Seite 1 von 3 123 LetzteLetzte
Ergebnis 1 bis 10 von 23

Thema: Link Hijacking

  1. #1
    Einsteiger
    Registriert seit
    07.06.2008
    Beiträge
    10

    Link Hijacking

    I have tried everything I know about removing infections; and nothing works - everything is now showing my system clean....

    However, every once in a while (sometimes more frequently than others) I click on a link and I go to a redirect site (abcjmp.com) and it takes me somewhere else, eg: findstuff.com, "back" and re-click the link and I go to the right place.

    I have since put abcjmp.com in my hosts file as 127.0.0.1 so I'm not going to findstuff any longer, but it still "tries"

    HELP, Please!

    -josh

    --- I was unable to upload my log file so here it is below:


    ---------hijackthis.log-------------
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:01:06 PM, on 6/6/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\CACHEM~1\CachemanXP.exe
    C:\Program Files\DirectUpdate v4\DUEngine.exe
    C:\Program Files\Syslogd\Syslogd_Service.exe
    C:\Program Files\Paragon Software\Hard Disk Manager Professional\Net Burning Server\srvany.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Toshiba\IVP\swupdate\swupdtmr.exe
    C:\WINDOWS\system32\ThpSrv.exe
    C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    C:\WINDOWS\system32\TODDSrv.exe
    C:\Program Files\WebDrive\wdservice.exe
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Atheros\ACU.exe
    C:\WINDOWS\system32\00THotkey.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\WINDOWS\system32\TPSODDCtl.exe
    C:\Program Files\WebDrive\webdrive.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\thpsrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\Avanquest\AutoSave\AutoSave.exe
    C:\WINDOWS\tsnp2std.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Protector Suite QL\psqltray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\tools\analogx\NetStat Live\nsl.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\DirectUpdate v4\DUControl.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
    C:\Program Files\TiVo\Desktop\TiVoNotify.exe
    C:\Program Files\TiVo\Desktop\TiVoServer.exe
    C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe
    C:\Program Files\Common Files\DataViz\dvzincmsgr.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Tapur\tapmgr.exe
    C:\Program Files\Tapur\Tapur.exe
    C:\Program Files\4t Tray Minimizer\4t-min.exe
    C:\Program Files\palmOne\HOTSYNC.EXE
    C:\Program Files\Trillian\trillian.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\ LieDetector.exe
    C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\073AF5AC136443AEAF82FBD0E6EE23D0\ xtrshost.exe
    C:\progs\magic\Magic.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\mdm.exe
    C:\progs\pmail\winpm-32.exe
    C:\WINDOWS\system32\cmd.exe
    c:\tools\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\WebDrive\webdrive.exe /trayicon
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
    O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
    O4 - HKLM\..\Run: [TFncKy] c:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [AutoSave] "C:\Program Files\Avanquest\AutoSave\AutoSave.exe" /Autorun
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [NetStat Live] C:\tools\analogx\NetStat Live\nsl.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [DUControl] "C:\Program Files\DirectUpdate v4\DUControl.exe"
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
    O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
    O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
    O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] c:\mercury\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] c:\mercury\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
    O4 - Startup: 4t Tray Minimizer.lnk = C:\Program Files\4t Tray Minimizer\4t-min.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: AutorunsDisabled
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\dvzincmsgr.exe
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: Tapur.lnk = C:\Program Files\Tapur\tapmgr.exe
    O8 - Extra context menu item: &Create sURL - C:\Program Files\Avant Browser\Extensions\Misc\lusURL.htm
    O8 - Extra context menu item: Add to Restricted sites - C:\Program Files\Avant Browser\Extensions\Misc\msZones_R.htm
    O8 - Extra context menu item: Add to Trusted sites - C:\Program Files\Avant Browser\Extensions\Misc\msZones_T.htm
    O8 - Extra context menu item: Copy as HTML - C:\Program Files\Avant Browser\Extensions\Misc\msCopyAsHTML.htm
    O8 - Extra context menu item: Copy Image URL - C:\Program Files\Avant Browser\Extensions\Misc\msCopyImageURL.htm
    O8 - Extra context menu item: Create sURL - C:\Program Files\Avant Browser\Extensions\Misc\lusURL_text.htm
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Dictionary Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luDictionary.htm
    O8 - Extra context menu item: Dissect Selected Link - C:\Program Files\Avant Browser\Extensions\Misc\msDissect.html
    O8 - Extra context menu item: Dissect Selected Text - C:\Program Files\Avant Browser\Extensions\Misc\luDissect_text.htm
    O8 - Extra context menu item: Dissect this page - C:\Program Files\Avant Browser\Extensions\Misc\luDissect.htm
    O8 - Extra context menu item: Download With &SeqDownload - file://c:\tools\iemenu.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Encarta Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luEncarta.htm
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Get The Referer! - C:\Program Files\Avant Browser\Extensions\Misc\Get The Referer!.url
    O8 - Extra context menu item: Google Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luGoogle.htm
    O8 - Extra context menu item: Hyperdictionary Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luHyperdictionary.htm
    O8 - Extra context menu item: Info Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luInfo.htm
    O8 - Extra context menu item: Is this domain HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO.htm
    O8 - Extra context menu item: Is this link HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO_link.htm
    O8 - Extra context menu item: Is this site HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO_text.htm
    O8 - Extra context menu item: Lookup link on SiteAdvisor - C:\Program Files\Avant Browser\Extensions\Lookup\luSA_link.htm
    O8 - Extra context menu item: Lookup site on SiteAdvisor - C:\Program Files\Avant Browser\Extensions\Lookup\luSA_text.htm
    O8 - Extra context menu item: Merriam-Webster Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMWeb.htm
    O8 - Extra context menu item: Microsoft Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMicrosoft.htm
    O8 - Extra context menu item: MultiSearch - C:\Program Files\Avant Browser\Extensions\Lookup\MultiSearch.htm
    O8 - Extra context menu item: Open frame in new window - C:\Program Files\Avant Browser\Extensions\Misc\msBOOF.htm
    O8 - Extra context menu item: Open Selected URL's - C:\Program Files\Avant Browser\Extensions\Misc\MultiOpenURL.htm
    O8 - Extra context menu item: Open URL - C:\Program Files\Avant Browser\Extensions\Misc\OpenURL.htm
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Save Open Browser Windows - C:\Program Files\Avant Browser\Extensions\Misc\mSaveOpenWindows.htm
    O8 - Extra context menu item: Search AB Forums - C:\Program Files\Avant Browser\Extensions\Lookup\luABF.htm
    O8 - Extra context menu item: Send To Notepad - C:\Program Files\Avant Browser\Extensions\Misc\SendToNotepad.htm
    O8 - Extra context menu item: Send to the Webpage Analyzer - C:\Program Files\Avant Browser\Extensions\Misc\msprep.htm
    O8 - Extra context menu item: SiteAdvisor Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luSA.htm
    O8 - Extra context menu item: Translate page with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish.htm
    O8 - Extra context menu item: Translate selected text with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish_text.htm
    O8 - Extra context menu item: Translate selected text with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle_text.htm
    O8 - Extra context menu item: Translate URL with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish_URL.htm
    O8 - Extra context menu item: Translate URL with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle_URL.htm
    O8 - Extra context menu item: Translate with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle.htm
    O8 - Extra context menu item: Verify Webpage Location - C:\Program Files\Avant Browser\Extensions\Misc\Verify Webpage Location.url
    O8 - Extra context menu item: Wikipedia Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luWikipedia.htm
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1175227095484
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1175227195500
    O16 - DPF: {7C896371-4B7F-4B34-95B1-24851F5DED24} (Microsoft Virtual Server VMRC Control) - http://167.206.228.82:16448/VirtualS...iveXClient.cab
    O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/F...ansferCtrl.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
    O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
    O23 - Service: DirectUpdate engine (DirectUpdate) - WildUP - C:\Program Files\DirectUpdate v4\DUEngine.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Kiwi Syslog Daemon - Kiwi Enterprises - C:\Program Files\Syslogd\Syslogd_Service.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: FireDaemon Service: merc32 (merc32) - FireDaemon Technologies Limited - C:\Program Files\FireDaemon\FireDaemon.exe
    O23 - Service: NetBurningService - Unknown owner - C:\Program Files\Paragon Software\Hard Disk Manager Professional\Net Burning Server\srvany.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
    O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
    O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
    O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\WebDrive\wdservice.exe
    O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

    --
    End of file - 21523 bytes

  2. #2
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.369

    Re: Link Hijacking

    Welcome to HijackThis.de jassing,

    That domain is actually run by ABCSearch, owned by Internext Media Corp. A quick web search of those names pretty much shows major ad activity, and good chance unwanted adware installs as well. You do seem to like to install quite a few uncommon softwares - let's see what all is here, then review after.



    Since we will likely be making changes there, first follow the steps here to disable SpyBot's TeaTimer, as it will interfere with the repairs. Be sure to do all the steps, including the required reboot. If you have any difficulties accomplishing those then please go ahead and uninstall SpyBot - TeaTimer has been causing too many problems in repairs to make it worth any extra effort while we do them. You can always reinstall it after if you choose to.


    Then to keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


    Download Deckard's System Scanner (dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

    Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

    "%userprofile%\desktop\dss.exe" /config

    When the DSS Configuration display opens click the "Check All" button (if the "Uncheck All" button shows, click that, then click "Check All"). Next, Under Main Log, uncheck the following:

    System Restore
    Temp Cleanup
    Process Modules

    Then under Options, place a check next to the following:

    Backup Registry Hives

    Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

    Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also a second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder)

    You can use extra posts here if needed for that.

