I was running my avast antivirus and it detected this trojan: Win 32: agent UEI [Trj]. I noticed my internet loading really slowly and websites that usually load in couple of seconds taking up to 30 seconds or more. Sometimes it doesn't even load and gets the error of "page cannot be loaded." Here is my hijack log.
Deckard's System Scanner v20071014.68
Run by Elena on 2008-05-06 21:23:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Total Physical Memory: 447 MiB (512 MiB recommended).
-- HijackThis (run as Elena.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:22 PM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hide IP Platinum\hideippla.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Documents and Settings\Elena\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Elena.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.ucdavis.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://osalerts.zonelabs.com/osanalyze.jsp?Product=ZoneAlarm+Security+Suite&ProductVersion=6.5.722.000&HU100=ZLN41446496038560-1038&CL=en&LICFLAG=1&OEM=1038&SKU=5&Mode=1000&Product=ZoneAlarm+Security+Suite&DTST=&QSRC=1&PU=1&OS=Windows+XP-5.1.2600-Service+Pack+2-SP&LANG=1033&PN=WMI&VER=5.1.2600.2180+(xpsp_sp2_rtm.040803-2158)&FN=wmiprvse.exe&Created=31042800&Size=218112&MD5=075ea6c849ab0fe416a3d6dd65c3cf41&SKIMP=16c5c6fc876812c8f845be031ed7420f&CT=3008&EV=7&SUB=26&SEV=3&ARG1=BITS
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.98.238.8:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Touch and Launch.lnk = ?
O4 - Global Startup: Virtual Sound.lnk = C:\Program Files\TOSHIBA\Tvs\TvsProp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 8649 bytes
-- Files created between 2008-04-06 and 2008-05-06 -----------------------------
2008-05-06 20:50:11 0 d-------- C:\ie-spyad_zo
2008-04-30 00:39:43 0 dr-h----- C:\Documents and Settings\Elena\Recent
2008-04-26 21:25:13 3658 --a------ C:\WINDOWS\system32\EPPICResdb0000
2008-04-26 21:25:13 115 --a------ C:\WINDOWS\system32\EPPICResdb
2008-04-26 21:24:34 0 d-------- C:\TouchPad.temp
2008-04-11 19:15:55 0 d-------- C:\Program Files\AIM6
2008-04-11 17:38:42 0 d-------- C:\Documents and Settings\Elena\Application Data\ESET
2008-04-11 12:33:04 0 d-------- C:\WINDOWS\pss
2008-04-11 11:53:52 0 d--h----- C:\Documents and Settings\Administrator.ELE\Local Settings
2008-04-11 11:53:52 0 dr------- C:\Documents and Settings\Administrator.ELE\Favorites
2008-04-11 11:53:52 0 d-------- C:\Documents and Settings\Administrator.ELE\Desktop
2008-04-11 11:53:52 0 d--hs---- C:\Documents and Settings\Administrator.ELE\Cookies
2008-04-11 11:53:52 0 dr-h----- C:\Documents and Settings\Administrator.ELE\Application Data
2008-04-11 11:53:52 0 d-------- C:\Documents and Settings\Administrator.ELE\Application Data\You've Got Pictures Screensaver
2008-04-11 11:53:52 0 d-------- C:\Documents and Settings\Administrator.ELE\Application Data\toshiba
2008-04-11 11:53:52 0 d---s---- C:\Documents and Settings\Administrator.ELE\Application Data\Microsoft
2008-04-11 11:53:52 0 d-------- C:\Documents and Settings\Administrator.ELE\Application Data\Intuit
2008-04-11 11:53:52 0 d-------- C:\Documents and Settings\Administrator.ELE\Application Data\InterVideo
2008-04-11 11:53:52 0 d-------- C:\Documents and Settings\Administrator.ELE\Application Data\InterTrust
2008-04-11 11:53:52 0 d-------- C:\Documents and Settings\Administrator.ELE\Application Data\Identities
2008-04-11 11:53:52 0 d-------- C:\Documents and Settings\Administrator.ELE\Application Data\AOL
2008-04-11 11:53:52 0 d-------- C:\Documents and Settings\Administrator.ELE\Application Data\Adobe
2008-04-11 11:53:51 0 d-------- C:\Documents and Settings\Administrator.ELE\WINDOWS
2008-04-11 11:53:51 0 d--h----- C:\Documents and Settings\Administrator.ELE\Templates
2008-04-11 11:53:51 0 dr------- C:\Documents and Settings\Administrator.ELE\Start Menu
2008-04-11 11:53:51 0 dr-h----- C:\Documents and Settings\Administrator.ELE\SendTo
2008-04-11 11:53:51 0 dr-h----- C:\Documents and Settings\Administrator.ELE\Recent
2008-04-11 11:53:51 0 d--h----- C:\Documents and Settings\Administrator.ELE\PrintHood
2008-04-11 11:53:51 0 d--h----- C:\Documents and Settings\Administrator.ELE\NetHood
2008-04-11 11:53:51 0 dr------- C:\Documents and Settings\Administrator.ELE\My Documents
2008-04-11 11:53:47 1835008 --ah----- C:\Documents and Settings\Administrator.ELE\NTUSER.DAT
2008-04-10 15:08:37 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-04-08 23:12:16 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-08 23:10:46 0 d-------- C:\WINDOWS\system32\ZoneLabs
-- Find3M Report ---------------------------------------------------------------
2008-05-06 20:53:17 0 d-------- C:\Program Files\SpywareBlaster
2008-05-05 21:35:40 0 d-------- C:\Program Files\TuneUp Utilities 2007
2008-04-30 22:06:46 0 d-------- C:\Documents and Settings\Elena\Application Data\uTorrent
2008-04-22 15:36:19 0 d-------- C:\Documents and Settings\Elena\Application Data\U3
2008-04-11 19:16:45 0 d-------- C:\Program Files\Common Files\AOL
2008-04-11 17:13:14 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-10 12:04:09 0 d-------- C:\Program Files\Notebook Maximizer
2008-04-08 20:20:53 0 d-------- C:\Program Files\Kaspersky Lab
2008-03-31 20:15:57 0 d-------- C:\Program Files\Hide IP Platinum
2008-03-31 20:12:37 32 --a------ C:\WINDOWS\go
2008-03-26 12:59:02 0 d-------- C:\Program Files\uTorrent
2008-03-24 20:24:10 0 d-------- C:\Program Files\Common Files
2008-03-22 19:40:09 0 d-------- C:\Program Files\Western Digital
2008-03-22 19:39:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-22 19:38:50 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-22 19:33:46 0 d-------- C:\Program Files\Western Digital Technologies
2008-03-22 18:17:02 0 d-------- C:\Documents and Settings\Elena\Application Data\.gaim
2008-03-21 22:34:58 0 d-------- C:\Program Files\Opera
2008-03-17 20:21:41 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-16 19:50:56 0 d-------- C:\Program Files\Total Video Converter
2008-03-16 17:23:27 0 d-------- C:\Program Files\Maxthon2
2008-03-16 17:16:48 0 d-------- C:\Documents and Settings\Elena\Application Data\MxBoost
2008-03-15 16:19:18 0 d-------- C:\Program Files\Common Files\GTK
2008-03-15 15:57:43 0 d-------- C:\Program Files\Trend Micro
2008-03-14 01:35:54 0 d-------- C:\Documents and Settings\Elena\Application Data\Lavasoft
2008-03-14 01:35:35 0 d-------- C:\Program Files\Lavasoft
2008-02-17 13:11:08 53248 --a------ C:\WINDOWS\system32\suppdll.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [10/14/2004 03:28 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/14/2004 03:26 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 05:00 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/01/2006 01:32 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/27/2007 06:18 PM]
"Hide IP Platinum"="C:\Program Files\Hide IP Platinum\hideippla.exe" [11/03/2007 08:34 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4600 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
C:\Program Files\ltmoh\Ltmoh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notebook Maximizer]
C:\Program Files\Notebook Maximizer\maximizer_startup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
c:\toshiba\ivp\ism\pinger.exe /run
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
TPSMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
C:\Program Files\Toshiba\Tvs\TvsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f234727f-f845-11dc-96c8-00a0d120c11e}]
AutoRun\command- E:\wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f76b1b8a-c717-11dc-9424-0011f56068bf}]
AutoRun\command- E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8104770-c964-11dc-942c-0011f56068bf}]
AutoRun\command- E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fda7c3d7-d816-11dc-b56b-0011f56068bf}]
AutoRun\command- E:\LaunchU3.exe -a
-- End of Deckard's System Scanner: finished at 2008-05-06 21:27:17 ------------