Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HiJack Log List

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: HiJack Log List

Unread postby Shaba » May 26th, 2008, 12:41 pm

Hi

Well that is a web site and not a file in your computer.

Has it re-occurred?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Re: HiJack Log List

Unread postby aesthete9928 » May 26th, 2008, 12:45 pm

yeah. it is constantly occurring. i noticed that everytime i open a new tab or click on the webpage.
i
aesthete9928
Regular Member
 
Posts: 21
Joined: May 22nd, 2008, 9:41 am

Re: HiJack Log List

Unread postby Shaba » May 26th, 2008, 12:49 pm

Hi

I see.

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Please post contents of that file in your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: HiJack Log List

Unread postby aesthete9928 » May 27th, 2008, 3:22 am

okay. now i think i have a bigger problem. i shut down my computer last nite and it was okay this morning. but i restarted it just now because it was really slow and now this happens.
eveerything's very very slow now. i can't even see what i'm typing at times.
it takes ages to swtich on my laptop. getting into windows i mean.
it says as follows :

c:\System Volume Infortmation\_restore{47038061-0EAD-41397-82BD-7500002C08789}-\RP66]Change.log is corrupted and ureadable. Please run chkdsk utility.

i tried looking for that program in my start but can't find it. and it keeps on popping up. the "alert" sign at the taskbar.

the malware report.

Malwarebytes' Anti-Malware 1.12
Database version: 788

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 82401
Time elapsed: 2 hour(s), 53 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
aesthete9928
Regular Member
 
Posts: 21
Joined: May 22nd, 2008, 9:41 am

Re: HiJack Log List

Unread postby Shaba » May 27th, 2008, 9:18 am

Hi

Please post back then a fresh HijackThis log :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: HiJack Log List

Unread postby aesthete9928 » May 27th, 2008, 11:16 am

hi again. so, do think you know what the problem is?

thanks a lot for helping out. especially when this is a free service.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:49 AM, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

--
End of file - 7712 bytes
aesthete9928
Regular Member
 
Posts: 21
Joined: May 22nd, 2008, 9:41 am

Re: HiJack Log List

Unread postby Shaba » May 27th, 2008, 2:12 pm

Hi

Nothing bad there.

Chances are that there is just one corrupted file in system restore.

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: HiJack Log List

Unread postby aesthete9928 » May 27th, 2008, 7:42 pm

hello.
i wasn't very sure what file string search were so i checked whatever processes that has "non-mircosoft" in it.
i also check the "no" option for rootkit search.
this is the result. Thanxs