  3. #3
    Einsteiger
    Registriert seit
    07.06.2008
    Beiträge
    10

    Re: Link Hijacking

    Thank you -- here are those logs:

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Professional (build 2600) SP 3.0
    Architecture: X86; Language: English

    CPU 0: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
    Percentage of Memory in Use: 73%
    Physical Memory (total/avail): 2039.11 MiB / 530.31 MiB
    Pagefile Memory (total/avail): 3924.97 MiB / 2600.64 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1910.21 MiB

    C: is Fixed (NTFS) - 102.64 GiB total, 49.42 GiB free.
    D: is CDROM (No Media)
    E: is CDROM (No Media)
    F: is CDROM (No Media)
    I: is Fixed (NTFS) - 41.93 GiB total, 26.96 GiB free.
    Q: is Fixed (Unformatted) - 0 GiB total, 0 GiB free.
    V: is Network (NTFS)
    W: is Fixed (NTFS) - 1.46 GiB total, 1.33 GiB free.

    \\.\PHYSICALDRIVE0 - Hitachi HTS541616J9SA00 - 149.05 GiB - 3 partitions
    \PARTITION0 - Unknown - 1500 MiB - W:
    \PARTITION1 (bootable) - Installable File System - 102.64 GiB - C:
    \PARTITION2 - Installable File System - 41.93 GiB - I:



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    AMAENABLE=Y
    APPDATA=C:\Documents and Settings\josh\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=LAPTOP3
    ComSpec=C:\WINDOWS\system32\cmd.exe
    EDPATH=C:\WATCOM\EDDAT
    FIREDAEMON=C:\Program Files\FireDaemon\FireDaemon.exe
    FIREDAEMON_HOME=C:\Program Files\FireDaemon
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\josh
    INCLUDE=C:\Program Files\Microsoft Visual Studio\VC98\atl\include;C:\Program Files\Microsoft Visual Studio\VC98\mfc\include;C:\Program Files\Microsoft Visual Studio\VC98\include
    lib=C:\Program Files\Microsoft Visual Studio\VC98\mfc\lib;C:\Program Files\Microsoft Visual Studio\VC98\lib
    LOGONSERVER=\\LAPTOP3
    MSDevDir=C:\Program Files\Microsoft Visual Studio\Common\MSDev98
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=c:\program files\imagemagick;C:\Program Files\Windows Resource Kits\Tools\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System 32\Wbem;c:\tools;c:\program files\winzip;C:\Program Files\Microsoft SQL Server\80\Tools\BINN;C:\Program Files\IDM Computer Solutions\UltraEdit-32;C:\WATCOM\BINNT;C:\WATCOM\BINW;C:\Program Files\Symantec\pcAnywhere\;C:\Program Files\Microsoft Visual Studio\Common\Tools\WinNT;C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin;C:\Program Files\Microsoft Visual Studio\Common\Tools;C:\Program Files\Microsoft Visual Studio\VC98\bin;c:\tools\nmap;C:\Program Files\IDM Computer Solutions\UltraCompare
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0f06
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\josh\LOCALS~1\Temp
    TMP=C:\DOCUME~1\josh\LOCALS~1\Temp
    USERDOMAIN=LAPTOP3
    USERNAME=josh
    USERPROFILE=C:\Documents and Settings\josh
    VS80COMNTOOLS=c:\tools\
    WATCOM=C:\WATCOM
    windir=C:\WINDOWS
    _NT_SYMBOL_PATH=srv*c:\Symbols*http://msdl.microsoft.com/download/symbols


