Hello. I was able to temporarily arrest this virus by getting to system restore thru msconfig. The desktop was flashing very bright blue and warnings of registry changes and warnings of infection alerts were popping up one after another. I got off the internet immediately. If I didn't know to do that, it basically disallows your manuevering your computer. After that, I ran several scans but only AVG found virus. Luckily I had AVG as others did not have a clue such as Spybot, Defender, and AdAware. Even the clock was changed. Today I saw on this site all the posts, so realized that it was pretty widespread. What was rather surprising was how diligent I have been on updating and scanning, etc. and still got onto my system. Anyway, ran Deckard's and Hijack This and posted below. I really would appreciate feedback on if my system still is affected or not. Thank you for your help!Deckard's System Scanner v20071014.68[/size][size="3"]Run by 007 on 2008-06-29 14:15:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
112: 2008-06-29 21:15:38 UTC - RP414 - Deckard's System Scanner Restore Point
111: 2008-06-29 06:12:42 UTC - RP413 - Software Distribution Service 3.0
110: 2008-06-29 02:24:05 UTC - RP412 - Restore Operation
109: 2008-06-28 16:32:38 UTC - RP411 - System Checkpoint
108: 2008-06-27 09:52:40 UTC - RP410 - System Checkpoint


-- First Restore Point --
1: 2008-04-01 02:43:14 UTC - RP303 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-29 14:17:18
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Reflection\rtsserv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\TouchPad\TPTray.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\SM1bg.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Toshiba\Touch and Launch\PadExe.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Toshiba\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\agrsmmsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Toshiba\Accessibility\FnKeyHook.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\ggviewer81-19.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\007\Local Settings\Temporary Internet Files\Content.IE5\83SUFCYF\dss[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: https://update.microsoft.com (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/5/b...heckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123994580265
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182142679812
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_05) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u...ows-i586-jc.cab
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc4.cab
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Reflection TimeSync - WRQ, Inc. - C:\Program Files\Reflection\rtsserv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: YGBSPPTF - Unknown owner - C:\DOCUME~1\007\LOCALS~1\Temp\YGBSPPTF.exe
O24 - Desktop Component 0: - file:///C:/DOCUME~1/007/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 10751 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsushita Electric Industrial Co.,Ltd.; >
R1 SerTVOutCtlr (TOSHIBA Controls Driver -EPIOMngr) - c:\windows\system32\drivers\epiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>
R1 SrvcEKIOMngr - c:\windows\system32\drivers\ekiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>
R1 SrvcSSIOMngr - c:\windows\system32\drivers\ssiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R1 TPwSav (Common Driver) - c:\windows\system32\drivers\tpwsav.sys <Not Verified; TOSHIBA; >
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.6.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.6.0>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 TBiosDrv - c:\windows\system32\drivers\tbiosdrv.sys
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
R3 Tvs (Toshiba Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter>

S1 StickyMesger - c:\program files\toshiba\accessibility\stickymesger.sys (file missing)
S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
S3 tosrfec (Bluetooth ACPI from TOSHIBA) - c:\windows\system32\drivers\tosrfec.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth EC Driver>
S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsushita Electric Industrial Co., Ltd.; >
R2 Reflection TimeSync - "c:\program files\reflection\rtsserv.exe" <Not Verified; WRQ, Inc.; Reflection TimeSync>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exe

S3 YGBSPPTF - c:\docume~1\007\locals~1\temp\ygbspptf.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-29 14:03:21 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2005-08-13 12:09:55 258 -----n--- C:\WINDOWS\Tasks\Registration reminder 3.job


