Deckard's System Scanner v20071014.68 Run by John on 2007-11-05 20:25:24 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- -- Last 5 Restore Point(s) -- 55: 2007-11-05 23:50:22 UTC - RP629 - Deckard's System Scanner Restore Point 54: 2007-11-04 19:12:34 UTC - RP628 - System Checkpoint 53: 2007-11-02 20:23:50 UTC - RP627 - System Checkpoint 52: 2007-11-01 17:34:15 UTC - RP626 - System Checkpoint 51: 2007-10-29 18:55:48 UTC - RP625 - System Checkpoint -- First Restore Point -- 1: 2007-08-08 15:46:27 UTC - RP575 - System Checkpoint Backed up registry hives. Performed disk cleanup. [color=red]Total Physical Memory: 503 MiB (512 MiB recommended).[/color] -- HijackThis (run as John.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:28:17 PM, on 05/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ACS.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\system32\ZoomingHook.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\John\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\John.exe C:\Program Files\Symantec\LiveUpdate\AUpdate.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mta.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: (no name) - {00000000-0000-4913-BD98-DFBBBFA4523F} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {54E60BBE-EE59-9E8C-275F-CDCE6A99B899} - C:\WINDOWS\system32\selh.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: TalMgr Class - {70230839-555C-4862-8D42-BB1E2352502C} - C:\WINDOWS\system32\italaswv.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {B0209EDD-286D-5CED-48E1-5377A1B20CC9} - C:\WINDOWS\system32\gvevg.dll (file missing) O2 - BHO: (no name) - {C6F09824-28C8-0E4F-E27D-5A17274B7296} - C:\WINDOWS\system32\anmvllb.dll (file missing) O2 - BHO: MSVPS System - {CFF8726A-9262-441C-8163-C6371E9EDE47} - C:\WINDOWS\advrepnok.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: The sdrmod - {16A0662E-AC21-4AD9-89E8-7495AC5ACE93} - C:\WINDOWS\sdrmod.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [LtMoh] C:\\Program Files\\ltmoh\\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ichckupd] C:\WINDOWS\system32\ichckupd.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe O21 - SSODL: hupsrv - {6AE68429-05F6-4143-9AE3-15AE2399A096} - C:\WINDOWS\hupsrv.dll O21 - SSODL: bindmod - {91CAB2E0-BB23-463C-8841-12938A805653} - C:\WINDOWS\bindmod.dll O22 - SharedTaskScheduler: biocomputing - {98ca7898-6029-41ab-8f67-ea4f5e1afc22} - C:\WINDOWS\system32\myqlejy.dll (file missing) O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 13791 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 meiudf - c:\windows\system32\drivers\meiudf.sys R1 SerTVOutCtlr (TOSHIBA Controls Driver -EPIOMngr) - c:\windows\system32\drivers\epiomngr.sys R1 SrvcEKIOMngr - c:\windows\system32\drivers\ekiomngr.sys R1 SrvcSSIOMngr - c:\windows\system32\drivers\ssiomngr.sys R1 TPwSav (Common Driver) - c:\windows\system32\drivers\tpwsav.sys R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.10) - c:\windows\system32\drivers\mdc8021x.sys R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys R3 Tvs (Toshiba Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys S1 adpNDIS - c:\windows\system32\drivers\pcitkd20.sys (file missing) S1 StickyMesger - c:\program files\toshiba\accessibility\stickymesger.sys (file missing) S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys S3 TBiosDrv - c:\windows\system32\drivers\tbiosdrv.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: 1394 Net Adapter Device ID: V1394\NIC1394\724055A423F56 Manufacturer: Microsoft Name: 1394 Net Adapter PNP Device ID: V1394\NIC1394\724055A423F56 Service: NIC1394 -- Scheduled Tasks ------------------------------------------------------------- 2007-11-02 19:00:00 546 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - John.job 2007-10-22 10:02:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-10-05 and 2007-11-05 ----------------------------- 2007-11-05 20:27:38 0 d-------- C:\Program Files\Trend Micro 2007-11-03 11:37:08 112640 --a------ C:\WINDOWS\wtopmod.exe 2007-11-03 11:37:08 79872 --a------ C:\WINDOWS\sdrmod.dll 2007-11-03 11:37:08 275968 --a------ C:\WINDOWS\hupsrv.dll 2007-11-03 11:37:08 288256 --a------ C:\WINDOWS\bindmod.dll 2007-11-03 11:37:08 286720 --a------ C:\WINDOWS\advrepnok.dll 2007-11-02 21:51:48 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-10-18 10:17:36 0 d-------- C:\Documents and Settings\John\Application Data\U3 2007-10-09 10:09:04 0 d-------- C:\Program Files\iTunes 2007-10-09 10:06:21 0 d-------- C:\Program Files\QuickTime 2007-10-09 10:04:17 0 d-------- C:\Program Files\Apple Software Update 2007-10-09 10:03:25 0 d-------- C:\Program Files\Common Files\Apple 2007-10-09 10:03:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple -- Find3M Report --------------------------------------------------------------- 2007-11-05 20:27:28 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-11-02 15:06:35 0 d-------- C:\Program Files\Norton Internet Security 2007-10-09 10:09:22 0 d-------- C:\Program Files\iPod 2007-10-09 10:03:25 0 d-------- C:\Program Files\Common Files 2007-10-03 17:03:26 0 d-------- C:\Program Files\Symantec 2007-09-13 15:08:00 0 d-------- C:\Program Files\Common Files\Motive 2007-09-10 08:51:10 80374 --a------ C:\WINDOWS\HPHins08.