    -- User Profiles ---------------------------------------------------------------

    josh (admin)
    temp (new local)
    Administrator (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
    --> MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
    --> MsiExec.exe /I{977FBE6C-AE9A-4429-B249-814F0B3A4CB1}
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    µTorrent --> "c:\progs\torrent\uTorrent.exe" /UNINSTALL
    4t Tray Minimizer Pro 4.40 --> "C:\Program Files\4t Tray Minimizer\unins000.exe"
    7-Zip 4.47 beta --> "C:\Program Files\7-Zip\Uninstall.exe"
    AB Extension Pack --> "C:\Program Files\Avant Browser\Extensions\unins000.exe"
    Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    Agendus for Windows Palm Desktop Edition --> "C:\Program Files\iambic Software\Agendus for Windows Palm Desktop Edition\unins000.exe"
    AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
    AI RoboForm for Palm --> C:\Program Files\Siber Systems\AI RoboForm for Palm\uninstall.exe
    Alt-Tab Task Switcher Powertoy for Windows XP --> MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
    AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
    AnswerWorks 5.0 English Runtime --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
    APC PowerChute Personal Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
    API-Guide (remove only) --> "C:\Program Files\API-Guide\uninstall.exe"
    Aspell English Dictionary for UltraEdit-32 v12.00 --> "C:\Program Files\IDM Computer Solutions\UltraEdit-32\GNU\Aspell\Uninstall.exe" "c:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Log\installer\20080304_164921\install.lo g" -u
    Athena ASEDrive 2.5.0.0 --> MsiExec.exe /I{E7FA5B1D-28A8-4D4D-B3BA-F399B24FCB2B}
    Atheros Client Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\ Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}\setup.exe" -l0x9
    Atheros Wireless LAN MiniPCI/PCIe card Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\ Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}\Setup.exe" -l0x9
    Audacity 1.3.4 (Unicode) --> "C:\Program Files\Audacity\unins000.exe"
    AusLogics BoostSpeed --> "C:\Program Files\Auslogics\AusLogics BoostSpeed\unins000.exe"
    AusLogics Disk Defrag --> "C:\Program Files\Auslogics\Disk Defrag\unins000.exe"
    AusLogics Registry Defrag --> "C:\Program Files\Auslogics\Registry Defrag\unins000.exe"
    AusLogics System Information --> "C:\Program Files\Auslogics\System Information\unins000.exe"
    AutoPlay Media Studio 7.0 --> MsiExec.exe /X{D7F8FF50-EEED-4F79-BE51-ADA945AA17ED}
    AutoSave --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\Avanquest\AutoSave\Uninst\setup.exe" -l0x9 -XYZ
    Avanquest PerfectImage 11 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{4CFA89B7-33A5-4DA9-841D-93A42CF6172B}\Setup.exe" -l0x9
    Avant Browser (remove only) --> "C:\Program Files\Avant Browser\uninst.exe"
    avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    AviScreen Classic Version 1.3 --> "C:\Program Files\bobyte\AviScreen classic\unins000.exe"
    AviTricks Classic version 1.65 --> "C:\Program Files\Bobyte\AviTricks Classic\unins000.exe"
    Batch AutoCorrector 0.8 --> "C:\Program Files\Batch AutoCorrector\unins000.exe"
    Calculator Powertoy for Windows XP --> MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
    Cammaestro 2.5DU --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{60E61887-03BE-4D17-95FA-C39D26C044B8} /l1033
    CamStudio --> C:\Program Files\CamStudio\uninstall.exe
    Captain Nemo --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Runtime Software\Captain Nemo\DeIsL2.isu" -cC:\PROGRA~1\RUNTIM~1\CAPTAI~1\_ISREG32.DLL
    CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
    Checklist Conduit --> C:\WINDOWS\system32\pInstaller.exe /u "C:\WINDOWS\system32\Checklist Conduit.un2"
    Clean Disk Security 7.76 --> C:\Program Files\Clean Disk Security\uninst.exe
    ClearType Tuning Control Panel Applet --> MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
    CmdHere Powertoy For Windows XP --> MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
    Cole2k Media - Codec Pack (Advanced) 6.0.8 --> C:\WINDOWS\system32\C2MP\Uninst.exe
    ColorPic --> C:\WINDOWS\ColorPic Uninstaller.exe
    Consolas Font Family --> MsiExec.exe /I{6AE22174-4FFA-4572-B692-31F0C386ED38}
    CrossHair --> MsiExec.exe /I{05B68931-AD1D-4879-AF0E-D2BFF9750C58}
    Data Access Objects (DAO) 3.5 --> C:\Program Files\Common Files\Microsoft Shared\DAO\Remove.EXE C:\WINDOWS\UNINST.EXE -fC:\PROGRA~1\COMMON~1\MICROS~1\DAO\DeIsL1.isu
    Data Junction 7.0 Professional --> C:\WINDOWS\IsUninst.exe -fC:\DataJunction7.0\djwin70.isu
    DBF Recovery 1.50 --> C:\Program Files\DBF Recovery\uninst.exe
    Debugging Tools for Windows --> MsiExec.exe /I{5C741A01-05D6-4306-BA6A-DC8401285AE8}
    DirectUpdate --> "C:\Program Files\DirectUpdate v4\unins000.exe"
    Disk Investigator 1.4 --> C:\Program Files\Disk Investigator\uninst.exe
    DiskExplorer for FAT --> "C:\Program Files\Runtime Software\DiskExplorer\Uninstall.exe" "C:\Program Files\Runtime Software\DiskExplorer\install.log" -u
    DiskExplorer for NTFS --> "C:\Program Files\Runtime Software\NtExplorer\Uninstall.exe" "C:\Program Files\Runtime Software\NtExplorer\install.log" -u
    DIY DataRecovery HD Workbench 1.1.31 --> "C:\Program Files\DIY DataRecovery HD Workbench\uninstall.exe"
    Documents To Go --> MsiExec.exe /X{50EE3E64-FE60-4803-BCDC-A8CD6830D185}
    Dorgem 2.1.0 --> "C:\Program Files\Dorgem\unins000.exe"
    DriveLook --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Runtime Software\DriveLook\DeIsL1.isu" -c"C:\Program Files\Runtime Software\DriveLook\_ISREG32.DLL"
    Duplicate File Finder 1.1.0.0 --> "C:\Program Files\Duplicate File Finder\unins000.exe"
    DVD Region+CSS Free 5.9.8.5 --> "C:\Program Files\DVD Region+CSS Free\unins001.exe"
    EASEUS Data Recovery Wizard Professional 3.3.4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72B23535-8136-4863-965C-33A60FFA3CE7}\setup.exe" -l0x9 -removeonly
    Encyclopedia of Everyday Law - Personal Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{89BC121F-08BB-465A-8D09-3C438DD29773}\setup.exe" -l0x9 -removeonly
    Ext2 IFS 1.11 for Windows XP --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall 130 Ext2Ifs_for_NT501.inf
    Faxtastic --> C:\Program Files\Faxtastic\uninstall.exe
    ffdshow [rev 1324] [2007-07-01] --> "C:\WINDOWS\system32\unins000.exe"
    Fiddler2 (remove only) --> "C:\Program Files\Fiddler2\uninst.exe"
    FileLocator Pro Version 4.0 --> "C:\Program Files\Mythicsoft\FileLocator Pro\unins000.exe"
    FileZilla Client 3.0.10 --> C:\Program Files\FileZilla FTP Client\uninstall.exe
    FireDaemon Pro --> "C:\Documents and Settings\All Users\Application Data\{10BAA68B-BEC6-4CE4-9902-E645CA474542}\FireDaemon-Pro-1.9.2251.exe" REMOVE=TRUE MODIFY=FALSE
    FSE2 (remove only) --> "C:\Program Files\Fiddler2\ScriptEditor\uninst.exe"
    Garmin Communicator Plugin --> MsiExec.exe /X{D2CC3642-9B1F-428B-B207-48586724754B}
    Garmin POI Loader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08E4AE58-748D-4983-9B8A-495E2341769F}\setup.exe" -l0x9
    Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
    GetDataBack for FAT --> "C:\Program Files\Runtime Software\GetDataBack\Uninstall.exe" "C:\Program Files\Runtime Software\GetDataBack\install.log" -u
    GetDataBack for NTFS --> "C:\Program Files\Runtime Software\GetDataBack for NTFS\Uninstall.exe" "C:\Program Files\Runtime Software\GetDataBack for NTFS\install.log" -u
    GFI FAXmaker for Networks/SMTP Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{74FA01A1-83D5-4217-B8C1-170548D34E55}\setup.exe" -L0x9-L0x9
    GO-Global Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\ Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{29C9C9B5-1BA2-4782-9D0E-E357FECCE242}\setup.exe" -l0x9 Uninstall
    GoodSync --> "C:\Program Files\Siber Systems\GoodSync\uninstall.exe"
    GoToMeeting/GoToWebinar 3.0.0.198 --> C:\Program Files\Citrix\GoToMeeting\198\G2MUninstall.exe /uninstall
    GrayWall 1 --> "C:\MERCURY\unins001.exe"
    HijackThis 2.0.2 --> "C:\Documents and Settings\josh\Local Settings\Temp\HijackThis.exe" /uninstall
    ImageMagick 6.3.4-0 Q16 (04/30/07) --> "C:\Program Files\ImageMagick\unins003.exe"
    ImageMagick 6.3.6-2 Q16 (10/15/07) --> "C:\Program Files\ImageMagick\unins004.exe"
    Indigo Rose Plugin SDK --> "C:\WINDOWS\Indigo Rose Plugin SDK\uninstall.exe" "/U:C:\Program Files\Indigo Rose Plugin SDK\Uninstall\uninstall.xml"
    Inline Search v1.3 for Internet Explorer (remove only) --> "C:\Program Files\IEForge\Inline Search\uninstall.exe"
    innotek VirtualBox --> MsiExec.exe /I{B59FE77B-738F-4F1C-AB48-3104895AF676}
    Intel(R) Network Connections Drivers --> Prounstl.exe
    Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
    IsoBuster 2.0 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
    Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
    Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    JGsoft HelpScribble 7.7.3 --> C:\WINDOWS\UnDeploy.exe "C:\Program Files\JGsoft\HelpScribble\Deploy.log"
    Kiwi Syslog Daemon --> "C:\Program Files\Syslogd\uninst-Syslogd.exe"
    lcs plugin 4 trillian --> MsiExec.exe /I{E8FC6FE8-5764-4263-8B93-27A9D8ED79D7}
    LibUSB-Win32-0.1.12.0 --> "C:\Program Files\LibUSB-Win32\unins000.exe"
    Live Search Maps Add-In for Microsoft Office Outlook --> MsiExec.exe /I{EB9A4856-C28A-4BC2-9373-975A33BB9CD4}
    LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
    LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    Magic ISO Maker v5.0 (build 0166) --> C:\PROGRA~1\MagicISO\UNWISE.EXE c:\DOCUME~1\ALLUSE~1\APPLIC~1\Intuit\Quicken\Log\INSTAL~1\20 0803~1\install.log
    mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
    mDrWiFi --> MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650}
    mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
    Microsoft Device Emulator version 1.0 - ENU --> MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
    Microsoft Document Explorer 2005 --> C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
    Microsoft Document Explorer 2005 --> MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
    Microsoft English TTS Engine --> MsiExec.exe /I{94824ADD-8F26-43D2-84DB-22E11F377E5E}
    Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office OneNote 2003 --> MsiExec.exe /I{90A10409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
    Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SOAP Toolkit 3.0 --> MsiExec.exe /I{BCB4C18A-ACA6-4383-8688-E19933A705DD}
    Microsoft SQL Server 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft SQL Server\MSSQL\Uninst.isu" -c"C:\Program Files\Microsoft SQL Server\MSSQL\sqlsun.dll" -msql.mif i=MSSQLSERVER
    Microsoft SQL Server 2005 Mobile [ENU] Developer Tools --> MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
    Microsoft Streets & Trips 2007 --> MsiExec.exe /I{C82185E8-C27B-4EF4-2007-4444BC2C2B6D}
    Microsoft Virtual PC 2007 --> MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual FoxPro 9.0 Professional - English --> C:\Program Files\Microsoft Visual FoxPro 9\setup\Visual FoxPro 9.0 Professional - English\setup.exe /MaintMode
    Microsoft Visual FoxPro Sedna --> MsiExec.exe /I{B32DF199-ADE6-40F3-A5D7-1D3CE268EAD5}
    Microsoft Visual J# 2.0 Redistributable Package --> c:\cygwin\bin\install.exe
    Microsoft Visual Studio 6.0 Enterprise Edition --> "C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
    Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
    Mirage Driver 1.1 --> "C:\Program Files\DemoForge\Mirage Driver\uninst\unins000.exe"
    mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
    mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
    mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
    mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
    mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
    mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
    MS SQL PHP Generator 7.4 --> "C:\Program Files\SQL Maestro Group\MS SQL PHP Generator\unins000.exe"
    MSI Factory --> MsiExec.exe /X{87623B81-6167-4111-8A77-130DD3812F19}
    MSMQ File Copy --> RunDll32 syssetup.dll,SetupInfObjectInstallAction Uninstall.NT 132 fCopy.inf
    MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
    mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
    mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
    MyToGo For Skype --> rundll32.exe dfshim.dll,ShArpMaintain MyToGo For Skype.application, Culture=neutral, PublicKeyToken=241d554fe462a824, processorArchitecture=msil
    mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
    Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL
    Nero MediaHome CE --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    Nero Mega Plugin Pack --> MsiExec.exe /I{EF901A4B-A25A-4962-83C6-C6691D062ED9}
    Nero Recode CE --> C:\WINDOWS\UNRecode.exe /UNINSTALL
    Nero ShowTime CE --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    NeroMIX --> C:\WINDOWS\UNNMIX.exe /UNINSTALL
    NeroVision Express Content --> C:\WINDOWS\UNNVEContent.exe /UNINSTALL
    Network Stumbler 0.4.0 (remove only) --> "C:\Program Files\Network Stumbler\uninst.exe"
    Nokia Connectivity Adapter Cable DKU-5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{F1BA3CD5-89DC-4273-8603-A75F33E9B335}\Setup.exe" -l0x9
    Palm Desktop --> MsiExec.exe /X{E89D78B8-28F7-412F-8B26-C684739CBBDC}
    Paragon Hard Disk Manager 6.0 Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{1A05C238-2E6A-4CB5-8600-E6C1E509E0CB}\Setup.exe" -l0x9
    Passware Kit Enterprise 8.3 --> C:\Program Files\Passware\un-kit_ent.exe
    PC Checklist 1.50, Palm Checklist 1.52, and Checklist Conduit 1 --> "C:\Program Files\Papertrl\Checklist\unins000.exe"
    PDF Merge plug-in for TinyPDF 1.0.2 --> "C:\WINDOWS\unins000.exe"
    PDFCreator --> C:\Program Files\PDFCreator\unins000.exe
    Pegasus Mail --> C:\progs\pmail\DeSetup.exe C:\progs\pmail
    PortTunnel --> MsiExec.exe /I{832E7DB6-6514-42A9-9863-858C98443312}
    Power AutoPlay Menu Creator 7.0D --> "C:\Program Files\Power AutoPlay Menu Creator\unins000.exe"
    PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
    Quicken 2008 --> MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
    QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
    RAID Reconstructor --> "C:\Program Files\Runtime Software\RAID Reconstructor\Uninstall.exe" "C:\Program Files\Runtime Software\RAID Reconstructor\install.log" -u
    RamDisk Plus 8.0 Desktop Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{5B14E062-97A1-11D3-B2C8-00C0F014C0F2}\setup.exe"
    RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
    ReFox XI+ --> "C:\progs\refox\ReFox.set.exe" /uninstall
    RegAlyzer --> "C:\Program Files\Safer Networking\RegAlyzer\unins000.exe"
    Registrar Registry Manager 5.02 (Lite Edition) --> "c:\DBITech\CalTools2\unwise.exe"
    Registry First Aid --> "C:\Program Files\RFA\unins000.exe"
    RemoteByMail --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Runtime Software\RemoteByMail\DeIsL1.isu" -c"C:\Program Files\Runtime Software\RemoteByMail\_ISREG32.DLL"
    Runtime's HDHOST --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Runtime Software\HdHost\DeIsL1.isu" -c"C:\Program Files\Runtime Software\HdHost\_ISREG32.DLL"
    SD Secure Module --> MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
    Setup Factory 7.0 --> "C:\WINDOWS\Setup Factory 7.0\uninstall.exe" "/U:C:\Program Files\Setup Factory 7.0\Uninstall\uninstall.xml"
    Setup Factory for Windows Installer --> MsiExec.exe /X{951FCC42-E2D2-4737-95CB-E864DC003B23}
    sip --> MsiExec.exe /I{DE7A4AAD-9DD0-49E0-8762-2463EB02A7E0}
    Skype Geo Locator --> rundll32.exe dfshim.dll,ShArpMaintain GeoLocator.application, Culture=neutral, PublicKeyToken=a237a756db16d414, processorArchitecture=msil
    Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Solway's Desktop Icon Layout Saver 1.01 --> C:\Program Files\Solways Desktop Icon Layout Saver\uninst.exe
    SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
    SplashWallet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{623D3B16-5484-44E8-97A8-91B3B1BA658E}\setup.exe" -l0x9
    Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
    SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
    SQLite ODBC Driver (remove only) --> c:\src\sqlite3\odbc\Uninstall.exe
    SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    SuperCache II and SuperVolume Desktop Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{5B14E06B-97A1-11D3-B2C8-00C0F014C0F2}\setup.exe"
    Symantec pcAnywhere --> MsiExec.exe /I{12018183-866A-11D3-97DF-0000F8D8F2E9}
    SyncWizard --> C:\PROGRA~1\SYNCWI~1\UNWISE.EXE c:\DOCUME~1\ALLUSE~1\APPLIC~1\Intuit\Quicken\Log\INSTAL~1\20 0803~1\install.log
    TalkBack --> "C:\Program Files\trillian\plugins\talkback\unins001.exe"
    TapSmart KeyLink --> c:\Program Files\TapSmartKeyLink\Uninstall.exe
    Tapur 1.0.5.1 --> "C:\Program Files\Tapur\unins000.exe"
    Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program Files\InstallShield Installation Information\{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}\setup.exe -runfromtemp -l0x0409
    TimeReporter 4 Professional Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83A0B641-093F-4CF6-96BE-4B1210409FEF}\setup.exe" -l0x9 anything -removeonly
    TinyPDF --> "C:\Program Files\TinyPDF\unins000.exe"
    Titan FTP Server --> C:\Program Files\InstallShield Installation Information\{DB2112AD-0000-DAD1-0000-000004281965}\setup.exe -runfromtemp -l0x0009 -removeonly
    TiVo Desktop 2.6.1 --> MsiExec.exe /X{4E839090-3B68-436A-B3CF-A2A08C38DD26}
    TOSHIBA Controls --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
    TOSHIBA Direct Disc Writer --> MsiExec.exe /X{400830CA-F056-4BBE-80A3-9DF9CA4FB889}
    TOSHIBA Disc Creator --> MsiExec.exe /I{5DA0E02F-970B-424B-BF41-513A5018E4C0}
    TOSHIBA HDD Protection --> MsiExec.exe /X{94A90C69-71C1-470A-88F5-AA47ECC96B40}
    TOSHIBA Hotkey Utility for Display Devices --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
    TOSHIBA Password Utility --> c:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.e xe /M{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74} /l1033
    TOSHIBA Power Saver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
    TOSHIBA SD Memory Boot Utility --> MsiExec.exe /X{BBF5493A-05FB-4449-90DE-84A61EB78154}
    TOSHIBA SD Memory Card Format --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
    TOSHIBA SD Memory Utilities --> MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
    TOSHIBA Software Modem --> Tosmreg -U
    TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" -l0x9 -removeonly
    TOSHIBA Speech System Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
    TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
    TOSHIBA Utilities --> c:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{56190F69-01D3-46CA-9861-43377C5E9B87} /l1033
    TOSHIBA Virtual Sound --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
    TOSHIBA Zooming Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"
    Touch and Launch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe"
    Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
    TrueUpdate 3.0 --> "C:\WINDOWS\TrueUpdate 3.0\uninstall.exe" "/U:C:\Program Files\TrueUpdate 3.0\Uninstall\uninstall.xml"
    TTS Wrapper --> MsiExec.exe /I{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}
    UltraCompare Professional --> "C:\Program Files\IDM Computer Solutions\UltraCompare\Uninstall.exe" "c:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Log\installer\20080304_164921\install.lo g" -u
    UltraEdit-32 --> "C:\Program Files\IDM Computer Solutions\UltraEdit-32\Uninstall.exe" "C:\Program Files\IDM Computer Solutions\UltraEdit-32\ueinstall.log" -u
    UltraVNC v1.0 --> "C:\Program Files\UltraVNC\unins001.exe"
    UltraVNC v1.0.2 --> "C:\Program Files\UltraVNC\unins000.exe"
    USB2.0 PC Camera --> C:\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\setup.exe -runfromtemp -l0x0009 -removeonly -u
    VCW VicMan's Photo Editor 8.1 --> "C:\Program Files\VCW VicMan's Photo Editor\unins000.exe"
    VideoReDo TVSuite Version 3.1.4.549 --> "C:\Program Files\VideoReDoTVSuite\unins000.exe"
    Visual Patch 3.0 --> "C:\WINDOWS\Visual Patch 3.0\uninstall.exe" "/U:C:\Program Files\Visual Patch 3.0\Uninstall\uninstall.xml"
    VMware Workstation --> MsiExec.exe /I{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}
    VPLive (remove only) --> "c:\weatherlink\vpLink\uninst.exe"
    Web CEO 7.7 --> "C:\Program Files\Web CEO\Uninstall\unins000.exe"
    Web Photo Album 1.2 --> "C:\Program Files\Web Photo Album\unins000.exe"
    WebDrive --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WebDrive\Uninst.isu" -c"C:\Program Files\WebDrive\uninstall.dll"
    WhiteBoardMeeting --> MsiExec.exe /I{09801D34-8DE8-406A-BFD7-747AF74F5E6E}
    Windows Media 8 Encoding Utility --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wm8eutil.inf, Uninstall
    Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    WinHTTrack Website Copier 3.42 --> "C:\Program Files\WinHTTrack\unins000.exe"
    WinImage --> "C:\Program Files\WinImage\winimage.exe" /uninstall
    winpcap-nmap 3.1 --> "C:\Program Files\WinPcap\uninstall.exe"
    WinPcap 4.0.2 --> C:\Program Files\WinPcap\uninstall.exe
    Winspector --> "C:\Program Files\Winspector\unins000.exe"
    Wireshark 1.0.0 --> "C:\Program Files\Wireshark\uninstall.exe"
    XML Notepad 2007 --> MsiExec.exe /I{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type28 / Error
    Event Submitted/Written: 06/07/2008 08:46:53 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application irsetup.exe, version 0.0.0.0, faulting module irsetup.exe, version 0.0.0.0, fault address 0x00133b30.
    Processing media-specific event for [irsetup.exe!ws!]