-- Files created between 2008-05-29 and 2008-06-29 -----------------------------

2008-06-24 20:52:13 8445952 --a------ C:\Documents and Settings\007\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2008-06-28 19:38:06 0 d-------- C:\Program Files\SpywareBlaster
2008-05-29 21:02:55 0 d-------- C:\Program Files\Real
2008-05-23 19:29:11 0 d-------- C:\Program Files\Messenger
2008-05-23 19:21:30 0 d-------- C:\Program Files\Windows NT
2008-05-23 19:21:24 0 d-------- C:\Program Files\Movie Maker
2008-05-23 19:02:46 0 d-------- C:\Program Files\Windows SteadyState
2008-05-10 11:49:05 0 d-------- C:\Program Files\Java
2008-05-08 20:02:52 0 d-------- C:\Program Files\Google
2008-05-08 20:02:52 0 d-------- C:\Documents and Settings\007\Application Data\Google
2008-05-01 19:34:02 0 d-------- C:\Program Files\AVG
2008-04-13 17:12:36 7680 --a------ C:\WINDOWS\system32\spdwnwxp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoomingHook"="ZoomingHook.exe" [04/30/2004 11:03 PM C:\WINDOWS\system32\ZoomingHook.exe]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [04/05/2005 04:25 PM]
"TPSMain"="TPSMain.exe" [12/28/2004 04:02 PM C:\WINDOWS\system32\TPSMain.exe]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [11/29/2004 09:06 PM]
"TFncKy"="TFncKy.exe" []
"TCtryIOHook"="TCtrlIOHook.exe" [05/01/2004 02:03 PM C:\WINDOWS\system32\TCtrlIOHook.exe]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [02/25/2005 03:59 PM]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [04/15/2005 04:51 PM]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [08/27/2003 02:20 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/23/2005 02:49 PM]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [03/17/2005 04:37 PM]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [09/07/2004 02:03 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/15/2004 11:27 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/01/2004 06:03 PM]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [04/20/2005 08:38 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/01/2004 05:59 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [01/14/2005 01:05 AM]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [04/28/2005 08:08 PM]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [03/23/2004 10:40 PM]
"AGRSMMSG"="AGRSMMSG.exe" [04/12/2005 04:17 PM C:\WINDOWS\agrsmmsg.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [06/03/2002 11:38 AM]
"TOSHIBA Accessibility"="C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe" [02/22/2005 01:51 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 08:20 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 04:18 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [12/30/2004 12:32 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 12:43 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [5/23/2005 1:39:00 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B9E618A2-A4FE-11D4-83C2-005004636C96}"= C:\Program Files\Metamail Inc\Metamail Reader\OESHook.dll [04/26/2005 03:26 PM 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 10/15/2004 11:27 AM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOW

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8792 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-29 14:18:25 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.86GHz
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 502.42 MiB / 130.54 MiB
Pagefile Memory (total/avail): 1226.88 MiB / 717.02 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1912.67 MiB

C: is Fixed (NTFS) - 92.97 GiB total, 23.11 GiB free.
D: is CDROM (No Media)
G: is Removable (FAT)

\\.\PHYSICALDRIVE0 - TOSHIBA MK1032GAX - 92.97 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 92.97 GiB - C:

\\.\PHYSICALDRIVE1 - LEXAR JUMPDRIVE SPORT USB Device - 117.66 MiB - 1 partition
\PARTITION0 - 16-bit FAT - 123.48 MiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\007\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TOSHIBA-USER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
GETMODEL=Satellite M55
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\007
LOGONSERVER=\\TOSHIBA-USER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\AVG\AVG8
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\007\LOCALS~1\Temp
TMP=C:\DOCUME~1\007\LOCALS~1\Temp
USERDOMAIN=TOSHIBA-USER
USERNAME=007
USERPROFILE=C:\Documents and Settings\007
VERNUM=PSM50U-02Q01K6
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