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-0000-4913-BD98-DFBBBFA4523F}] C:\Program Files\ProSiteFinder\ProSiteFinder.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54E60BBE-EE59-9E8C-275F-CDCE6A99B899}] C:\WINDOWS\system32\selh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70230839-555C-4862-8D42-BB1E2352502C}] C:\WINDOWS\system32\italaswv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0209EDD-286D-5CED-48E1-5377A1B20CC9}] C:\WINDOWS\system32\gvevg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6F09824-28C8-0E4F-E27D-5A17274B7296}] C:\WINDOWS\system32\anmvllb.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFF8726A-9262-441C-8163-C6371E9EDE47}] 03/11/2007 09:54 AM 286720 --a------ C:\WINDOWS\advrepnok.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [01/12/2004 01:10 AM] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/11/2004 09:03 PM] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/11/2004 08:59 PM] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [30/10/2003 04:46 AM] "TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [30/11/2004 01:06 AM] "@"="" [] "CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [22/01/2005 01:48 AM] "NDSTray.exe"="NDSTray.exe" [] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [14/01/2005 05:05 AM] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [07/09/2004 06:03 PM] "ZoomingHook"="ZoomingHook.exe" [14/07/2004 08:07 PM C:\WINDOWS\system32\ZoomingHook.exe] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [15/09/2004 07:03 PM] "HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [23/12/2004 10:07 PM] "TOSHIBA Accessibility"="C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe" [08/12/2004 01:24 AM] "Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [12/11/2004 09:57 PM] "SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [25/02/2005 07:59 PM] "TPSMain"="TPSMain.exe" [28/12/2004 08:02 PM C:\WINDOWS\system32\TPSMain.exe] "TCtryIOHook"="TCtrlIOHook.exe" [16/02/2005 06:43 PM C:\WINDOWS\system32\TCtrlIOHook.exe] "TFncKy"="TFncKy.exe" [] "LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe" [06/12/2004 10:53 AM] "AGRSMMSG"="AGRSMMSG.exe" [06/12/2004 10:53 AM C:\WINDOWS\agrsmmsg.exe] "CFSServ.exe"="CFSServ.exe" [] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [22/01/2007 10:19 PM] "BearShare"="C:\Program Files\BearShare\BearShare.exe" [] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [30/10/2006 04:35 PM] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12/03/2007 06:30 PM] "HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [01/06/2005 12:35 PM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 05:24 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 01:42 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [30/12/2004 04:32 AM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:00 AM] "ichckupd"="C:\WINDOWS\system32\ichckupd.exe" [] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [30/10/2006 04:35 PM] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 12:24 PM] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54 PM] C:\Documents and Settings\John\Start Menu\Programs\Startup\ Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [12/06/2004 1:57:52 AM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/05/2005 11:23:26 PM] HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [12/05/2005 12:49:24 AM] RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [12/03/2005 11:38:33 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{98ca7898-6029-41ab-8f67-ea4f5e1afc22}"= C:\WINDOWS\system32\myqlejy.dll [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "hupsrv"= {6AE68429-05F6-4143-9AE3-15AE2399A096} - C:\WINDOWS\hupsrv.dll [03/11/2007 09:54 AM 275968] "bindmod"= {91CAB2E0-BB23-463C-8841-12938A805653} - C:\WINDOWS\bindmod.dll [03/11/2007 09:54 AM 288256] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk] path=C:\Documents and Settings\John\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eprc] "C:\Program Files\twen\coea.exe" -vt ndrv [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lWtEo2] C:\WINDOWS\uyfgh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\onmjuw] C:\WINDOWS\system32\ckukrfj.exe r [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yuhizx] C:\Program Files\Nvwu\Zjpyo.exe *Newly Created Service* - COMHOST -- End of Deckard's System Scanner: finished at 2007-11-05 20:30:01 ------------