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type10619 / Error
    Event Submitted/Written: 06/08/2008 06:27:21 PM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    The FileDisk Protector Kernel Driver service failed to start due to the following error:
    %%183

    Event Record #/Type10600 / Error
    Event Submitted/Written: 06/08/2008 06:26:06 PM
    Event ID/Source: 23 / Print
    Event Description:
    Printer PDF4U Adobe PDF Creator failed to initialize because a suitable PDF4U Adobe PDF Creator driver could not be found.

    Event Record #/Type10598 / Error
    Event Submitted/Written: 06/08/2008 06:25:59 PM / 06/08/2008 06:26:01 PM
    Event ID/Source: 280 / SscRdBus
    Event Description:
    Image load failed. RamDisk salvaged.

    Event Record #/Type10597 / Error
    Event Submitted/Written: 06/08/2008 06:25:59 PM / 06/08/2008 06:26:01 PM
    Event ID/Source: 271 / SscRdBus
    Event Description:
    Timed out attempting to open image file.

    Event Record #/Type10588 / Error
    Event Submitted/Written: 06/08/2008 01:30:35 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM got error "%%1084" attempting to start the service netman with arguments ""
    in order to run the server:
    {BA126AE5-2166-11D1-B1D0-00805FC1270E}



    -- End of Deckard's System Scanner: finished at 2008-06-09 07:37:40 ------------

    Deckard's System Scanner v20071014.68
    Run by josh on 2008-06-09 07:29:13
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    System Restore is disabled; attempting to re-enable...success.