Code: Select all
OTScanIt logfile created on: 28/05/2008 9:37:16 AM
OTScanIt by OldTimer - Version 1.0.15.1     Folder = C:\Documents and Settings\Tyger\Desktop\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
510.92 Mb Total Physical Memory | 194.97 Mb Available Physical Memory | 38.16% Memory free
1.22 Gb Paging File | 0.89 Gb Available in Paging File | 73.05% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 14.16 Gb Free Space | 58.02% Space Free | Partition Type: NTFS
Drive D: | 12.84 Gb Total Space | 5.86 Gb Free Space | 45.65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-AYZ9QSTPH1
Current User Name: Tyger
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
s24evmon.exe -> %SystemRoot%\system32\S24EvMon.exe -> Intel Corporation  [Ver = 4, 2, 0, 1 | Size = 303171 bytes | Modified Date = 16/12/2003 7:23:40 AM | Attr =    ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 17272 bytes | Modified Date = 16/05/2008 9:06:57 AM | Attr =    ]
zcfgsvc.exe -> %SystemRoot%\system32\ZCfgSvc.exe -> Intel Corporation [Ver = 4, 2, 0, 4 | Size = 356352 bytes | Modified Date = 16/12/2003 7:30:06 AM | Attr =    ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 144760 bytes | Modified Date = 16/05/2008 9:19:24 AM | Attr =    ]
00thotkey.exe -> %SystemRoot%\system32\00THotkey.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 21 | Size = 258048 bytes | Modified Date = 16/04/2003 1:01:28 PM | Attr =    ]
tfnf5.exe -> %SystemRoot%\system32\TFNF5.exe -> TOSHIBA Corp. [Ver = 2, 2, 0, 0 | Size = 73728 bytes | Modified Date = 18/07/2003 6:41:26 PM | Attr =    ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 110592 bytes | Modified Date = 30/05/2003 8:25:02 PM | Attr =    ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 614400 bytes | Modified Date = 30/05/2003 8:23:14 PM | Attr =    ]
touched.exe -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe -> TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 126976 bytes | Modified Date = 22/01/2003 11:00:06 AM | Attr =    ]
tfncky.exe -> %ProgramFiles%\Toshiba\TOSHIBA Controls\TFncKy.exe -> TOSHIBA Corporation [Ver = 3.01.01 | Size = 102400 bytes | Modified Date = 19/08/2003 2:51:02 AM | Attr =    ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 31/10/2007 1:09:16 PM | Attr =    ]
stacmon.exe -> %ProgramFiles%\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe -> SigmaTel Inc. [Ver = 1, 0, 0, 3 | Size = 86073 bytes | Modified Date = 3/08/2003 5:01:14 PM | Attr =    ]
ezsp_px.exe -> %SystemRoot%\system32\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 21/08/2002 4:29:26 AM | Attr =    ]
dragdrop.exe -> %ProgramFiles%\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe ->  [Ver = 3, 0, 0, 0 | Size = 1175552 bytes | Modified Date = 9/08/2003 12:54:54 PM | Attr =    ]
cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 4, 50, 0, 2 | Size = 28672 bytes | Modified Date = 3/12/2003 11:05:54 AM | Attr =    ]
ndstray.exe -> %ProgramFiles%\Toshiba\ConfigFree\NDSTray.exe -> TOSHIBA CORPORATION [Ver = 4, 50, 0, 105 | Size = 892928 bytes | Modified Date = 6/12/2003 9:44:40 AM | Attr =    ]
bsclip.exe -> %ProgramFiles%\B's CLiP\Win2K\BsCLiP.exe ->  [Ver =  | Size = 1409024 bytes | Modified Date = 4/02/2004 11:43:00 PM | Attr =    ]
ltmoh.exe -> %ProgramFiles%\ltmoh\ltmoh.exe -> Agere Systems [Ver = 1.69 | Size = 172032 bytes | Modified Date = 2/01/2003 5:16:38 PM | Attr =    ]
dvdramsv.exe -> %SystemRoot%\system32\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 24/05/2003 7:38:26 AM | Attr =    ]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4562 | Size = 77824 bytes | Modified Date = 24/09/2003 7:00:00 PM | Attr = R  ]
tpsbattm.exe -> %SystemRoot%\system32\TPSBattM.exe -> TOSHIBA Corporation [Ver = 1, 0, 1, 0 | Size = 45056 bytes | Modified Date = 26/09/2003 3:19:10 AM | Attr =    ]
agrsmmsg.exe -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.28.2 2.1.28.2 04/18/2003 11:20:08 | Size = 88363 bytes | Modified Date = 18/04/2003 12:20:10 PM | Attr =    ]
regsrvc.exe -> %SystemRoot%\system32\RegSrvc.exe -> Intel Corporation [Ver = 4, 1, 0, 0 | Size = 122880 bytes | Modified Date = 16/12/2003 7:22:36 AM | Attr =    ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 79224 bytes | Modified Date = 16/05/2008 9:19:31 AM | Attr =    ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3292 | Size = 180269 bytes | Modified Date = 27/03/2008 6:53:51 PM | Attr =    ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_04\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 144784 bytes | Modified Date = 14/12/2007 3:42:38 AM | Attr =    ]
toscdspd.exe -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 5/09/2003 8:24:46 PM | Attr =    ]
btdna.exe -> %ProgramFiles%\DNA\btdna.exe -> BitTorrent, Inc. [Ver = 2.0.1.9795 | Size = 289088 bytes | Modified Date = 21/05/2008 11:40:18 PM | Attr =    ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 247160 bytes | Modified Date = 16/05/2008 9:19:00 AM | Attr =    ]
1xconfig.exe -> %SystemRoot%\system32\1XConfig.exe -> Intel [Ver = 4, 2, 0, 0 | Size = 184320 bytes | Modified Date = 16/12/2003 7:24:20 AM | Attr =    ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 349560 bytes | Modified Date = 16/05/2008 9:16:59 AM | Attr =    ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.14: 2008040413 | Size = 7660656 bytes | Modified Date = 18/04/2008 12:28:49 AM | Attr =    ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.1 | Size = 374272 bytes | Modified Date = 27/05/2008 12:26:28 PM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 4/01/2008 12:27:08 PM | Attr =    ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 31/10/2007 1:09:16 PM | Attr =    ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 17272 bytes | Modified Date = 16/05/2008 9:06:57 AM | Attr =    ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 144760 bytes | Modified Date = 16/05/2008 9:19:24 AM | Attr =    ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 247160 bytes | Modified Date = 16/05/2008 9:19:00 AM | Attr =    ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 349560 bytes | Modified Date = 16/05/2008 9:16:59 AM | Attr =    ]
(CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 4, 50, 0, 2 | Size = 28672 bytes | Modified Date = 3/12/2003 11:05:54 AM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 3/08/2004 11:56:50 PM | Attr =    ]
(DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 24/05/2003 7:38:26 AM | Attr =    ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 30/03/2008 10:36:30 AM | Attr =    ]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4562 | Size = 77824 bytes | Modified Date = 24/09/2003 7:00:00 PM | Attr = R  ]
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %SystemRoot%\system32\RegSrvc.exe -> Intel Corporation [Ver = 4, 1, 0, 0 | Size = 122880 bytes | Modified Date = 16/12/2003 7:22:36 AM | Attr =    ]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\system32\S24EvMon.exe -> Intel Corporation  [Ver = 4, 2, 0, 1 | Size = 303171 bytes | Modified Date = 16/12/2003 7:23:40 AM | Attr =    ]

