeApp"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"SharedAccess"=2 (0x2)
-- End of Deckard's System Scanner: finished at 2008-06-02 22:50:25 ------------
extra.txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 1022.09 MiB / 470.29 MiB
Pagefile Memory (total/avail): 2461.07 MiB / 1925.08 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.39 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 74.45 GiB total, 45.64 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - Maxtor 6Y080M0 - 74.5 GiB - 2 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 74.45 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
FW: ZoneAlarm Pro Firewall v6.1.744.001 (Zone Labs, Inc.)
AV: Avira AntiVir PersonalEdition v8.0.1.18 (Avira GmbH)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Juniper\\NetScreen-Remote\\IreIKE.exe"="C:\\Program Files\\Juniper\\NetScreen-Remote\\IreIKE.exe:*:Enabled:IreIke"
"C:\\Program Files\\Juniper\\NetScreen-Remote\\ViewLog.exe"="C:\\Program Files\\Juniper\\NetScreen-Remote\\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"
"C:\\Program Files\\Juniper\\NetScreen-Remote\\CmonApp.exe"="C:\\Program Files\\Juniper\\NetScreen-Remote\\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"
"C:\\Program Files\\Juniper\\NetScreen-Remote\\vpn.exe"="C:\\Program Files\\Juniper\\NetScreen-Remote\\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"="C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe:*:Enabled:Sentinel Protection Server"
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\SymplisIT\\DriverMagic\\DriverMagic.exe"="C:\\Program Files\\SymplisIT\\DriverMagic\\DriverMagic.exe:*:Enabled:DriverMagic"
"C:\\Program Files\\Juniper\\NetScreen-Remote\\IreIKE.exe"="C:\\Program Files\\Juniper\\NetScreen-Remote\\IreIKE.exe:*:Enabled:IreIke"
"C:\\Program Files\\Juniper\\NetScreen-Remote\\ViewLog.exe"="C:\\Program Files\\Juniper\\NetScreen-Remote\\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"
"C:\\Program Files\\Juniper\\NetScreen-Remote\\CmonApp.exe"="C:\\Program Files\\Juniper\\NetScreen-Remote\\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"
"C:\\Program Files\\Juniper\\NetScreen-Remote\\vpn.exe"="C:\\Program Files\\Juniper\\NetScreen-Remote\\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Silke\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SILKE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Silke
LOGONSERVER=\\SILKE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\QuickTime\QTSystem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Silke\LOCALS~1\Temp
TMP=C:\DOCUME~1\Silke\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=SILKE
USERNAME=Silke
USERPROFILE=C:\Documents and Settings\Silke
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Silke
(admin)Administrator
(new local, admin)Guest
(new local, guest)-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\Creative\SBAudigy2\Program\SETUP.EXE" /S /U /W
--> "C:\Program Files\SBC Yahoo!\umuninst.exe" /S
--> C:\PROGRA~1\Yahoo!\Common\unybase.exe
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{0CDCA5CD-C404-41FD-9216-9B4B3D24A7AA}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\Setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\Setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\Setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
530TX+ --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C71A1FD7-EB23-45AA-A9AA-8DFEC0881875}
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Ahead InCD EasyWrite Reader --> C:\WINDOWS\unmrw.exe /UNINSTALL
Ahead Nero - Burning Rom --> C:\WINDOWS\UNNERO.exe /UNINSTALL
AKAI professional DCVocoder 1.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\AKAI professional M.I. Corp.\AKAI professional DCVocoder\UninstDCVocoder.isu"
AKAI professional PitchRight v1.01-OxYGeN --> C:\PROGRA~1\VSTPLU~1\PITCHR~1.01\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\PITCHR~1.01\INSTALL.LOG
AKAI professional QuadComp 1.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\AKAI professional M.I. Corp.\AKAI professional QuadComp\UninstQuadComp.isu"
AltoMP3 Gold 5.20 --> C:\Program Files\AltoMP3 Gold\uninst.exe
AT&T Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\install.log
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallSh
Edited by MysteryMaster, 03 June 2008 - 12:22 AM.