    -- Last 1 Restore Point(s) --
    1: 2008-06-09 14:29:51 UTC - RP1 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as josh.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:34:04 AM, on 6/9/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\CACHEM~1\CachemanXP.exe
    C:\Program Files\DirectUpdate v4\DUEngine.exe
    C:\Program Files\Syslogd\Syslogd_Service.exe
    C:\Program Files\Paragon Software\Hard Disk Manager Professional\Net Burning Server\srvany.exe
    C:\Program Files\Paragon Software\Hard Disk Manager Professional\Net Burning Server\NetBurningService.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Toshiba\IVP\swupdate\swupdtmr.exe
    C:\WINDOWS\system32\ThpSrv.exe
    C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    C:\WINDOWS\system32\TODDSrv.exe
    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    C:\Program Files\WebDrive\wdservice.exe
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Atheros\ACU.exe
    C:\WINDOWS\system32\00THotkey.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\WINDOWS\system32\TPSODDCtl.exe
    C:\Program Files\WebDrive\webdrive.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\system32\thpsrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\Avanquest\AutoSave\AutoSave.exe
    C:\WINDOWS\tsnp2std.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\tools\analogx\NetStat Live\nsl.exe
    C:\Program Files\Protector Suite QL\psqltray.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\DirectUpdate v4\DUControl.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
    C:\Program Files\TiVo\Desktop\TiVoNotify.exe
    C:\Program Files\TiVo\Desktop\TiVoServer.exe
    C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe
    C:\Program Files\Common Files\DataViz\dvzincmsgr.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Tapur\tapmgr.exe
    C:\Program Files\Tapur\Tapur.exe
    C:\Program Files\4t Tray Minimizer\4t-min.exe
    C:\Program Files\palmOne\HOTSYNC.EXE
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\mdm.exe
    C:\Program Files\Trillian\trillian.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\ LieDetector.exe
    C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\073AF5AC136443AEAF82FBD0E6EE23D0\ xtrshost.exe
    c:\progs\magic\Magic.exe
    C:\progs\pmail\WINPM-32.EXE
    C:\WINDOWS\system32\cmd.exe
    c:\Download\dss.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    c:\tools\josh.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\WebDrive\webdrive.exe /trayicon
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
    O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
    O4 - HKLM\..\Run: [TFncKy] c:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [AutoSave] "C:\Program Files\Avanquest\AutoSave\AutoSave.exe" /Autorun
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [NetStat Live] C:\tools\analogx\NetStat Live\nsl.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [DUControl] "C:\Program Files\DirectUpdate v4\DUControl.exe"
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
    O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
    O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
    O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] c:\mercury\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] c:\mercury\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
    O4 - Startup: 4t Tray Minimizer.lnk = C:\Program Files\4t Tray Minimizer\4t-min.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: AutorunsDisabled
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\dvzincmsgr.exe
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: Tapur.lnk = C:\Program Files\Tapur\tapmgr.exe
    O8 - Extra context menu item: &Create sURL - C:\Program Files\Avant Browser\Extensions\Misc\lusURL.htm
    O8 - Extra context menu item: Add to Restricted sites - C:\Program Files\Avant Browser\Extensions\Misc\msZones_R.htm
    O8 - Extra context menu item: Add to Trusted sites - C:\Program Files\Avant Browser\Extensions\Misc\msZones_T.htm
    O8 - Extra context menu item: Copy as HTML - C:\Program Files\Avant Browser\Extensions\Misc\msCopyAsHTML.htm
    O8 - Extra context menu item: Copy Image URL - C:\Program Files\Avant Browser\Extensions\Misc\msCopyImageURL.htm
    O8 - Extra context menu item: Create sURL - C:\Program Files\Avant Browser\Extensions\Misc\lusURL_text.htm
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Dictionary Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luDictionary.htm
    O8 - Extra context menu item: Dissect Selected Link - C:\Program Files\Avant Browser\Extensions\Misc\msDissect.html
    O8 - Extra context menu item: Dissect Selected Text - C:\Program Files\Avant Browser\Extensions\Misc\luDissect_text.htm
    O8 - Extra context menu item: Dissect this page - C:\Program Files\Avant Browser\Extensions\Misc\luDissect.htm
    O8 - Extra context menu item: Download With &SeqDownload - file://c:\tools\iemenu.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Encarta Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luEncarta.htm
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Get The Referer! - C:\Program Files\Avant Browser\Extensions\Misc\Get The Referer!.url
    O8 - Extra context menu item: Google Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luGoogle.htm
    O8 - Extra context menu item: Hyperdictionary Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luHyperdictionary.htm
    O8 - Extra context menu item: Info Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luInfo.htm
    O8 - Extra context menu item: Is this domain HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO.htm
    O8 - Extra context menu item: Is this link HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO_link.htm
    O8 - Extra context menu item: Is this site HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO_text.htm
    O8 - Extra context menu item: Lookup link on SiteAdvisor - C:\Program Files\Avant Browser\Extensions\Lookup\luSA_link.htm
    O8 - Extra context menu item: Lookup site on SiteAdvisor - C:\Program Files\Avant Browser\Extensions\Lookup\luSA_text.htm
    O8 - Extra context menu item: Merriam-Webster Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMWeb.htm
    O8 - Extra context menu item: Microsoft Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMicrosoft.htm
    O8 - Extra context menu item: MultiSearch - C:\Program Files\Avant Browser\Extensions\Lookup\MultiSearch.htm
    O8 - Extra context menu item: Open frame in new window - C:\Program Files\Avant Browser\Extensions\Misc\msBOOF.htm
    O8 - Extra context menu item: Open Selected URL's - C:\Program Files\Avant Browser\Extensions\Misc\MultiOpenURL.htm
    O8 - Extra context menu item: Open URL - C:\Program Files\Avant Browser\Extensions\Misc\OpenURL.htm
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Save Open Browser Windows - C:\Program Files\Avant Browser\Extensions\Misc\mSaveOpenWindows.htm
    O8 - Extra context menu item: Search AB Forums - C:\Program Files\Avant Browser\Extensions\Lookup\luABF.htm
    O8 - Extra context menu item: Send To Notepad - C:\Program Files\Avant Browser\Extensions\Misc\SendToNotepad.htm
    O8 - Extra context menu item: Send to the Webpage Analyzer - C:\Program Files\Avant Browser\Extensions\Misc\msprep.htm
    O8 - Extra context menu item: SiteAdvisor Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luSA.htm
    O8 - Extra context menu item: Translate page with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish.htm
    O8 - Extra context menu item: Translate selected text with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish_text.htm
    O8 - Extra context menu item: Translate selected text with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle_text.htm
    O8 - Extra context menu item: Translate URL with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish_URL.htm
    O8 - Extra context menu item: Translate URL with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle_URL.htm
    O8 - Extra context menu item: Translate with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle.htm
    O8 - Extra context menu item: Verify Webpage Location - C:\Program Files\Avant Browser\Extensions\Misc\Verify Webpage Location.url
    O8 - Extra context menu item: Wikipedia Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luWikipedia.htm
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1175227095484
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1175227195500
    O16 - DPF: {7C896371-4B7F-4B34-95B1-24851F5DED24} (Microsoft Virtual Server VMRC Control) - http://167.206.228.82:16448/VirtualS...iveXClient.cab
    O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/F...ansferCtrl.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
    O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
    O23 - Service: DirectUpdate engine (DirectUpdate) - WildUP - C:\Program Files\DirectUpdate v4\DUEngine.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Kiwi Syslog Daemon - Kiwi Enterprises - C:\Program Files\Syslogd\Syslogd_Service.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: FireDaemon Service: merc32 (merc32) - FireDaemon Technologies Limited - C:\Program Files\FireDaemon\FireDaemon.exe
    O23 - Service: NetBurningService - Unknown owner - C:\Program Files\Paragon Software\Hard Disk Manager Professional\Net Burning Server\srvany.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
    O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
    O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
    O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\WebDrive\wdservice.exe
    O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

    --
    End of file - 21896 bytes

    -- HijackThis Fixed Entries (c:\tools\backups\) --------------------------------

    backup-20050526-072913-762 O3 - Toolbar: (no name) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - (no file)
    backup-20050807-164817-385 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    backup-20050807-164817-400 O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Dr...Non_Member.CAB
    backup-20050807-164817-468 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\blank.htm
    backup-20050807-164817-571 O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    backup-20050807-164817-781 O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
    backup-20050807-164817-966 O4 - HKCU\..\Run: [BTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart
    backup-20050826-080224-520 O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
    backup-20060216-065642-739 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    backup-20060216-065644-137 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    backup-20060216-065644-198 O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
    backup-20060216-065644-333 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    backup-20060216-065644-678 O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
    backup-20060216-065644-898 O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    backup-20060216-065644-980 O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    backup-20060216-065645-819 O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    backup-20060216-065646-268 O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
    backup-20060216-065646-633 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    backup-20060216-065647-161 O16 - DPF: {ED6D016A-12F8-4871-BEDC-CE13AAAB4F0B} (DD_v4_Member.DDv4) - http://www.drivershq.com/members/DD_v4_Member.CAB
    backup-20060429-151153-424 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://totalinternet.snap.com:8005/c...rnet-0,00.html
    backup-20060429-151153-457 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://totalinternet.snap.com:8005/c...rnet-0,00.html
    backup-20060429-151153-528 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://totalinternet.snap.com:8005/c...rnet-0,00.html
    backup-20060429-151153-844 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://totalinternet.snap.com:8005/c...rnet-0,00.html
    backup-20060620-125916-167 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    backup-20060620-125916-561 O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
    backup-20060918-152538-367 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\blank.htm
    backup-20060918-152538-388 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\blank.htm
    backup-20060918-152538-418 O9 - Extra button: MSR Strider URL Tracer - {E1675C34-8EFD-4005-8911-1032912305C6} - "C:\Program Files\Microsoft\MSR Strider URL Tracer\TypoPatroller.exe" (file missing) (HKCU)
    backup-20060918-152538-960 O4 - HKLM\..\Run: [SNM] C:\temp\SNM.exe /startup
    backup-20060918-152543-166 O9 - Extra 'Tools' menuitem: MSR Strider URL Tracer - {E1675C34-8EFD-4005-8911-1032912305C6} - "C:\Program Files\Microsoft\MSR Strider URL Tracer\TypoPatroller.exe" (file missing) (HKCU)
    backup-20080524-175959-114 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    backup-20080524-175959-144 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = contact:8080
    backup-20080524-175959-185 O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
    backup-20080524-175959-719 O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    backup-20080524-175959-749 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\blank.htm
    backup-20080524-175959-958 O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml (file missing)
    backup-20080524-175959-969 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\blank.htm
    backup-20080524-175959-986 O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