007 (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
ArcSoft PhotoBase 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}\setup.exe" -l0x9 -uninst
ArcSoft PhotoStudio 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}\setup.exe" -l0x9 -uninst
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA561482-C49D-4687-A61C-96236C1688F0}\Setup.exe" -l0x9
AT&T Connection Services Manager --> C:\WINDOWS\WNBackup\WnClient62\unwise32.exe /Z /U C:\WINDOWS\WNBackup\WnClient62\install.log "AT&T Connection Services Manager"
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Canon CanoScan Toolbox 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\setup.exe" -l0x9 anything
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
Cypress USB Mass Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
DVD-RAM Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Google Deskbar --> regsvr32 /u /s "C:\PROGRA~1\Google\GGTASK~1.DLL"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}\setup\hpzscr01.exe -datfile hposcr09.dat
HP Print Diagnostic Utility --> MsiExec.exe /I{1619669F-516F-4E60-9B6F-837EFE21307A}
HP Product Detection --> MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Manual CanoScan LiDE 50 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2C726E9-C3A0-4850-82C7-5D01FE0E4EB8}\setup.exe" -l0x9
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Excel Add-in for SQL Server Analysis Services --> MsiExec.exe /I{75E8EA7A-A2C1-4AEF-A2B9-E2F74C0C0298}
Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint 2003 Template Creation Wizard --> MsiExec.exe /I{39B1915D-3CBA-42F8-8A58-2AB5587BF863}
Microsoft Office PowerPoint 2003 Template Pack 3 --> MsiExec.exe /I{90AD0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Sounds --> MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Outlook Personal Folders Backup --> MsiExec.exe /X{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\007\Application Data\Move Networks\ie_bin\Uninst.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 AddRemoveCPRun
Notebook Maximizer --> C:\WINDOWS\iun6002.exe "C:\Program Files\Notebook Maximizer\irunin.ini"
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OmniPage SE --> MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
PasswordTools --> C:\Program Files\PasswordTools\unsetup.exe /u
Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Reflection for HP with NS/VT 9.0.3 --> MsiExec.exe /I{0E8949A1-CBBA-4AF6-B209-1C060164755E}
Roxio Burn Engine --> MsiExec.exe /X{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}
sat_screensaver_30mb --> C:\WINDOWS\sat_screensaver_30mb.scr /U
SD Secure Module --> MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F47B2DF8-35EC-4B51-B5F2-0E03EF5F51DA} /l1033
TOSHIBA Accessibility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3A57482F-BEBC-47E4-ADA1-6302403C7E50} /l1033
TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA Controls --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5BCA8D15-BCB6-421E-9654-238B43456A4F} /l1033
TOSHIBA Fn-esse --> C:\WINDOWS\UnInst32.exe Fn-esse.UNI
TOSHIBA Hardware Setup --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033
TOSHIBA Hotkey Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7900D3A6-A9E8-4954-ACCB-AB15867978BF} /l1033
TOSHIBA PC Diagnostic Tool --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA Power Saver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE} /l1033
Toshiba Registration and Metamail Trust Architecture --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE3F89C0-42D5-11D5-A40A-00105AC8331A}\Setup.exe" -l0x9
TOSHIBA SD Memory Card Format --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
TOSHIBA Software Modem --> Tosmreg -U
TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Speech System Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA Supervisor Password --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1033
Toshiba Tbiosdrv Driver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Toshiba\Toshiba Tbiosdrv Driver\Tbiosdrv.isu"
TOSHIBA Virtual Sound --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
TOSHIBA Zooming Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{02EED746-8C5A-43C8-BB3D-D29C8B363A4D} /l1033
Touch and Launch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe"
TouchPad On/Off Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{80977342-27E8-4FF7-8B6A-D8D89461DA7F} /l1033
USB Storage Adapter FX (SM1) --> SM1UN.EXE SM1FX_AT
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type23748 / Warning
Event Submitted/Written: 06/29/2008 01:58:53 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type23743 / Warning
Event Submitted/Written: 06/29/2008 01:54:12 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type23738 / Warning
Event Submitted/Written: 06/28/2008 07:24:42 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type23737 / Error
Event Submitted/Written: 06/28/2008 07:12:39 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rhcvkkj0erbr.exe, version 0.0.0.0, faulting module rhcvkkj0erbr.exe, version 0.0.0.0, fault address 0x00044019.
Processing media-specific event for [rhcvkkj0erbr.exe!ws!]

Event Record #/Type23736 / Error
Event Submitted/Written: 06/28/2008 07:09:31 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rhcvkkj0erbr.exe, version 0.0.0.0, faulting module rhcvkkj0erbr.exe, version 0.0.0.0, fault address 0x00044019.
Processing media-specific event for [rhcvkkj0erbr.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type151381 / Error
Event Submitted/Written: 06/27/2008 10:35:16 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Upload Manager service failed to start due to the following error:
%%1079

Event Record #/Type151091 / Error
Event Submitted/Written: 06/27/2008 08:06:32 AM
Event ID/Source: 2505 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{0B39D138-880D-41DC-821A-907A52A6B1D6} because another computer on the network has the same name. The server could not start.

Event Record #/Type149543 / Error
Event Submitted/Written: 06/27/2008 07:21:45 AM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 172.16.1.33 on the
Network Card with network address 0012F0C00FDF.

Event Record #/Type149542 / Warning
Event Submitted/Written: 06/27/2008 07:21:45 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0012F0C00FDF. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type149442 / Error
Event Submitted/Written: 06/23/2008 11:28:02 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Upload Manager service failed to start due to the following error:
%%1079



-- End of Deckard's System Scanner: finished at 2008-06-29 14:18:25 ------------

TREND MICRO HIJACK THIS LOG 062908

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:32:39 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Reflection\rtsserv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\ggviewer81-19.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 255.255.00
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\M