[Driver Services - Non-Microsoft Only]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 26944 bytes | Modified Date = 16/05/2008 9:13:26 AM | Attr =    ]
(Ad-Watch Connect Filter) Ad-Watch Connect Kernel Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\NSDriver.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 9344 bytes | Modified Date = 7/08/2007 11:56:58 AM | Attr =    ]
(AgereSoftModem) TOSHIBA V92 Software Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.22 2.1.22 12/20/2002 13:07:32 | Size = 1164576 bytes | Modified Date = 20/12/2002 2:07:34 PM | Attr =    ]
(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 20560 bytes | Modified Date = 16/05/2008 9:16:06 AM | Attr =    ]
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 94416 bytes | Modified Date = 16/05/2008 9:18:33 AM | Attr =    ]
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 23152 bytes | Modified Date = 16/05/2008 9:15:29 AM | Attr =    ]
(aswSP) avast! Self Protection [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 78416 bytes | Modified Date = 16/05/2008 9:20:32 AM | Attr =    ]
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 42912 bytes | Modified Date = 16/05/2008 9:14:11 AM | Attr =    ]
(BsStor) B.H.A Storage Helper Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\BsStor.sys -> B.H.A Co.,Ltd. [Ver = 1.0.8 | Size = 10112 bytes | Modified Date = 4/02/2004 7:08:00 PM | Attr =    ]
(BsUDF) B.H.A UDF Filesystem [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\BsUDF.sys -> B.H.A Co.,Ltd. [Ver = 5.43 | Size = 395008 bytes | Modified Date = 3/02/2004 1:05:46 PM | Attr =    ]
(CBEN5) Xircom CardBus Ethernet 10/100 Adapter family Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\cben5.sys -> Xircom, Inc. [Ver = 3.14.05.00 | Size = 46108 bytes | Modified Date = 17/08/2001 10:13:14 PM | Attr =    ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 3/08/2004 10:07:18 PM | Attr =    ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 3/08/2004 10:07:18 PM | Attr =    ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 29/08/2002 10:00:00 PM | Attr =    ]
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 6.04.14.0000 built by: WinDDK | Size = 140800 bytes | Modified Date = 25/09/2002 7:09:12 AM | Attr =    ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 29/01/2008 12:01:28 PM | Attr =    ]
(MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.2.1.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdc8021x.sys -> Meetinghouse Data Communications [Ver = 2.2.1.0 | Size = 14037 bytes | Modified Date = 27/03/2008 8:13:28 AM | Attr =    ]
(meiudf) meiudf [File_System | System | Running] -> %SystemRoot%\system32\drivers\meiudf.sys -> Matsushita Electric Industrial Co.,Ltd. [Ver = 3.0.9.0 | Size = 90416 bytes | Modified Date = 25/10/2003 7:53:14 AM | Attr =    ]
(Netdevio) TOSHIBA Network Device Usermode I/O Protocol [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\Netdevio.sys -> TOSHIBA Corporation. [Ver = Version 5.00.01.00 built by: WinDDK | Size = 12032 bytes | Modified Date = 30/01/2003 8:35:00 AM | Attr =    ]
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.4562 | Size = 1370764 bytes | Modified Date = 24/09/2003 7:00:00 PM | Attr = R  ]
(pciSd) pciSd [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tossdpci.sys -> TOSHIBA [Ver = 1.00.07.30210 | Size = 15143 bytes | Modified Date = 12/02/2003 10:03:54 AM | Attr =    ]
(Pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 10368 bytes | Modified Date = 19/09/2003 7:47:00 PM | Attr =    ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 29/08/2002 10:00:00 PM | Attr =    ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.02.60a | Size = 17232 bytes | Modified Date = 27/08/2003 8:02:00 PM | Attr =    ]
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\s24trans.sys -> Intel Corporation [Ver = 4, 1, 0, 0 | Size = 10970 bytes | Modified Date = 16/12/2003 7:16:26 AM | Attr =    ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 8:25:53 PM | Attr =    ]
(SMCIRDA) SMC IrCC Miniport Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smcirda.sys -> SMC [Ver = 5.1.2500.0 | Size = 38425 bytes | Modified Date = 11/09/2001 12:54:32 PM | Attr =    ]
(STAC97) Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\stac97.sys -> SigmaTel, Inc. [Ver = 5.10.3835 | Size = 230416 bytes | Modified Date = 17/07/2003 7:19:32 PM | Attr =    ]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 271728 bytes | Modified Date = 30/05/2003 7:56:22 PM | Attr =    ]
(tsdhd) TOSHIBA SD Card Host Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tsdhd.sys -> TOSHIBA Corporation [Ver = 2, 0, 4, 30514 | Size = 25888 bytes | Modified Date = 14/05/2003 6:38:32 PM | Attr =    ]
(TVALZ) TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\TVALZ.SYS -> TOSHIBA Corporation [Ver = 1, 0, 0, 0 | Size = 9216 bytes | Modified Date = 8/08/2003 8:52:00 AM | Attr =    ]
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Modified Date = 31/10/2007 1:09:14 PM | Attr =    ]
(w70n51) Intel(R) PRO/Wireless 2100 Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\w70n51.sys -> Intel® Corporation [Ver = 1.6.0.47 | Size = 979840 bytes | Modified Date = 5/12/2003 8:50:28 PM | Attr = R  ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
000StTHK -> %SystemRoot%\system32\000StTHK.exe [000StTHK.exe] ->  [Ver =  | Size = 24576 bytes | Modified Date = 24/06/2001 1:28:06 PM | Attr =    ]
00THotkey -> %SystemRoot%\system32\00THotkey.exe [C:\WINDOWS\System32\00THotkey.exe] -> TOSHIBA Corp. [Ver = 1, 0, 0, 21 | Size = 258048 bytes | Modified Date = 16/04/2003 1:01:28 PM | Attr =    ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 11/01/2008 9:16:38 PM | Attr =    ]
AGRSMMSG -> %SystemRoot%\agrsmmsg.exe [AGRSMMSG.exe] -> Agere Systems [Ver = 2.1.28.2 2.1.28.2 04/18/2003 11:20:08 | Size = 88363 bytes | Modified Date = 18/04/2003 12:20:10 PM | Attr =    ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 79224 bytes | Modified Date = 16/05/2008 9:19:31 AM | Attr =    ]