    -- File Associations -----------------------------------------------------------

    .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
    .ini - UltraEdit.ini - DefaultIcon - unable to read value
    .ini - UltraEdit.ini - shell\open\command - "C:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"
    .js - UltraEdit.js - DefaultIcon - unable to read value
    .js - UltraEdit.js - shell\open\command - "C:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"
    .txt - UltraEdit.txt - DefaultIcon - unable to read value
    .txt - UltraEdit.txt - shell\open\command - "C:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe" "%1"
    .vbs - VisualStudio.Analyzer.Event.Log.1 - DefaultIcon - C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VAVSA.DLL,-2002
    .vbs - VisualStudio.Analyzer.Event.Log.1 - shell\open\command - unable to read value
    .vbs - VisualStudio.Analyzer.Event.Log.1 - shell\edit\command - unable to read value


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 Gernuwa - c:\windows\system32\drivers\gernuwa.sys <Not Verified; Symantec Corporation; pcAnywhere>
    R0 hotcore - c:\windows\system32\drivers\hotcore.sys <Not Verified; Paragon Software Group; HotBackup>
    R0 SscVF - c:\windows\system32\drivers\sscvf.sys <Not Verified; SuperSpeed LLC; SuperCache II/SuperVolume>
    R0 Thpdrv (TOSHIBA HDD Protection Driver) - c:\windows\system32\drivers\thpdrv.sys <Not Verified; TOSHIBA Corporation; TOSHIBA HDD Protection>
    R0 Thpevm (TOSHIBA HDD Protection - Shock Sensor Driver) - c:\windows\system32\drivers\thpevm.sys <Not Verified; TOSHIBA Corporation; TOSHIBA HDD Protection>
    R0 TVALZ (TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver) - c:\windows\system32\drivers\tvalz.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Common Modules>
    R1 AW_HOST - c:\windows\system32\drivers\aw_host5.sys <Not Verified; Symantec Corporation; pcAnywhere>
    R1 awecho - c:\windows\system32\drivers\awechomd.sys <Not Verified; Symantec Corporation; pcAnywhere>
    R1 awlegacy - c:\windows\system32\drivers\awlegacy.sys <Not Verified; Symantec Corporation; pcAnywhere>
    R1 Ext2fs - c:\windows\system32\drivers\ext2fs.sys <Not Verified; Stephan Schreiber; Ext2 IFS for Windows XP/2003 (x86)>
    R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; Bo Brantén; filedisk>
    R1 IfsMount - c:\windows\system32\drivers\ifsmount.sys <Not Verified; Stephan Schreiber; IFS for Windows XP/2003 (x86)>
    R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
    R1 StarPort (StarPort Storage Controller) - c:\windows\system32\drivers\starport.sys <Not Verified; Rocket Division Software; StarPort Storage Controller>
    R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
    R2 WebDriveFSD (WebDrive Filesystem Driver) - c:\program files\webdrive\rffsd.sys
    R3 Dvd43 - c:\windows\system32\drivers\dvd43.sys <Not Verified; Fengtao Software Inc.; DVD43>
    R3 EuMusDesignVirtualAudioCableWdm_sdh (Sandhills Audio Cable) - c:\windows\system32\drivers\vacsdhkd.sys
    R3 libusb0 (LibUsb-Win32 - Kernel Driver, Version 0.1.12.0) - c:\windows\system32\drivers\libusb0.sys <Not Verified; http://libusb-win32.sourceforge.net; LibUSB-Win32 - Kernel Driver>
    R3 tdcmdpst (TOSHIBA Writing Engine Filter Driver) - c:\windows\system32\drivers\tdcmdpst.sys <Not Verified; TOSHIBA Corporation.; >
    R3 Tvs (TOSHIBA Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter>

    S3 cmcdrv - c:\windows\system32\drivers\cmcdrv.sys <Not Verified; Convenos Corporation; CMC Video Hook Driver>
    S3 filedisk2 (FileDisk Protector Kernel Driver) - c:\program files\protector suite ql\filedisk.sys <Not Verified; UPEK Inc.; Protector Suite QL>
    S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>
    S3 PCTINDIS5 (PCTINDIS5 NDIS Protocol Driver) - c:\windows\system32\pctindis5.sys <Not Verified; PCTEL Inc.; PCTEL Rawether for Windows>
    S3 tap0801 (TAP-Win32 Adapter V8) - c:\windows\system32\drivers\tap0801.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>
    S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 CachemanXPService (CachemanXP) - c:\progra~1\cachem~1\cachemanxp.exe <Not Verified; Outertech; >
    R2 Kiwi Syslog Daemon - c:\program files\syslogd\syslogd_service.exe <Not Verified; Kiwi Enterprises; Kiwi Syslog Daemon>
    R2 NetBurningService - c:\program files\paragon software\hard disk manager professional\net burning server\srvany.exe
    R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
    R2 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exe
    R2 TODDSrv (TOSHIBA Optical Disc Drive Service) - c:\windows\system32\toddsrv.exe <Not Verified; TOSHIBA Corporation; TDCSrv Application>
    R2 WebDriveService (WebDrive Service) - c:\program files\webdrive\wdservice.exe
    R2 winvnc (VNC Server) - "c:\program files\ultravnc\winvnc.exe" -service <Not Verified; UltraVNC; UltraVNC>

    S2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
    S3 awhost32 (Symantec pcAnywhere Host Service) - "c:\program files\symantec\pcanywhere\awhost32.exe" <Not Verified; Symantec Corporation; pcAnywhere>
    S4 K - c:\docume~1\josh\locals~1\temp\k.exe (file missing)
    S4 msvsmon80 (Visual Studio 2005 Remote Debugger) -


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\929F0E3900
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\929F0E3900
    Service: NIC1394

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: VMware Virtual Ethernet Adapter for VMnet1
    Device ID: ROOT\VMWARE\0000
    Manufacturer: VMware, Inc.
    Name: VMware Virtual Ethernet Adapter for VMnet1
    PNP Device ID: ROOT\VMWARE\0000
    Service: VMnetAdapter

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: VMware Virtual Ethernet Adapter for VMnet8
    Device ID: ROOT\VMWARE\0001
    Manufacturer: VMware, Inc.
    Name: VMware Virtual Ethernet Adapter for VMnet8
    PNP Device ID: ROOT\VMWARE\0001
    Service: VMnetAdapter


    -- Files created between 2008-05-09 and 2008-06-09 -----------------------------

    2008-06-08 13:40:15 0 dr------- C:\Documents and Settings\Administrator\My Documents
    2008-06-08 13:27:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    2008-06-08 13:26:16 0 dr------- C:\Documents and Settings\Administrator\Favorites
    2008-06-08 13:26:15 0 dr-h----- C:\Documents and Settings\Administrator\Recent
    2008-06-08 13:26:14 0 d-------- C:\Documents and Settings\Administrator\Desktop
    2008-06-08 10:44:20 0 d-------- C:\Documents and Settings\LocalService\Application Data\VMware
    2008-06-08 10:43:54 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    2008-06-07 21:40:40 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-06-07 21:35:47 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-07 21:34:09 0 d-------- C:\Program Files\Solways Desktop Icon Layout Saver
    2008-06-07 21:34:00 0 dr-h----- C:\Documents and Settings\josh\Recent
    2008-06-06 15:07:40 0 d-------- C:\Program Files\SUPERAntiSpyware
    2008-06-06 15:07:40 0 d-------- C:\Documents and Settings\josh\Application Data\SUPERAntiSpyware.com
    2008-06-06 10:07:17 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
    2008-06-06 10:07:04 0 d-------- C:\Program Files\Common Files\Skype
    2008-06-05 18:17:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-05-29 12:15:17 16384 --a------ C:\WINDOWS\system32\t32dm.dat
    2008-05-28 18:42:39 10643799 --a------ C:\WINDOWS\system32\SBSP.dat
    2008-05-28 16:38:37 104 --a------ C:\WINDOWS\system32\SBRC.dat
    2008-05-28 16:38:37 1530 --a------ C:\WINDOWS\system32\SBFC.dat
    2008-05-28 14:37:47 0 d-------- C:\Documents and Settings\josh\.housecall6.6
    2008-05-24 17:39:22 0 --a------ C:\WINDOWS\system32\TXFCJEDJ
    2008-05-24 17:37:37 0 d-------- C:\Documents and Settings\josh\Application Data\AVGTOOLBAR
    2008-05-23 07:50:47 0 d-------- C:\WINDOWS\Prefetch
    2008-05-23 02:55:22 0 d-------- C:\WINDOWS\system32\scripting
    2008-05-23 02:55:18 0 d-------- C:\WINDOWS\l2schemas
    2008-05-23 02:55:17 0 d-------- C:\WINDOWS\system32\en
    2008-05-22 18:29:06 0 d------c- C:\donwload


