last week i accidentally downloaded a nasty virus, the bulk of which has been removed, but all that is left is that clicking on search results in google yields ad sites, usually one of easycliqhotels, monstermarketplace, or thefreedictionary.com. also, since the virus, certain pages no longer load properly, most notably facebook.
anyway, the original virus had something to do with antispyspider, and some of the most malicious files were spools.exe, kevir, and many more which were deleted, and the most difficult to remove was wlctrl32.dll. originally, both the task manager and registry editing were disabled, so that all was difficult to overcome.
i have seen several people report similar problems to this on this site in the resolved hjt threads subsection, and i noticed everyone had spoolsv.exe running. my first question is, is this a malware file? i assumed it was related to spools.exe and deleted it. my computer runs fine, except for not loading facebook properly, but i suspect that has more to do with me deleting all my temporary files instead, most notably all the java files. if it indeed is a useful file, how can i restore it?
by the way, running CleanUp gave me a message that the redirect cache was succesfully removed, but the problem persists, particularly with the first two or three search results. also, running an online panda antivirus scan crashed my internet explorer each time.
here is a hjt log:
if anyone has a solution, i much oblige
****************************************************
Deckard's System Scanner v20071014.68
Run by Don Vito on 2008-05-02 22:18:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
16: 2008-05-02 20:18:07 UTC - RP16 - Deckard's System Scanner Restore Point
15: 2008-05-02 07:51:07 UTC - RP15 - Software Distribution Service 3.0
14: 2008-05-01 07:00:06 UTC - RP14 - Installed Java 2 Runtime Environment, SE v1.4.2_17
13: 2008-04-30 23:17:15 UTC - RP13 - Software Distribution Service 3.0
12: 2008-04-30 23:15:29 UTC - RP12 - Ad-Aware Restore Point 2008-05-01 01:15:23
-- First Restore Point --
1: 2008-04-27 10:19:52 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Don Vito.exe) --------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:14 PM, on 02/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Don Vito\Local Settings\Temporary Internet Files\Content.IE5\B53GFF03\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Don Vito.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.shoptoshiba.ca/welcome
O2 - BHO: (no name) - {7e853d72-626a-48ec-a868-ba8d5e23e045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [zoominghook] ZoomingHook.exe
O4 - HKLM\..\Run: [tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [tpsmain] TPSMain.exe
O4 - HKLM\..\Run: [tpnf] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [tfncky] TFncKy.exe
O4 - HKLM\..\Run: [tctryiohook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [symantec netdriver monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [svpwutil] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [smoothview] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [pointer] point32.exe
O4 - HKLM\..\Run: [padtouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ndstray.exe] NDSTray.exe
O4 - HKLM\..\Run: [lvcomsx] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [logitechvideotray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [logitechvideorepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [hwsetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [cfsserv.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ceekey] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ccapp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [atipta] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [agrsmmsg] AGRSMMSG.exe
O4 - HKLM\..\Run: [ageia physx systray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [toscdspd] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [logitechsoftwareupdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BetOnBet Poker - {2B936D2B-EDD7-405f-9057-3685BE897E62} - C:\Program Files\betonbetMPP\MPPoker.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O20 - Winlogon Notify: belsnqdkfel - C:\WINDOWS\SYSTEM32\belsnqdkfel.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
--
End of file - 10038 bytes
-- File Associations -----------------------------------------------------------
.scr - scrfile - shell\open\command - "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 bbbuokhd - c:\windows\system32\drivers\geqnweit.dat
R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsushita Electric Industrial Co.,Ltd.; >
R1 SrvcSSIOMngr - c:\windows\system32\drivers\ssiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>
R1 TPwSav (Common Driver) - c:\windows\system32\drivers\tpwsav.sys <Not Verified; TOSHIBA; >
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 Tvs (Toshiba Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter>
S3 catchme - c:\docume~1\donvit~1\locals~1\temp\catchme.sys (file missing)
S3 TBiosDrv - c:\windows\system32\drivers\tbiosdrv.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsushita Electric Industrial Co., Ltd.; >
S2 Spooler (Print Spooler) - c:\windows\system32\spoolsv.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-05-02 20:19:03 536 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Don Vito.job
-- Files created between 2008-04-02 and 2008-05-02 -----------------------------
2008-05-02 22:08:39 0 d-------- C:\Program Files\Panda Security
2008-05-02 22:08:38 0 d-------- C:\WINDOWS\LastGood
2008-05-02 22:02:18 0 d-------- C:\Program Files\Trend Micro
2008-05-01 10:39:54 0 d-------- C:\Program Files\Universal
2008-05-01 01:17:34 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-01 00:54:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-01 00:53:53 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 21:21:12 0 d-------- C:\WINDOWS\ERUNT
2008-04-29 22:20:10 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-29 22:20:02 0 d-------- C:\Program Files\Windows Live
2008-04-29 22:19:50 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-29 22:04:59 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-29 22:04:59 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-29 22:04:59 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-29 22:04:59 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-29 22:04:59 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-29 22:04:59 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-29 22:04:59 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-29 22:04:59 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-29 22:04:59 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-29 22:04:59 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-29 22:04:59 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-29 22:04:59 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-29 22:04:59 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-29 22:04:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2008-04-29 22:04:59 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-29 22:04:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-04-29 22:04:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-29 22:04:58 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-26 17:19:49 0 d-------- C:\Documents and Settings\Don Vito\Application Data\Uniblue
2008-04-26 17:19:40 0 d-------- C:\Program Files\Uniblue
2008-04-26 15:17:05 0 d-------- C:\Documents and Settings\Don Vito\Application Data\Malwarebytes
2008-04-26 15:16:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-26 15:16:09 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-26 11:34:33 32768 -----n--- C:\WINDOWS\system32\sockots64.dll
2008-04-26 11:12:00 0 d-------- C:\WINDOWS\pss
2008-04-26 08:10:04 0 d-------- C:\WINDOWS\RG9uIFZpdG8
2008-04-26 08:09:27 0 d-------- C:\WINDOWS\system32\le2
2008-04-26 08:09:27 0 d-------- C:\WINDOWS\system32\IBn
2008-04-26 08:08:44 0 d-------- C:\WINDOWS\system32\xcsDd06
2008-04-26 08
55 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-04-26 08
32 18688 --a------ C:\WINDOWS\system32\drivers\geqnweit.dat
2008-04-26 08
22 5120 --a------ C:\WINDOWS\system32\drivers\borcsgve.dat
2008-04-04 19:23:33 0 d-------- C:\Documents and Settings\Don Vito\.jmf
2008-04-04 19:23:30 0 d-------- C:\Documents and Settings\Don Vito\Mercury
-- Find3M Report ---------------------------------------------------------------
2008-05-02 20:26:38 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-02 20:26:02 0 d-------- C:\Program Files\Common Files
2008-05-02 11:10:45 0 d-------- C:\Program Files\PokerStars
2008-05-01 09:01:22 0 d-------- C:\Program Files\Java
2008-05-01 00:54:50 0 d-------- C:\Program Files\Lavasoft
2008-05-01 00:54:49 0 d-------- C:\Documents and Settings\Don Vito\Application Data\Lavasoft
2008-04-26 16:33:53 93184 --a------ C:\WINDOWS\system32\belsnqdkfel.dll
2008-04-25 18
05 0 d-------- C:\Documents and Settings\Don Vito\Application Data\BitTorrent
2008-04-14 23:45:52 0 d-------- C:\Documents and Settings\Don Vito\Application Data\ZoomBrowser EX
2008-04-06 20:34:56 0 d-------- C:\Documents and Settings\Don Vito\Application Data\foobar2000
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zoominghook"="ZoomingHook.exe" [06/06/2005 06:58 PM C:\WINDOWS\system32\ZoomingHook.exe]
"tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [06/04/2005 01:25 AM]
"tpsmain"="TPSMain.exe" [01/06/2005 02:16 AM C:\WINDOWS\system32\TPSMain.exe]
"tpnf"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [26/08/2005 04:11 AM]
"tfncky"="TFncKy.exe" []
"tctryiohook"="TCtrlIOHook.exe" [22/08/2005 11:49 PM C:\WINDOWS\system32\TCtrlIOHook.exe]
"symantec netdriver monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [18/03/2006 06:19 PM]
"svpwutil"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [01/05/2004 10:45 PM]
"smoothview"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [27/04/2005 01:13 AM]
"pointer"="point32.exe" []
"padtouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [15/07/2005 07:52 PM]
"ndstray.exe"="NDSTray.exe" []
"lvcomsx"="C:\WINDOWS\system32\LVCOMSX.EXE" [20/07/2005 12:32 AM]
"logitechvideotray"="C:\Program Files\Logitech\Video\LogiTray.exe" [08/06/2005 10:14 PM]
"logitechvideorepair"="C:\Program Files\Logitech\Video\ISStart.exe" [08/06/2005 10:24 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [19/07/2005 05:09 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [19/07/2005 05:10 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [19/07/2005 05:06 AM]
"hwsetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [01/05/2004 10:45 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [31/05/2005 02:33 PM]
"cfsserv.exe"="CFSServ.exe" []
"ceekey"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [26/08/2005 03:49 AM]
"ccapp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [23/03/2005 10:34 PM]
"atipta"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [06/08/2005 06:05 AM]
"apoint"="C:\Program Files\Apoint2K\Apoint.exe" [23/03/2004 04:40 PM]
"agrsmmsg"="AGRSMMSG.exe" [21/12/2004 07:10 PM C:\WINDOWS\agrsmmsg.exe]
"ageia physx systray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [20/03/2006 09:43 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"toscdspd"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [30/12/2004 09:32 AM]
"logitechsoftwareupdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [08/06/2005 09:44 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 02:00 PM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot
C:\Documents and Settings\Don Vito\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [12/06/2004 6:57:52 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [01/09/2005 1:52:49 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\belsnqdkfel]
belsnqdkfel.dll 26/04/2008 04:33 PM 93184 C:\WINDOWS\system32\belsnqdkfel.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mta28.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"windows log"=2 (0x2)
-- End of Deckard's System Scanner: finished at 2008-05-02 22:20:22 ------------