B'sCLiP -> %ProgramFiles%\B's CLiP\Win2K\BsCLiP.exe [C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe] ->  [Ver =  | Size = 1409024 bytes | Modified Date = 4/02/2004 11:43:00 PM | Attr =    ]
Drag'n Drop CD+DVD -> %ProgramFiles%\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe [C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp] ->  [Ver = 3, 0, 0, 0 | Size = 1175552 bytes | Modified Date = 9/08/2003 12:54:54 PM | Attr =    ]
ezShieldProtector for Px -> %SystemRoot%\system32\ezSP_Px.exe [C:\WINDOWS\System32\ezSP_Px.exe] -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 21/08/2002 4:29:26 AM | Attr =    ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.6.2.9 | Size = 267048 bytes | Modified Date = 30/03/2008 10:36:40 AM | Attr =    ]
LtMoh -> %ProgramFiles%\ltmoh\ltmoh.exe [C:\Program Files\ltmoh\Ltmoh.exe] -> Agere Systems [Ver = 1.69 | Size = 172032 bytes | Modified Date = 2/01/2003 5:16:38 PM | Attr =    ]
NDSTray.exe -> NDSTray.exe [NDSTray.exe] -> File not found
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.4562 | Size = 4861952 bytes | Modified Date = 24/09/2003 7:00:00 PM | Attr = R  ]
nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /installquiet] -> NVIDIA Corporation [Ver = 6.14.10.4562 | Size = 323584 bytes | Modified Date = 24/09/2003 7:00:00 PM | Attr = R  ]
PRONoMgr.exe -> %ProgramFiles%\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe [C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe] -> Intel(R) Corporation [Ver = 6.1.304.0 | Size = 86016 bytes | Modified Date = 10/12/2003 1:36:16 AM | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.5 | Size = 413696 bytes | Modified Date = 28/03/2008 11:37:20 PM | Attr =    ]
SigmaTel StacMon -> %ProgramFiles%\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe [C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe] -> SigmaTel Inc. [Ver = 1, 0, 0, 3 | Size = 86073 bytes | Modified Date = 3/08/2003 5:01:14 PM | Attr =    ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_04\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 144784 bytes | Modified Date = 14/12/2007 3:42:38 AM | Attr =    ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 614400 bytes | Modified Date = 30/05/2003 8:23:14 PM | Attr =    ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe [C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] -> Synaptics, Inc. [Ver = 7.5.11 30May03 | Size = 110592 bytes | Modified Date = 30/05/2003 8:25:02 PM | Attr =    ]
TFncKy -> TFncKy.exe [TFncKy.exe] -> File not found
TFNF5 -> %SystemRoot%\system32\TFNF5.exe [TFNF5.exe] -> TOSHIBA Corp. [Ver = 2, 2, 0, 0 | Size = 73728 bytes | Modified Date = 18/07/2003 6:41:26 PM | Attr =    ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.3292 | Size = 180269 bytes | Modified Date = 27/03/2008 6:53:51 PM | Attr =    ]
TouchED -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe [C:\Program Files\TOSHIBA\TouchED\TouchED.Exe] -> TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 126976 bytes | Modified Date = 22/01/2003 11:00:06 AM | Attr =    ]
TPSMain -> %SystemRoot%\system32\TPSMain.exe [TPSMain.exe] -> TOSHIBA Corporation [Ver = 1, 0, 1, 1 | Size = 278528 bytes | Modified Date = 26/09/2003 3:19:40 AM | Attr =    ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
BitTorrent DNA -> %ProgramFiles%\DNA\btdna.exe ["C:\Program Files\DNA\btdna.exe"] -> BitTorrent, Inc. [Ver = 2.0.1.9795 | Size = 289088 bytes | Modified Date = 21/05/2008 11:40:18 PM | Attr =    ]
TOSCDSPD -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe [C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe] -> TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 5/09/2003 8:24:46 PM | Attr =    ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Tyger Startup Folder > -> C:\Documents and Settings\Tyger\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
Sebring -> %SystemRoot%\system32\LgNotify.dll -> Intel Corporation [Ver = 4, 1, 0, 0 | Size = 110592 bytes | Modified Date = 16/12/2003 7:32:26 AM | Attr =    ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 3/08/2004 9:59:54 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomMATSHITA_UJDA750_DVD/CDRW_______________1.51____\5&1a26c68d&0&0.0.0 [IDE\CdRomMATSHITA_UJDA750_DVD/CDRW_______________1.51____\5&1a26c68d&0&0.0.0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 30/09/2003 5:11:58 AM | Attr =    ]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 10:08:42 PM | Attr =    ]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 147 | Size = 1372160 bytes | Modified Date = 6/02/2008 5:37:52 PM | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_04\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 509328 bytes | Modified Date = 14/12/2007 3:42:36 AM | Attr =    ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] ->  [Sun Java Console] -> File not found
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype] -> Skype Technologies S.A. [Ver = 2, 2, 0, 147 | Size = 1372160 bytes | Modified Date = 6/02/2008 5:37:52 PM | Attr =    ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] ->  [Web Browser Applet Control] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{04EB628E-B10B-494E-AD30-5CE09AD23EC3} ->    (Intel(R) PRO/100 VE Network Connection) -> 
{4EAF86E4-62F3-40EC-A21C-5C610DD5B3B7} ->    (Intel EtherExpress PRO/100 Mobile CardBus 32) -> 
{94C4FAFB-0243-40FB-84AE-FE577A360C2E} ->    (1394 Net Adapter) -> 
{B123F362-E615-4377-9337-98378C3A8946} ->    (1394 Net Adapter) -> 
{C024FC6C-B165-4ADB-BEFA-698ACC5722E5} ->    (Intel(R) PRO/Wireless 2100 LAN 3B Mini PCI Adapter) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 28, 2 | Size = 1934672 bytes | Modified Date = 6/02/2008 5:37:52 PM | Attr = R  ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[CKAVWebScan Object] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab[Java Plug-in 1.6.0_04] -> 
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> 
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab[Java Plug-in 1.6.0_04] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab[Java Plug-in 1.6.0_04] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  -> 