    -- Find3M Report ---------------------------------------------------------------

    2008-06-09 07:06:54 0 d-------- C:\Documents and Settings\josh\Application Data\Skype
    2008-06-09 07:05:28 0 d-------- C:\Documents and Settings\josh\Application Data\skypePM
    2008-06-09 07:04:38 0 d-a------ C:\Program Files\Trillian
    2008-06-08 12:55:16 0 d-------- C:\Documents and Settings\josh\Application Data\FileZilla
    2008-06-07 21:36:09 0 d-------- C:\Program Files\SpywareBlaster
    2008-06-07 21:34:17 0 d-------- C:\Program Files\Disk Investigator
    2008-06-06 17:50:16 0 d-------- C:\Program Files\IrfanView
    2008-06-06 17:49:38 0 d-------- C:\Program Files\Web CEO
    2008-06-06 17:49:37 0 d-------- C:\Program Files\UltraVNC
    2008-06-06 17:49:33 0 d-------- C:\Program Files\Syslogd
    2008-06-06 17:49:33 0 d-------- C:\Program Files\SyncWizard
    2008-06-06 17:49:26 0 d-------- C:\Program Files\PcHelpWare
    2008-06-06 17:49:26 0 d-------- C:\Program Files\PalmXP
    2008-06-06 17:49:26 0 d-------- C:\Program Files\palmOne
    2008-06-06 17:49:11 0 d-------- C:\Program Files\Lavasoft
    2008-06-06 17:49:09 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-06-06 17:48:57 0 d-------- C:\Program Files\Ahead
    2008-06-06 17:48:25 0 d-------- C:\Documents and Settings\josh\Application Data\VMware
    2008-06-06 17:48:25 0 d-------- C:\Documents and Settings\josh\Application Data\U3
    2008-06-06 17:48:25 0 d-------- C:\Documents and Settings\josh\Application Data\Symantec
    2008-06-06 17:48:25 0 d-------- C:\Documents and Settings\josh\Application Data\SourceGear
    2008-06-06 17:48:24 0 d-------- C:\Documents and Settings\josh\Application Data\Nero
    2008-06-06 17:48:20 0 d-------- C:\Documents and Settings\josh\Application Data\IDMComp
    2008-06-06 17:48:19 0 d-------- C:\Documents and Settings\josh\Application Data\Auslogics
    2008-06-06 17:48:19 0 d-------- C:\Documents and Settings\josh\Application Data\Audacity
    2008-06-06 17:48:19 0 d-------- C:\Documents and Settings\josh\Application Data\Ahead
    2008-06-06 17:48:19 0 d-------- C:\Documents and Settings\josh\Application Data\Adobe
    2008-06-06 15:07:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-06-06 10:07:04 0 d-------- C:\Program Files\Common Files
    2008-06-02 00:40:40 0 d-------- C:\Program Files\Alwil Software
    2008-06-01 22:46:53 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>
    2008-06-01 18:37:14 0 d-------- C:\Program Files\WebDrive
    2008-06-01 18:37:14 0 d-------- C:\Program Files\QuickTime
    2008-06-01 18:37:14 0 d-------- C:\Program Files\Protector Suite QL
    2008-06-01 18:37:14 0 d-------- C:\Program Files\PowerISO
    2008-06-01 18:37:14 0 d-------- C:\Program Files\Atheros
    2008-06-01 14:05:50 0 d-------- C:\Documents and Settings\josh\Application Data\uTorrent
    2008-05-29 12:15:20 270336 --a------ C:\WINDOWS\tsnp2std.exe <Not Verified; ; tsnp2std>
    2008-05-29 12:15:20 45632 --a------ C:\WINDOWS\system32\taskswitch.exe
    2008-05-29 12:15:19 110592 --a------ C:\WINDOWS\system32\tpsoddctl.exe <Not Verified; TOSHIBA Corporation; TOSHIBA Power Saver>
    2008-05-29 12:15:19 315392 --a------ C:\WINDOWS\system32\tpsmain.exe <Not Verified; TOSHIBA Corporation; TOSHIBA Power Saver>
    2008-05-29 12:15:19 593920 --a------ C:\WINDOWS\system32\tfnf5.exe <Not Verified; TOSHIBA Corp.; TOSHIBA Hotkey Utility for Display Devices>
    2008-05-29 12:15:19 155648 --a------ C:\WINDOWS\system32\nerocheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
    2008-05-29 12:15:19 94208 --a------ C:\WINDOWS\system32\igfxtray.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
    2008-05-29 12:15:19 77824 --a------ C:\WINDOWS\system32\hkcmd.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
    2008-05-29 12:15:19 24576 --a------ C:\WINDOWS\system32\000stthk.exe
    2008-05-29 12:15:18 245760 --a------ C:\WINDOWS\system32\00thotkey.exe <Not Verified; TOSHIBA Corporation; TOSHIBA THotkey>
    2008-05-28 13:22:03 0 d-------- C:\Program Files\UltraCompare
    2008-05-28 13:14:34 0 d-------- C:\Program Files\Power AutoPlay Menu Creator
    2008-05-28 13:06:55 0 d-------- C:\Program Files\MagicISO
    2008-05-27 21:02:37 211 --a------ C:\WINDOWS\system32\'
    2008-05-27 09:38:16 0 d-------- C:\Program Files\FileZilla FTP Client
    2008-05-24 11:11:39 0 d-------- C:\Program Files\Auslogics
    2008-05-23 20:45:06 0 d-------- C:\Program Files\DVD Region+CSS Free
    2008-05-23 08:08:25 118784 --a------ C:\WINDOWS\system32\igfxpers.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
    2008-05-23 02:55:52 0 d-------- C:\Program Files\Messenger
    2008-05-23 02:55:16 0 d-------- C:\Program Files\Movie Maker
    2008-05-23 02:50:53 0 d-------- C:\Program Files\Windows NT
    2008-05-19 22:41:56 0 d-------- C:\Program Files\Debugging Tools for Windows
    2008-05-14 22:36:45 0 d-------- C:\Program Files\API-Guide
    2008-05-08 16:30:34 0 d-------- C:\Documents and Settings\josh\Application Data\Real
    2008-05-08 16:30:25 0 d-------- C:\Program Files\Common Files\xing shared
    2008-05-08 16:30:23 0 d-------- C:\Program Files\Common Files\Real
    2008-05-08 16:30:11 0 d-------- C:\Program Files\Real
    2008-05-07 17:12:44 0 d-------- C:\Documents and Settings\josh\Application Data\IndigoRose
    2008-05-07 17:12:37 0 d-------- C:\Program Files\MSI Factory
    2008-05-07 17:11:35 0 d-------- C:\Documents and Settings\josh\Application Data\Downloaded Installations
    2008-05-01 08:57:00 0 d-------- C:\Program Files\Passware
    2008-05-01 08:56:35 9577548 --a------ C:\Program Files\passware.zip
    2008-04-30 16:28:14 0 d-------- C:\Program Files\CachemanXP
    2008-04-20 11:13:22 0 d-------- C:\Program Files\Audacity
    2008-04-20 10:54:18 0 d-------- C:\Program Files\Iteral
    2008-04-20 10:32:58 0 d-------- C:\Documents and Settings\josh\Application Data\Tapur
    2008-04-20 10:32:44 0 d-------- C:\Program Files\Tapur
    2008-04-20 09:58:25 0 d-------- C:\Program Files\Faxtastic
    2008-04-20 09:47:31 0 d-------- C:\Program Files\DemoForge
    2008-04-18 10:31:08 0 d-------- C:\Program Files\Hand-Crafted Software
    2008-04-18 10:30:24 0 d-------- C:\Documents and Settings\josh\Application Data\VideoReDoPlus
    2008-04-18 09:00:10 253924 --a------ C:\Program Files\Common Files\hold.zip
    2008-04-17 19:59:46 0 d-------- C:\Program Files\Setup Factory 7.0
    2008-04-17 19:41:40 0 d-------- C:\Program Files\Common Files\TiVo Shared
    2008-04-17 11:22:43 0 d-------- C:\Program Files\Wireshark
    2008-04-17 11:22:40 0 d-------- C:\Program Files\WinPcap
    2008-04-17 08:04:53 0 d-------- C:\Documents and Settings\josh\Application Data\Intuit
    2008-04-16 20:31:14 0 d-------- C:\Program Files\Citrix
    2008-03-20 08:28:05 1548 --a------ C:\WINDOWS\unins000.dat
    2008-03-20 08:27:59 685849 --a------ C:\WINDOWS\unins000.exe <Not Verified; ; Inno Setup>
    2008-03-12 13:10:18 633344 -----n--- C:\WINDOWS\system32\gpprefcl.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [05/29/2008 12:15 PM]
    "ACU"="C:\Program Files\Atheros\ACU.exe" [05/29/2008 12:15 PM]
    "00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [05/29/2008 12:15 PM]
    "000StTHK"="000StTHK.exe" [05/29/2008 12:15 PM C:\WINDOWS\system32\000stthk.exe]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/29/2008 12:15 PM]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [05/29/2008 12:15 PM]
    "DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [05/29/2008 12:15 PM]
    "TFNF5"="TFNF5.exe" [05/29/2008 12:15 PM C:\WINDOWS\system32\tfnf5.exe]
    "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [05/29/2008 12:15 PM]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [05/29/2008 12:15 PM]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [05/29/2008 12:15 PM]
    "TPSMain"="TPSMain.exe" [05/29/2008 12:15 PM C:\WINDOWS\system32\tpsmain.exe]
    "TPSODDCtl"="TPSODDCtl.exe" [05/29/2008 12:15 PM C:\WINDOWS\system32\tpsoddctl.exe]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [05/29/2008 12:15 PM]
    "WebDriveTray"="C:\Program Files\WebDrive\webdrive.exe" [05/29/2008 12:15 PM]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [05/29/2008 12:15 PM]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 04:19 PM]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [05/29/2008 12:15 PM]
    "PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [05/29/2008 12:15 PM]
    "ThpSrv"="C:\WINDOWS\system32\thpsrv /logon" []
    "TFncKy"="c:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe" [05/29/2008 12:15 PM]
    "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [05/29/2008 12:15 PM]
    "CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [05/29/2008 12:15 PM]
    "AutoSave"="C:\Program Files\Avanquest\AutoSave\AutoSave.exe" [01/27/2007 04:54 PM]
    "tsnp2std"="C:\WINDOWS\tsnp2std.exe" [05/29/2008 12:15 PM]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/29/2008 12:15 PM]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/29/2008 12:15 PM]
    "WinVNC"="C:\Program Files\UltraVNC\WinVNC.exe" [06/18/2006 02:56 PM]
    "NetStat Live"="C:\tools\analogx\NetStat Live\nsl.exe" [05/01/2007 12:32 PM]
    "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
    "Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" []
    "TOSDCR"="TOSDCR.EXE" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [05/29/2008 12:15 PM]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 12:43 PM]
    "DUControl"="C:\Program Files\DirectUpdate v4\DUControl.exe" [04/27/2007 01:05 PM]
    "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [05/29/2008 12:15 PM]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 05:12 PM]
    "TivoTransfer"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [05/29/2008 12:15 PM]
    "TivoNotify"="C:\Program Files\TiVo\Desktop\TiVoNotify.exe" [04/04/2008 10:54 AM]
    "TivoServer"="C:\Program Files\TiVo\Desktop\TiVoServer.exe" [05/29/2008 12:15 PM]
    "Auslogics BoostSpeed 4"="C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe" [05/05/2008 02:20 PM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversio n\runonce]
    "IETI"=c:\mercury\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion \policies\system]
    "DisableTaskMgr"=0 (0x0)
    "RunStartupScriptSync"=0 (0x0)
    "DisableRegistryTools"=0 (0x0)
    "DisableStatusMessages"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion \policies\explorer]
    "NoLowDiskSpaceChecks"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ policies\explorer]
    "NoLowDiskSpaceChecks"=1 (0x1)
    "NoSMBalloonTip"=0 (0x0)
    "NoDesktopCleanupWizard"=1 (0x1)
    "NoWindowsUpdate"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\ShellExecuteHooks]
    "{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [10/09/2004 03:18 PM 49152]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "System"=" "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    C:\WINDOWS\System32\dimsntfy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
    PCANotify.dll 02/14/2006 12:00 PM 8704 C:\WINDOWS\system32\PCANotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    C:\WINDOWS\system32\psqlpwd.dll 12/03/2006 04:50 PM 90112 C:\WINDOWS\system32\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"= scecli psqlpwd

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\vds]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    aeyfoc aeyfoc
    eapsvcs eaphost
    dot3svc dot3svc

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    napagent
    hkmsvc


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ explorer\mountpoints2\{411d2df2-2c6f-11dd-b4c8-0015b7aafd61}]
    AutoRun\command- H:\LaunchU3.exe -a




    -- Hosts -----------------------------------------------------------------------

    127.0.0.1 babe.the-killer.bz
    127.0.0.1 www.babe.the-killer.bz
    127.0.0.1 babe.k-lined.com
    127.0.0.1 www.babe.k-lined.com
    127.0.0.1 did.i-used.cc
    127.0.0.1 www.did.i-used.cc
    127.0.0.1 coolwwwsearch.com
    127.0.0.1 www.coolwwwsearch.com
    127.0.0.1 coolwebsearch.com
    127.0.0.1 www.coolwebsearch.com

    9008 more entries in hosts file.


    -- End of Deckard's System Scanner: finished at 2008-06-09 07:37:40 ------------

  4. #4
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.369

    Re: Link Hijacking

    It doesn't show in this forum, but I have responded to many thousands of requests like yours, and admit I haven't seen so many uncommon softwares installed on one system before now. I truly would not be able to guess if any of these many, many softwares has slipped in some redirection function there.

    You do need to not use HijackThis for any system changes, like removing the services of installed software you appear to have done recently. Some of these recreated themselves, but in general all the softwares are running corrupted with the services partially deleted. In HijackThis you need to click "View the list of backups", then click to hilight and Restore all the items dated 20080524. And reboot after. Then if you want to make changes to these softwares, like VNC, you need to do this from within the software itself, or uninstall the software.


    For this redirect issue perhaps a scan might shed some light.


    Go here and run the Kaspersky online scan, and post back the log it creates (it requires IE).

    To use the scan, accept the agreement and make sure you allow the ActiveX object to download and install (check the "yellow bar" at the top of IE if needed to allow this). Once the download has completed click Next, then Scan Settings, then make sure the "extended option" is checked (leave all others as they are) and click OK. Then click "My Computer" to begin the scan. Save the Report as a text file and post that back here.

    To save it as a text file, still with the page in Internet Explorer, go to the top of the page and select File - Save As... Then make sure in the "Save as type" drop down you change it to "Text File(*.txt)".

    Post back that log please.

  5. #5
    Einsteiger
    Registriert seit
    07.06.2008
    Beiträge
    10

    Re: Link Hijacking

    Zitat Zitat von Jintan Beitrag anzeigen
    It doesn't show in this forum, but I have responded to many thousands of requests like yours, and admit I haven't seen so many uncommon softwares installed on one system before now. I truly would not be able to guess if any of these many, many softwares has slipped in some redirection function there.
    I can tell you that no new software has been installed -- the problem happened after allowing someone to "check their email" then called me over to say "look at this" so I can guarantee it's not any of the "many software" that is installed....



    Zitat Zitat von Jintan Beitrag anzeigen
    For this redirect issue perhaps a scan might shed some light.
    I've done just about every online scanner that is reputable.... tracking cookies are about the only thing it found. I've used two different virus scanners...


    Zitat Zitat von Jintan Beitrag anzeigen
    and run the Kaspersky online scan, and post back the log it creates (it requires IE).
    Interesting....


    Thanks.
    -josh

  6. #6
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.369

    Re: Link Hijacking

    Your MS files for certificates may not be updated, or Kaspersky hasn't updated theirs, but their is nothing suspect about their files or installers to use. Go ahead and allow that and run and post the scan log please.

  7. #7
    Einsteiger
    Registriert seit
    07.06.2008
    Beiträge
    10

    Re: Link Hijacking

    Zitat Zitat von Jintan Beitrag anzeigen
    Your MS files for certificates may not be updated, or Kaspersky hasn't updated theirs, but their is nothing suspect about their files or installers to use. Go ahead and allow that and run and post the scan log please.
    I guess the picture wasn't clear enough -- there was NO WAY to use it; it wasn't a "ok to use w/o validating" or anything like that.. it just 'stopped' right then and there.

    I reinstalled IE7 (infection still there); ran the online scan ( worked once I reinstalled iE7) -- now I get the below error -- funny is that there's no way to report this error -- even tho the say I can upload a jpg; once I did; it told me it was either too big, or banned type -- it wasn't either...

  8. #8
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.369

    Re: Link Hijacking

    From what I see in web searches that error indicates there has been a copy of Kaspersky on your system that was an illegal copy (hacked key now blocked). I am running Kaspersky on a test system without issues. Any previous use of Kaspersky on our computer?

  9. #9
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.369

    Re: Link Hijacking

    And from what I see on my test computer your error is validated - something is wrong with the Kaspersky online scan right now. Or I have been using a bad key copy as well, but no, Kaspesky has problems of some sort.

    Unfortunate, since it really is the scan of choice for what I wanted to check on your system. Let's wait and see if they get this corrected - I will check back with you after I see if I can get some contact with Kaspersky staff.

  10. #10
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.369

    Re: Link Hijacking

    Right now the Kaspersky online scan seems to be an XP issue (Vista doesn't get these errors). As I mentioned this particular scan is what would be helpful for checking your issues right now. So let's see if by tomorrow Kaspersky has not corrected the problem. If not, we can change ideas then.

Seite 1 von 3 123 LetzteLetzte

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Application Hijacking
    Von Galadrielle im Forum Archiv
    Antworten: 3
    Letzter Beitrag: 27.05.2007, 18:37
  2. Possible hijacking using firefox 2.0
    Von Nelsinho im Forum Archiv
    Antworten: 12
    Letzter Beitrag: 24.12.2006, 14:34
  3. AIM IM Hijacking
    Von skiingsean im Forum Archiv
    Antworten: 7
    Letzter Beitrag: 26.08.2006, 14:47
  4. hijacking
    Von guigsy im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 23.07.2005, 17:53
  5. Browser Hijacking
    Von Bendix im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 13.09.2004, 14:40

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •