Deckard's System Scanner v20071014.68Run by adirks on 2008-07-03 13:28:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
98: 2008-07-03 20:28:35 UTC - RP399 - Deckard's System Scanner Restore Point
97: 2008-07-03 18:53:28 UTC - RP398 - System Checkpoint
96: 2008-07-02 15:54:21 UTC - RP397 - System Checkpoint
95: 2008-07-01 14:43:21 UTC - RP396 - System Checkpoint
94: 2008-06-30 13:03:25 UTC - RP395 - System Checkpoint
-- First Restore Point --
1: 2008-04-05 08:03:52 UTC - RP302 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as adirks.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:56 PM, on 7/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\adirks\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\adirks.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Start.bat
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoft...s/as2stubie.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1179238355921O17 - HKLM\System\CCS\Services\Tcpip\..\{423001F8-9EFB-48FF-B288-2D780A1F12DE}: NameServer = 208.57.0.11,208.57.0.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{423001F8-9EFB-48FF-B288-2D780A1F12DE}: NameServer = 208.57.0.11,208.57.0.10
O17 - HKLM\System\CS3\Services\Tcpip\..\{423001F8-9EFB-48FF-B288-2D780A1F12DE}: NameServer = 208.57.0.11,208.57.0.10
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)
--
End of file - 7106 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080623-150254-546 O24 - Desktop Component AutorunsDisabled: (no name) - (no file)
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Process Modules -------------------------------------------------------------
C:\WINDOWS\system32\winlogon.exe (pid 1172)
2008-06-23 12:08:50 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>
C:\WINDOWS\explorer.exe (pid 1592)
2008-06-23 12:08:58 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>
2005-11-15 11:07:16 1802240 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll <Not Verified; Nero AG; Nero Digital Tools>
2007-05-22 10:59:22 128512 --a------ C:\Program Files\WinRAR\RarExt.dll
2006-11-10 19:18:26 73728 --a------ C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll <Not Verified; Nero AG; Nero BackItUp>
-- Files created between 2008-06-03 and 2008-07-03 -----------------------------
2008-06-27 11:05:36 0 d-------- C:\Program Files\Trillian
2008-06-24 15:28:36 0 d-------- C:\WINDOWS\Prefetch
2008-06-24 15:20:54 0 d-------- C:\WINDOWS\system32\scripting
2008-06-24 15:20:53 0 d-------- C:\WINDOWS\system32\en
2008-06-24 15:20:53 0 d-------- C:\WINDOWS\l2schemas
2008-06-24 15:20:52 0 d-------- C:\WINDOWS\system32\bits
2008-06-24 15:18:19 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-24 10:45:01 0 d-------- C:\Program Files\Panda Security
2008-06-23 14:54:49 0 d-------- C:\Program Files\MS Updater
2008-06-23 10:57:58 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-23 10:57:45 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-23 10:57:45 0 d-------- C:\Documents and Settings\adirks\Application Data\SUPERAntiSpyware.com
2008-06-23 10:53:33 0 d-------- C:\Documents and Settings\adirks\Application Data\Malwarebytes
2008-06-23 10:53:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-23 10:53:29 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-23 10:53:19 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-23 10:47:14 0 d-------- C:\Program Files\Trend Micro
2008-06-23 09:26:50 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-23 09:26:46 0 d-------- C:\Program Files\Security Task Manager
2008-06-20 16:16:31 0 d-------- C:\Program Files\SpywareGuard
2008-06-20 16:03:05 241664 --a------ C:\Program Files\Uninstall Ask Toolbar.dll <Not Verified; Ask.com; Ask Toolbar for Internet Explorer>
2008-06-19 08:37:37 176235 --a------ C:\WINDOWS\system32\Primomonnt.dll
2008-06-19 08:37:35 0 d-------- C:\WINDOWS\PrimoPDF4
2008-06-19 08:37:35 0 d-------- C:\Program Files\activePDF
2008-06-16 11:13:52 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-16 11:11:50 0 d-------- C:\Program Files\AskPBar
2008-06-16 09:35:35 0 d-------- C:\Program Files\Avolve
-- Find3M Report ---------------------------------------------------------------
2008-07-02 15:52:28 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-26 14:58:10 6181 --a------ C:\Documents and Settings\adirks\Application Data\PrimoPDFSet.xml
2008-06-26 11:22:36 310 --a------ C:\Documents and Settings\adirks\Application Data\APUSet.xml
2008-06-24 15:21:17 0 d-------- C:\Program Files\Messenger
2008-06-24 15:20:52 0 d-------- C:\Program Files\Movie Maker
2008-06-24 15:18:00 0 d-------- C:\Program Files\Windows NT
2008-06-23 10:57:22 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-23 10:53:19 0 d-------- C:\Program Files\Common Files
2008-06-20 15:56:51 0 d-------- C:\Program Files\GIMP-2.0
2008-06-18 15:25:01 0 d-------- C:\Program Files\Acro Software
2008-06-18 14:05:48 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-06-17 16:09:50 0 d-------- C:\Program Files\MySpace
2008-06-16 11:06:57 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-06 16:56:48 0 d-------- C:\Documents and Settings\adirks\Application Data\gtk-2.0
2008-06-04 09:49:05 0 d-------- C:\Documents and Settings\adirks\Application Data\Adobe
2008-05-30 11:11:21 0 d-------- C:\Program Files\Java
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [08/14/2006 12:00 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 04:43 PM C:\WINDOWS\Alcmtr.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/10/2004 04:02 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [12/30/2004 12:19 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"SkyTel"="SkyTel.EXE" [05/16/2006 04:04 PM C:\WINDOWS\SkyTel.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 05:12 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 12:43 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [11/16/2006 07:04 PM]
C:\Documents and Settings\adirks\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]
Start.bat [5/14/2008 2:20:43 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06/23/2008 12:08 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 06/23/2008 12:08 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bc73943-c34f-11db-bedf-806d6172696f}]
AutoRun\command- D:\setup.exe
*Newly Created Service* - ARDLB
*Newly Created Service* - ISDRV122
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{181E34DA-8AAF-51A4-113B-C5C8DE522977}]
C:\WINDOWS\system32:wupdate.exe
-- Hosts -----------------------------------------------------------------------
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
127.0.0.1 d.abnad.net
26314 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-07-03 13:33:35 ------------
Deckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® D CPU 3.00GHz
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 1023.11 MiB / 618.35 MiB
Pagefile Memory (total/avail): 2460.38 MiB / 2076.25 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1904 MiB
A: is Removable (No Media)
B: is Network (NTFS)
C: is Fixed (NTFS) - 74.53 GiB total, 43.34 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
Q: is Network (NTFS)
\\.\PHYSICALDRIVE0 - ST380815AS - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\adirks\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LIV-DETAILING6
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\adirks
LANG=C
LOGONSERVER=\\LIV-DETAILING6
LOGSCRIPT=C:\Program Files\UniPrint\Log Files
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\DMIX;C:\PROGRA~1\COMMON~1\AUTODE~1;c:\foxprg;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0605
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\adirks\LOCALS~1\Temp
TMP=C:\DOCUME~1\adirks\LOCALS~1\Temp
USERDOMAIN=LIV-DETAILING6
USERNAME=adirks
USERPROFILE=C:\Documents and Settings\adirks
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Backup
(admin)test
(new local, admin)adirks
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoCAD 2000 --> C:\WINDOWS\uninst.exe -fC:\r2000\DeIsL1.isu -c"C:\r2000\unacad.dll
AutoCAD 2000 Migration Assistance --> C:\WINDOWS\uninst.exe -fC:\r2000\migration\DeIsL1.isu
Autodesk DWF Viewer 7 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
BurnInTest v3.0 Pro --> "C:\Program Files\BurnInTest\unins000.exe"
CADS Beam Detailer --> C:\CADS-mdi\UNWISE.EXE C:\CADS-mdi\Install.log
CADS Circular Bar Detailer --> C:\CADS-mdi\UNWISE.EXE C:\CADS-mdi\CADS-CBA\install.log
CADS Column Detailer --> C:\CADS-mdi\UNWISE.EXE C:\CADS-mdi\CADS-CO\install.log
CADS Pad Footing Detailer --> C:\CADS-mdi\UNWISE.EXE C:\CADS-mdi\CADS-PFD\install.log
CADS Panel Detailer --> C:\CADS-mdi\UNWISE.EXE C:\CADS-mdi\CADS-PN\install.log
CADS RCToolBox --> C:\CADS-mdi\UNWISE.EXE C:\CADS-mdi\RCToolBox\install.log
CADS Slab Panel Detailer --> C:\CADS-mdi\UNWISE.EXE C:\CADS-mdi\CADS-SPD\install.log
Citrix Web Client --> C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
GTK+ 2.10.13 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
Harris Detailing --> MsiExec.exe /I{47BD2EB2-EB8E-4F7E-A41B-AB3B3F192ECF}
Harris Detailing 2.6 --> MsiExec.exe /I{E6D9E0D4-E0ED-478B-B57E-BDFD279EC465}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® PRO Network Connections 11.2.0.69 --> MsiExec.exe /i{2222B364-0854-4265-B32E-A142DB9DC7BB} ARPREMOVE=1
iSqFt Full Viewer V4.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19A71C4F-94D9-44EA-AC98-FF8A045273AB}\Setup.exe" CPUninstall
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Konica Scantrip --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Konica\Scantrip\DeIsL1.isu" -c"C:\Program Files\Konica\Scantrip\_ISREG32.DLL"
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Ultra Edition --> MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31033}
Océ Remote Logic --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F81CE0B1-B4C3-11D4-8159-00C04F050B4C}\Setup.exe" -l0x9
Océ WPD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3597D6BD-0E73-11D5-AB8A-00D0B7A62D54}\Setup.exe" -l0x9 DoUninstall:
On-Screen Takeoff --> C:\Program Files\InstallShield Installation Information\{690CEFE2-3B21-4D9D-849D-463270CC09A1}\setup.exe -runfromtemp -l0x0409
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PrimoPDF --> "C:\WINDOWS\PrimoPDF4\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstallPrimoPDF4.xml"
Print Exec LT --> "C:\Program Files\Print Exec LT\UninstallerData\Uninstall Print Exec LT.exe"
ProjectDox Components --> MsiExec.exe /I{4055077E-416C-4A3C-A52A-05A450AC13FC}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
RebarCAD --> C:\CADS-mdi\UNWISE.EXE C:\CADS-mdi\install.log
Security Task Manager 1.7f --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec AntiVirus --> MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
TBS WMP Plug-in --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A}
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
UniPrint Client 3.5.1 --> C:\PROGRA~1\UniPrint\Client\UNWISE.EXE C:\PROGRA~1\UniPrint\Client\INSTALL.LOG
VERITAS Backup Exec Remote Agent for Windows Servers --> MsiExec.exe /I{5E98EE22-F59B-4ED0-82BE-010A6F886C3E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
-- Application Event Log -------------------------------------------------------
Event Record #/Type3628 / Error
Event Submitted/Written: 07/03/2008 01:30:26 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application itunes.exe, version 7.6.2.9, faulting module itunes.exe, version 7.6.2.9, fault address 0x0010cb0f.
Processing media-specific event for [itunes.exe!ws!]
Event Record #/Type3533 / Warning
Event Submitted/Written: 06/25/2008 09:10:04 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}', feature 'Complete' failed during request for component '{AFF22926-A739-4E3B-A969-57E406191443}'
Event Record #/Type3532 / Warning
Event Submitted/Written: 06/25/2008 09:10:04 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}', feature 'Complete', component '{B2B6EDF3-22B8-47B3-8358-4D1976F0949D}' failed. The resource 'C:\Program Files\SUPERAntiSpyware\Quarantine\' does not exist.
Event Record #/Type3507 / Warning
Event Submitted/Written: 06/25/2008 03:03:09 AM
Event ID/Source: 1020 / ASP.NET 2.0.50727.0
Event Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.
Event Record #/Type3492 / Warning
Event Submitted/Written: 06/24/2008 03:30:06 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type5447 / Warning
Event Submitted/Written: 07/03/2008 10:36:57 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type5440 / Warning
Event Submitted/Written: 07/03/2008 05:31:35 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Event Record #/Type5422 / Error
Event Submitted/Written: 07/02/2008 03:52:05 PM / 07/02/2008 03:52:19 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type
Event Record #/Type5411 / Warning
Event Submitted/Written: 07/01/2008 06:14:51 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type5410 / Warning
Event Submitted/Written: 07/01/2008 03:26:03 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
-- End of Deckard's System Scanner: finished at 2008-07-03 13:33:35 ------------