[Files/Folders - Created Within 30 days]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 25/05/2008 9:41:17 AM | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 535810048 bytes | Created Date = 22/05/2008 11:33:20 PM | Attr =  HS]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys ->  [Ver =  | Size = 15864 bytes | Created Date = 27/05/2008 2:56:40 AM | Attr =    ]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys ->  [Ver =  | Size = 27048 bytes | Created Date = 27/05/2008 2:56:40 AM | Attr =    ]
Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab ->  [Folder | Created Date = 26/05/2008 12:22:11 PM | Attr =    ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 25/05/2008 9:41:48 AM | Attr =    ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 4/05/2008 2:11:05 AM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 4/05/2008 2:11:05 AM | Attr =  H ]

[Files/Folders - Modified Within 30 days]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 25/05/2008 9:41:17 AM | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 535810048 bytes | Modified Date = 27/05/2008 4:47:53 PM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 27/05/2008 2:56:18 AM | Attr = R  ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 26/05/2008 4:07:09 PM | Attr =    ]
aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 26944 bytes | Modified Date = 16/05/2008 9:13:26 AM | Attr =    ]
aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 20560 bytes | Modified Date = 16/05/2008 9:16:06 AM | Attr =    ]
aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 94416 bytes | Modified Date = 16/05/2008 9:18:33 AM | Attr =    ]
aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 23152 bytes | Modified Date = 16/05/2008 9:15:29 AM | Attr =    ]
aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 78416 bytes | Modified Date = 16/05/2008 9:20:32 AM | Attr =    ]
aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 42912 bytes | Modified Date = 16/05/2008 9:14:11 AM | Attr =    ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys ->  [Ver =  | Size = 15864 bytes | Modified Date = 5/05/2008 8:46:32 PM | Attr =    ]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys ->  [Ver =  | Size = 27048 bytes | Modified Date = 5/05/2008 8:46:36 PM | Attr =    ]
aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 1152888 bytes | Modified Date = 16/05/2008 9:24:43 AM | Attr =    ]
AVASTSS.scr -> %SystemRoot%\System32\AVASTSS.scr -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 95608 bytes | Modified Date = 16/05/2008 9:12:36 AM | Attr =    ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 26/05/2008 4:04:43 PM | Attr =    ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT ->  [Ver =  | Size = 2626 bytes | Modified Date = 17/05/2008 4:59:40 AM | Attr =    ]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 15/05/2008 9:48:48 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 27/05/2008 2:56:40 AM | Attr =    ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 195368 bytes | Modified Date = 1/05/2008 10:10:14 PM | Attr =    ]
Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab ->  [Folder | Modified Date = 26/05/2008 12:22:11 PM | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 9/05/2008 3:21:32 PM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 14/05/2008 11:27:44 PM | Attr =  H ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 27/05/2008 4:48:21 PM | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 26/05/2008 12:22:17 PM | Attr =   S]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 25/05/2008 9:41:48 AM | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 26/05/2008 12:22:11 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 15/05/2008 9:52:33 PM | Attr =  HS]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 28/05/2008 9:36:09 AM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 4/05/2008 2:11:05 AM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 27/05/2008 3:14:52 PM | Attr =  H ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 26/05/2008 12:22:11 PM | Attr =    ]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 28/05/2008 9:13:13 AM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 27/05/2008 4:54:53 PM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 28/03/2008 12:37:34 AM | Attr =    ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 7858 bytes | Modified Date = 27/05/2008 5:00:33 PM | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 7858 bytes | Modified Date = 27/05/2008 5:00:33 PM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 27/03/2008 6:26:09 PM | Attr =    ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 27/03/2008 6:26:09 PM | Attr =    ]
C:\Documents and Settings\Tyger\Local Settings\Temp\ -> C:\Documents and Settings\Tyger\Local Settings\Temp ->  [Folder | Modified Date = 28/05/2008 9:34:29 AM | Attr =    ]
Perflib_Perfdata_400.dat -> C:\Documents and Settings\Tyger\Local Settings\Temp\Perflib_Perfdata_400.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 27/05/2008 4:56:50 PM | Attr =    ]
7 C:\Documents and Settings\Tyger\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Tyger\Local Settings\Temp\*.tmp -> 
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 28/05/2008 9:13:13 AM | Attr =    ]
Perflib_Perfdata_140.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_140.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 27/05/2008 3:14:11 PM | Attr =    ]
Perflib_Perfdata_16c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_16c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 27/05/2008 12:48:36 AM | Attr =    ]
Perflib_Perfdata_170.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_170.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 26/05/2008 2:12:55 AM | Attr =    ]
Perflib_Perfdata_188.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_188.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 26/05/2008 4:07:06 PM | Attr =    ]
Perflib_Perfdata_3d0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_3d0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 27/05/2008 4:54:21 PM | Attr =    ]

< End of report >
aesthete9928
Regular Member
 
Posts: 21
Joined: May 22nd, 2008, 9:41 am

Re: HiJack Log List

Unread postby Shaba » May 28th, 2008, 9:50 am

Hi

Nothing bad there.

Has avast! still reported about same issue?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: HiJack Log List

Unread postby aesthete9928 » May 28th, 2008, 10:41 am

hey.
when i restarted my computer, before entering windows, the chkdisk thingy ran and it fixed up the errors.
however, avast stills pick up the virus problem.
currently, i've only used it for like 10 mins but it seems fine. slightly slow but a lot better.
i guess i can live with the state my laptop is in now.
just one last question. is my computer now safe to do things that require a lot of privacy such as banking?

once again, thanxs!
aesthete9928
Regular Member
 
Posts: 21
Joined: May 22nd, 2008, 9:41 am

Re: HiJack Log List

Unread postby Shaba » May 28th, 2008, 10:44 am

Hi

Well if avast! still picks up that same thing, you are not clean and we need further research.

Can you post avast! resident log here next?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: HiJack Log List

Unread postby aesthete9928 » May 28th, 2008, 10:53 am

alrite.
this is the list

28/03/2008 4:27:30 PM Tyger 1656 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
28/03/2008 5:06:02 PM Tyger 1656 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
28/03/2008 5:06:13 PM SYSTEM 1972 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
28/03/2008 5:06:14 PM SYSTEM 1972 An error has occured while attempting to update. Please check the logs.
28/03/2008 5:21:13 PM Tyger 2532 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
28/03/2008 6:38:33 PM Tyger 136 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
28/03/2008 6:39:34 PM Tyger 2532 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
28/03/2008 6:42:00 PM Tyger 2532 Function setifaceUpdatePackages() has failed. Return code is 0x2000001A, dwRes is 2000001A.
28/03/2008 6:43:51 PM Tyger 3100 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
28/03/2008 6:43:58 PM SYSTEM 1972 Sign of "Win32:Dialer-FU [Trj]" has been found in "C:\DOCUME~1\Tyger\LOCALS~1\Temp\gos14.tmp" file.
28/03/2008 6:45:51 PM Tyger 2532 Function setifaceUpdatePackages() has failed. Return code is 0x2000001C, dwRes is 2000001C.
3/04/2008 5:50:19 PM Tyger 356 Sign of "Win32:Delf-IWT [Trj]" has been found in "C:\DOCUME~1\Tyger\LOCALS~1\Temp\Rar$EX03.517\Keygen for all\Keygen.exe" file.
3/04/2008 5:52:55 PM Tyger 356 Sign of "Win32:Delf-IWT [Trj]" has been found in "C:\DOCUME~1\Tyger\LOCALS~1\Temp\Rar$EX19.013\Keygen for all\Keygen.exe" file.
3/04/2008 5:53:12 PM Tyger 356 Sign of "Win32:Delf-IWT [Trj]" has been found in "C:\DOCUME~1\Tyger\LOCALS~1\Temp\Rar$EX20.048\Keygen for all\Keygen.exe" file.
3/04/2008 5:54:52 PM Tyger 356 Sign of "Win32:Delf-IWT [Trj]" has been found in "C:\DOCUME~1\Tyger\LOCALS~1\Temp\Rar$EX03.113\Keygen for all\Keygen.exe" file.
9/04/2008 4:25:52 PM SYSTEM 328 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
9/04/2008 4:25:53 PM SYSTEM 328 An error has occured while attempting to update. Please check the logs.
14/04/2008 3:10:51 PM SYSTEM 320 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
14/04/2008 3:10:51 PM SYSTEM 320 An error has occured while attempting to update. Please check the logs.
15/04/2008 3:14:00 PM SYSTEM 320 Sign of "Win32:VB-IE [Wrm]" has been found in "C:\Documents and Settings\Tyger\My Documents\LimeWire\Saved\DeskPDF Professional 2.55.zip\Setup.exe" file.
15/04/2008 3:23:40 PM SYSTEM 320 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\DOCUME~1\Tyger\LOCALS~1\Temp\874ETOUO.dll" file.
21/04/2008 12:15:37 PM È‘|H°:¤àõ 332 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.
21/04/2008 12:15:37 PM È‘|H°:¤àõ 332 An error has occured while attempting to update. Please check the logs.
25/04/2008 11:56:34 AM SYSTEM 356 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
25/04/2008 11:56:34 AM SYSTEM 356 An error has occured while attempting to update. Please check the logs.
1/05/2008 10:08:20 PM SYSTEM 368 Function setifaceUpdateFiles() has failed. Return code is 0x0000A410, dwRes is 20000000.
1/05/2008 10:08:20 PM SYSTEM 368 An error has occured while attempting to update. Please check the logs.
15/05/2008 9:49:15 PM SYSTEM 380 Sign of "Win32:Fotomoto [Adw]" has been found in "C:\WINDOWS\system32\nsa125.dll" file.
15/05/2008 9:49:42 PM SYSTEM 380 Sign of "Win32:Fotomoto [Adw]" has been found in "C:\WINDOWS\system32\nsa125.dll" file.
17/05/2008 4:55:27 AM SYSTEM 400 Sign of "Win32:Fotomoto [Adw]" has been found in "http://77.245.61.232/adzgalore/multi/645.exe\$INSTDIR\$[37]" file.
17/05/2008 5:29:18 AM Tyger 3472 Sign of "Win32:Fotomoto [Adw]" has been found in "C:\Documents and Settings\Tyger\Local Settings\Temp\aupd.exe\$INSTDIR\$[37]" file.
17/05/2008 11:43:50 PM Tyger 3472 Sign of "Win32:Fotomoto [Adw]" has been found in "C:\System Volume Information\_restore{47038061-0EAD-4B97-82BD-750002C08798}\RP55\A0008636.dll" file.
17/05/2008 11:44:14 PM Tyger 3472 Sign of "Win32:Fotomoto [Adw]" has been found in "C:\System Volume Information\_restore{47038061-0EAD-4B97-82BD-750002C08798}\RP56\A0008647.dll" file.
17/05/2008 11:46:10 PM Tyger 3472 Sign of "Win32:Fotomoto [Adw]" has been found in "C:\System Volume Information\_restore{47038061-0EAD-4B97-82BD-750002C08798}\RP59\A0009785.dll" file.
18/05/2008 8:18:17 PM SYSTEM 372 Function setifaceUpdateFiles() has failed. Return code is 0xC0000142, dwRes is C0000142.
18/05/2008 8:18:18 PM SYSTEM 372 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.
18/05/2008 8:18:18 PM SYSTEM 372 An error has occured while attempting to update. Please check the logs.
18/05/2008 8:40:29 PM SYSTEM 368 Sign of "Win32:Fotomoto [Adw]" has been found in "http://77.245.61.232/adzgalore/multi/194.exe\$INSTDIR\$[37]" file.
22/05/2008 7:22:54 PM SYSTEM 320 Function setifaceUpdatePackages() has failed. Return code is 0x20000011, dwRes is 20000011.
23/05/2008 11:44:35 PM SYSTEM 368 Function setifaceUpdatePackages() has failed. Return code is 0x0000A410, dwRes is 00000000.
26/05/2008 4:14:01 PM SYSTEM 392 Sign of "Win32:Fotomoto [Adw]" has been found in "http://77.245.61.232/adzgalore/multi/234.exe\$INSTDIR\$[37]" file.
26/05/2008 4:37:29 PM SYSTEM 392 Sign of "Win32:Fotomoto [Adw]" has been found in "http://77.245.61.232/adzgalore/multi/670.exe\$INSTDIR\$[37]" file.
26/05/2008 11:23:27 PM SYSTEM 392 Sign of "Win32:Fotomoto [Adw]" has been found in "http://77.245.61.232/adzgalore/multi/172.exe\$INSTDIR\$[37]" file.
27/05/2008 12:14:28 AM SYSTEM 392 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\RECYCLER\S-1-5-21-3399994540-601866352-1949384238-1006\Dc3.dll" file.
27/05/2008 1:05:05 AM SYSTEM 364 Sign of "Win32:Fotomoto [Adw]" has been found in "http://77.245.61.232/adzgalore/multi/682.exe\$INSTDIR\$[37]" file.
27/05/2008 2:22:24 AM SYSTEM 364 Sign of "Win32:Fotomoto [Adw]" has been found in "http://77.245.61.232/adzgalore/multi/282.exe\$INSTDIR\$[37]" file.
27/05/2008 2:42:51 AM SYSTEM 364 Sign of "Win32:Fotomoto [Adw]" has been found in "http://77.245.61.232/adzgalore/multi/660.exe\$INSTDIR\$[37]" file.
27/05/2008 3:34:24 PM SYSTEM 320 Sign of "Win32:Fotomoto [Adw]" has been found in "http://77.245.61.232/adzgalore/multi/322.exe\$INSTDIR\$[37]" file.
27/05/2008 5:12:33 PM SYSTEM 976 Sign of "Win32:Fotomoto [Adw]" has been found in "http://77.245.61.232/adzgalore/multi/418.exe\$INSTDIR\$[37]" file.
28/05/2008 9:33:44 AM SYSTEM 976 Sign of "Win32:Fotomoto [Adw]" has been found in "http://77.245.61.232/adzgalore/multi/34.exe\$INSTDIR\$[37]" file.
29/05/2008 12:23:30 AM SYSTEM 352 Sign of "Win32:Fotomoto [Adw]" has been found in "http://77.245.61.232/adzgalore/multi/214.exe\$INSTDIR\$[37]" file.
aesthete9928
Regular Member
 
Posts: 21
Joined: May 22nd, 2008, 9:41 am

Re: HiJack Log List

Unread postby Shaba » May 28th, 2008, 11:14 am

Hi

Download F-Secure Blacklight and save it to your desktop -> ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe

Doubleclick fsbl.exe, accept the agreement, click Scan, then click Next

You'll see a list what have been found. A log will appear to your desktop, it is named fsbl.xxxxxxx.log (xxxxxxx will be random numbers).

DON'T choose Rename if something was found!

Post the contents of fsbl.xxxx.log to here (xxxx= random numbers,blacklight log from your desktop)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: HiJack Log List

Unread postby aesthete9928 » May 28th, 2008, 12:12 pm

hiya
no luck ;(

this is the log file. i will run the prog. again before i go to sleep.

05/29/08 01:52:43 [Info]: BlackLight Engine 1.0.70 initialized
05/29/08 01:52:43 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/29/08 01:52:46 [Note]: 7019 4
05/29/08 01:52:46 [Note]: 7005 0
05/29/08 01:52:50 [Note]: 7006 0
05/29/08 01:52:50 [Note]: 7011 200
05/29/08 01:52:50 [Note]: 7035 0
05/29/08 01:52:50 [Note]: 7026 0
05/29/08 01:52:50 [Note]: 7026 0
05/29/08 01:52:57 [Note]: FSRAW library version 1.7.1024
05/29/08 02:08:27 [Note]: 7007 0
aesthete9928
Regular Member
 
Posts: 21
Joined: May 22nd, 2008, 9:41 am

Re: HiJack Log List

Unread postby Shaba » May 28th, 2008, 12:40 pm

Hi

Have you visited webair.com (DON'T visit that site)?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 482 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware