Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Razeware


  • This topic is locked This topic is locked
17 replies to this topic

#1 martyaustralia

martyaustralia

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 18 July 2006 - 06:36 AM

Hi there,

Thanks in advance for your help. My problem is as follows:

Originally infected with raze spyware. Took steps to delete this but still have very slow internet explorer when using the scroll up/down button on web pages.

I have followed all the steps closely on the preparation guide. A lot of infected files etc. were deleted however IE is still very sluggish, I guess I have not taken out all of the problems.

My Hijack this log is as follows:


Logfile of HijackThis v1.99.1
Scan saved at 9:34:12 PM, on 18/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smh.com.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\Toshiba\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [wrtfl.exe] C:\WINDOWS\System32\wrtfl.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {43331111-1111-1111-1111-611111195622} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04D4AF1A-F2D4-48FE-A04E-1CF1347221D9}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E0A5489-43E8-478F-833C-3D8BE35A81C0}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB9D67B1-75BF-48D5-8822-605BE44B7F19}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6A4B10A-207D-4F88-91DD-B3873369C685}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE345161-D025-4D06-AEB5-0C66887027DA}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0F992BD-EB3A-40F5-A6A1-B02F14D270FA}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.26
O17 - HKLM\System\CS1\Services\Tcpip\..\{04D4AF1A-F2D4-48FE-A04E-1CF1347221D9}: NameServer = 85.255.114.54,85.255.112.26
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.26
O18 - Protocol: bw+0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)


Thanks again for your time.

Anthony Martin

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:44 AM

Posted 19 July 2006 - 01:16 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download Ewido Anti-spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode and post the results of the ewido scan report along with a new hijackthis log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 martyaustralia

martyaustralia
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 20 July 2006 - 06:28 AM

Hi Sam,

Appreciate your help - thankyou.

I have followed your instructions carefully. Here are both Ewido report and HJT log.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:14:16 PM 20/07/2006

+ Scan result:



:mozilla.42:C:\Documents and Settings\Grant Martin\Application Data\Mozilla\Firefox\Profiles\y2effk59.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Grant Martin\Application Data\Mozilla\Firefox\Profiles\y2effk59.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Grant Martin\Cookies\grant martin@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Grant Martin\Cookies\grant martin@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Grant Martin\Cookies\grant martin@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Grant Martin\Cookies\grant martin@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Grant Martin\Application Data\Mozilla\Firefox\Profiles\y2effk59.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Grant Martin\Cookies\grant martin@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Grant Martin\Cookies\grant martin@e-2dj6wfkikjdjkhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Grant Martin\Cookies\grant martin@e-2dj6wjmyuiczoko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Grant Martin\Application Data\Mozilla\Firefox\Profiles\y2effk59.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
C:\Documents and Settings\Grant Martin\Cookies\grant martin@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Grant Martin\Cookies\grant martin@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).


::Report end
________________________________________________________________________-

HJT log:


Logfile of HijackThis v1.99.1
Scan saved at 9:25:58 PM, on 20/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\System32\TPSBattM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\Toshiba\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37930.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bw+0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)


Thanks for you time.


Anthony Martin

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:44 AM

Posted 20 July 2006 - 12:56 PM

I'm not seeing anything in your log that would indicate malware. Let's dig a little deeper with another more detailed tool.

Download WinPFind2.zip and unzip it to your Desktop. It will create a folder named WinPFind2. Do NOT run the program directly from the zip file.
  • Open the folder and double-click on winpfind2.exe to start the program.
  • Keep the standard settings and then in the AddOn-Options box click the checkboxes for all of them.
  • Now click the Run All Scans button on the toolbar.
  • When the scans are complete click the Export To Text button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Since the report may be quite large it will require multiple posts to show it all. Follow the markers for [Start Post #1], [Start Post #2] and [Start Post #3] to divide the report into 3 separate posts and use the Add Reply button to post the information back here.

I will review the information when it comes in.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 martyaustralia

martyaustralia
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 21 July 2006 - 04:16 AM

Hi Again Sam,

Just had one other question. When I went to reboot into normal mode after running Ewido in safe mode it asked if I wanted to close a program called 'Sample', when it didn't close it asked to end now which I did. I thought this may have been an irregularity? Maybe you could shed some light. It may be a really dumb question but not aware of any programs with this name.

Any my log for WinPfind2 is spread across the next couple of replies.

Thanks for your help.

Logfile created on: 07/21/2006 19:05
WinPFind2 by OldTimer - Version 1.0.0 Folder = C:\Documents and Settings\Grant Martin\Desktop\WinPFind2\
Microsoft Windows XP (Version = Service Pack 1)
Internet Explorer (Version - 6.0.2800.1106)


[Start Post #1]

Processes
Image Name---------------ProcessID--Thread Count--Parent ID--Base Priority--Full Path (Version Info)
00thotkey.exe------------001184-----0004----------000560-----Normal---------c:\windows\system32\00thotkey.exe (TOSHIBA Corp. [Ver = 1, 0, 0, 22 | Size = 258048 bytes | Date = 11/22/2003 08:49 | Attr = ])
1xconfig.exe-------------003084-----0006----------001140-----Normal---------c:\windows\system32\1xconfig.exe (Intel [Ver = 8, 0, 0, 161 | Size = 184320 bytes | Date = 12/16/2003 16:43 | Attr = ])
agrsmmsg.exe-------------001484-----0002----------000560-----Normal---------c:\windows\agrsmmsg.exe (Agere Systems [Ver = 2.1.28.2 2.1.28.2 04/18/2003 11:20:08 | Size = 88363 bytes | Date = 04/19/2003 05:20 | Attr = ])
cfsvcs.exe---------------002000-----0003----------000944-----Normal---------c:\program files\toshiba\configfree\cfsvcs.exe (TOSHIBA CORPORATION [Ver = 4, 50, 0, 2 | Size = 28672 bytes | Date = 12/02/2003 18:05 | Attr = ])
csrss.exe----------------000876-----0014----------000828-----Normal---------\??\c:\windows\system32\csrss.exe (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 4096 bytes | Date = 03/31/2003 22:00 | Attr = ])
ctfmon.exe---------------001548-----0001----------000560-----Normal---------c:\windows\system32\ctfmon.exe (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 13312 bytes | Date = 03/31/2003 22:00 | Attr = ])
dvdramsv.exe-------------002028-----0003----------000944-----Normal---------c:\windows\system32\dvdramsv.exe (Matsubleepa Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Date = 05/23/2003 14:38 | Attr = ])
em_exec.exe--------------001840-----0002----------001508-----Normal---------c:\program files\logitech\mouseware\system\em_exec.exe (Logitech Inc. [Ver = 9.80.019 | Size = 38912 bytes | Date = 12/18/2003 09:50 | Attr = ])
explorer.exe-------------000560-----0016----------000468-----Normal---------c:\windows\explorer.exe (Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1004032 bytes | Date = 03/31/2003 22:00 | Attr = ])
ezsp_px.exe--------------001408-----0001----------000560-----Normal---------c:\windows\system32\ezsp_px.exe (Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Date = 08/20/2002 11:29 | Attr = ])
guard.exe----------------001672-----0008----------000944-----Normal---------c:\program files\ewido anti-spyware 4.0\guard.exe (Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Date = 06/17/2006 00:38 | Attr = ])
iexplore.exe-------------002992-----0017----------000560-----Normal---------c:\program files\internet explorer\iexplore.exe (Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 91136 bytes | Date = 03/31/2003 22:00 | Attr = ])
jusched.exe--------------001176-----0001----------000560-----Normal---------c:\program files\java\j2re1.4.2_03\bin\jusched.exe ( [Ver = | Size = 32881 bytes | Date = 01/08/2004 06:30 | Attr = ])
logitechdesktopmessenger.exe001568-----0009----------000560-----Normal---------c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe (Logitech [Ver = 2.30.04 | Size = 36864 bytes | Date = 11/05/2005 05:36 | Attr = ])
lsass.exe----------------000956-----0021----------000900-----Normal---------c:\windows\system32\lsass.exe (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 11776 bytes | Date = 03/31/2003 22:00 | Attr = ])
ltmoh.exe----------------001468-----0002----------000560-----Normal---------c:\program files\ltmoh\ltmoh.exe (Agere Systems [Ver = 1.69 | Size = 172032 bytes | Date = 01/03/2003 10:16 | Attr = ])
mmtask.exe---------------001524-----0003----------000560-----Normal---------c:\program files\musicmatch\musicmatch jukebox\mmtask.exe (TODO: <Company name> [Ver = 1.0.0.1 | Size = 53248 bytes | Date = 10/01/2003 10:01 | Attr = ])
ndstray.exe--------------001400-----0003----------000560-----Normal---------c:\program files\toshiba\configfree\ndstray.exe (TOSHIBA CORPORATION [Ver = 4, 50, 0, 105 | Size = 892928 bytes | Date = 12/05/2003 16:44 | Attr = ])
point32.exe--------------001500-----0004----------000560-----Normal---------c:\program files\microsoft intellipoint\point32.exe (Microsoft Corporation [Ver = 5.00.174.0 | Size = 163840 bytes | Date = 05/16/2003 09:41 | Attr = ])
ramasst.exe--------------001600-----0002----------000560-----Normal---------c:\windows\system32\ramasst.exe (Matsubleepa Electric Industrial Co., Ltd. [Ver = 1, 0, 9, 0 | Size = 155648 bytes | Date = 03/14/2003 12:38 | Attr = ])
regsrvc.exe--------------000312-----0003----------000944-----Normal---------c:\windows\system32\regsrvc.exe (Intel Corporation [Ver = 8, 0, 0, 161 | Size = 122880 bytes | Date = 12/16/2003 16:41 | Attr = ])
s24evmon.exe-------------001304-----0005----------000944-----Normal---------c:\windows\system32\s24evmon.exe (Intel Corporation [Ver = 8, 0, 0, 161 | Size = 311363 bytes | Date = 12/16/2003 16:42 | Attr = ])
services.exe-------------000944-----0016----------000900-----Normal---------c:\windows\system32\services.exe (Microsoft Corporation [Ver = 5.1.2600.1152 (xpsp2.021217-1051) | Size = 99840 bytes | Date = 12/18/2002 12:20 | Attr = ])
smagent.exe--------------000456-----0002----------000944-----Normal---------c:\program files\analog devices\soundmax\smagent.exe (Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Date = 09/21/2002 10:50 | Attr = ])
smoothview.exe-----------001288-----0001----------000560-----Normal---------c:\program files\toshiba\toshiba zooming utility\smoothview.exe (TOSHIBA Corporation [Ver = 2, 0, 0, 13 | Size = 131072 bytes | Date = 12/04/2003 06:26 | Attr = ])
smss.exe-----------------000828-----0003----------000004-----Normal---------\systemroot\system32\smss.exe (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 45568 bytes | Date = 03/31/2003 22:00 | Attr = ])
spoolsv.exe--------------000220-----0010----------000944-----Normal---------c:\windows\system32\spoolsv.exe (Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 51200 bytes | Date = 03/31/2003 22:00 | Attr = ])
svchost.exe--------------001140-----0009----------000944-----Normal---------c:\windows\system32\svchost.exe (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
svchost.exe--------------001452-----0006----------000944-----Normal---------c:\windows\system32\svchost.exe (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
svchost.exe--------------001268-----0085----------000944-----Normal---------c:\windows\system32\svchost.exe (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
svchost.exe--------------001656-----0016----------000944-----Normal---------c:\windows\system32\svchost.exe (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
taudeff.exe--------------001460-----0002----------000560-----Normal---------c:\program files\toshiba\taudeffect\taudeff.exe (TOSHIBA [Ver = 1, 0, 2, 0 | Size = 208972 bytes | Date = 12/26/2003 10:17 | Attr = ])
tedtray.exe--------------001208-----0001----------000560-----Normal---------c:\program files\toshiba\dualpointutility\tedtray.exe (TOSHIBA [Ver = 1, 1, 0, 0 | Size = 159744 bytes | Date = 11/12/2003 14:19 | Attr = ])
tfncky.exe---------------001380-----0001----------000560-----Normal---------c:\program files\toshiba\toshiba controls\tfncky.exe (TOSHIBA Corporation [Ver = 3.01.01 | Size = 102400 bytes | Date = 08/19/2003 03:51 | Attr = ])
tfnf5.exe----------------001260-----0001----------000560-----Normal---------c:\windows\system32\tfnf5.exe (TOSHIBA Corp. [Ver = 2, 5, 0, 0 | Size = 73728 bytes | Date = 11/17/2003 20:42 | Attr = ])
tmerzctl.exe-------------001364-----0003----------000560-----Normal---------c:\program files\toshiba\tme3\tmerzctl.exe (TOSHIBA [Ver = 1, 0, 2, 14 | Size = 77824 bytes | Date = 10/07/2003 11:43 | Attr = ])
tmesbs32.exe-------------001372-----0002----------000560-----Normal---------c:\program files\toshiba\tme3\tmesbs32.exe (TOSHIBA Corporation [Ver = 2, 1, 1, 18 | Size = 86016 bytes | Date = 08/02/2003 08:56 | Attr = ])
tmesbs32.exe-------------000524-----0007----------000944-----Normal---------c:\program files\toshiba\tme3\tmesbs32.exe (TOSHIBA Corporation [Ver = 2, 1, 1, 18 | Size = 86016 bytes | Date = 08/02/2003 08:56 | Attr = ])
tmesrv31.exe-------------000800-----0017----------000944-----Normal---------c:\program files\toshiba\tme3\tmesrv31.exe (TOSHIBA [Ver = 3, 1, 44, 0 | Size = 126976 bytes | Date = 12/10/2003 14:50 | Attr = ])
toscdspd.exe-------------001540-----0001----------000560-----Normal---------c:\program files\toshiba\toscdspd\toscdspd.exe (TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Date = 09/05/2003 21:24 | Attr = ])
toshkcw.exe--------------001216-----0001----------000560-----Normal---------c:\program files\toshiba\wireless hotkey\toshkcw.exe (TOSHIBA CORPORATION [Ver = 2, 1, 0, 1 | Size = 49152 bytes | Date = 09/10/2002 09:07 | Attr = ])
tpsbattm.exe-------------001828-----0001----------001316-----Normal---------c:\windows\system32\tpsbattm.exe (TOSHIBA Corporation [Ver = 1, 0, 2, 0 | Size = 45056 bytes | Date = 12/16/2003 05:53 | Attr = ])
tpsmain.exe--------------001316-----0001----------000560-----Normal---------c:\windows\system32\tpsmain.exe (TOSHIBA Corporation [Ver = 1, 0, 10, 2 | Size = 278528 bytes | Date = 12/16/2003 05:54 | Attr = ])
wg111cfg.exe-------------001608-----0002----------000560-----Normal---------c:\program files\netgear\wg111 configuration utility\wg111cfg.exe ( [Ver = 2, 0, 4, 7 | Size = 1044572 bytes | Date = 08/04/2004 13:54 | Attr = ])
winlogon.exe-------------000900-----0020----------000828-----High-----------\??\c:\windows\system32\winlogon.exe (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 516608 bytes | Date = 03/31/2003 22:00 | Attr = ])
winpfind2.exe------------000428-----0001----------000560-----Normal---------c:\documents and settings\grant martin\desktop\winpfind2\winpfind2.exe (OldTimer Tools [Ver = 1.0.0.0 | Size = 381440 bytes | Date = 07/16/2006 09:30 | Attr = ])
wuauclt.exe--------------003752-----0003----------001268-----Normal---------c:\windows\system32\wuauclt.exe (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 124184 bytes | Date = 05/26/2005 04:16 | Attr = ])
zcfgsvc.exe--------------000368-----0007----------000900-----Normal---------c:\windows\system32\zcfgsvc.exe (Intel Corporation [Ver = 8, 0, 0, 161 | Size = 376832 bytes | Date = 12/16/2003 16:47 | Attr = ])

Registry Entries
Key--------------------------------------------------------------------------------------------------------------------- Value (Version Info)
WinPFind2 by OldTimer - Version 1.0.0-----------------------------------------------------------------------------------
Microsoft Windows XP Version = Service Pack 1--------------------------------------------------------------------------
Internet Explorer Version = 6.0.2800.1106------------------------------------------------------------------------------
Internet Explorer Settings----------------------------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page-------------------------------------------------------------- http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page------------------------------------------------------------- http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default Page------------------------------------------------------------ http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default Search---------------------------------------------------------- http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page-------------------------------------------------------------- C:\windows\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page-------------------------------------------------------------- http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page------------------------------------------------------------- http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page-------------------------------------------------------------- C:\windows\system32\blank.htm
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable------------------------------------------- 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride----------------------------------------- localhost
BHO's-------------------------------------------------------------------------------------------------------------------
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}--- AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ( [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Date = 03/03/2001 06:02 | Attr = ])
Internet Explorer Bars, Toolbars and Extensions-------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}-------------------------- &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation [Ver = 6.00.2800.1145 (xpsp2.021108-1929) | Size = 1331200 bytes | Date = 11/28/2002 05:50 | Attr = ])
HKLM\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{8E718888-423F-11D2-876E-00A0C9082467}------------------------------- &Radio = C:\WINDOWS\System32\msdxm.ocx ( [Ver = | Size = 842268 bytes | Date = 03/31/2003 22:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}----------------------------- MenuText: Sun Java Console = (File not found)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}----------------------------- MenuText: = (File not found)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}----------------------------- MenuText: Uninstall BitDefender Online Scanner v8 = (File not found)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}----------------------------- MenuText: = (File not found)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}----------------------------- ButtonText: Research = (File not found)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\.spop------------------------------------------------------- = C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Date = 01/30/2001 13:56 | Attr = ])
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}-------------------------- Media Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1021952 bytes | Date = 03/31/2003 22:00 | Attr = ])
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383}------------------ &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1021952 bytes | Date = 03/31/2003 22:00 | Attr = ])
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383}-------------------- &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1021952 bytes | Date = 03/31/2003 22:00 | Attr = ])
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}-------------------- &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation [Ver = 6.00.2800.1233 (xpsp2.030604-1804) | Size = 8240640 bytes | Date = 06/12/2003 07:43 | Attr = ])
HKCU\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel-------------------------------------------- res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation [Ver = 10.0.3506 | Size = 9165128 bytes | Date = 11/08/2001 05:43 | Attr = R ])
Approved Shell Extensions (Non-Microsoft only)--------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{42071714-76d4-11d1-8b24-00a0c9068ff3}--------- Display Panning CPL Extension = deskpan.dll (File not found)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{88895560-9AA2-1069-930E-00AA0030EBC8}--------- HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Date = 03/31/2003 22:00 | Attr = ])
ContextMenuHandlers (Non-Microsoft only)--------------------------------------------------------------------------------
HKCR\*\shellex\ContextMenuHandlers\ewido anti-spyware------------------------------------------------------------------- {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 94208 bytes | Date = 06/17/2006 00:38 | Attr = ])
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware------------------------------------------ {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 94208 bytes | Date = 06/17/2006 00:38 | Attr = ])
ColumnHandlers (Non-Microsoft only)-------------------------------------------------------------------------------------
Registry Run Keys-------------------------------------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\000StTHK------------------------------------------------------------ 000StTHK.exe ( [Ver = | Size = 24576 bytes | Date = 06/24/2001 14:28 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\00THotkey----------------------------------------------------------- C:\WINDOWS\System32\00THotkey.exe (TOSHIBA Corp. [Ver = 1, 0, 0, 22 | Size = 258048 bytes | Date = 11/22/2003 08:49 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AGRSMMSG------------------------------------------------------------ AGRSMMSG.exe (Agere Systems [Ver = 2.1.28.2 2.1.28.2 04/18/2003 11:20:08 | Size = 88363 bytes | Date = 04/19/2003 05:20 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Apoint-------------------------------------------------------------- C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd. [Ver = 6.0.2.180 | Size = 192512 bytes | Date = 10/30/2003 17:46 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DpUtil-------------------------------------------------------------- C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe (TOSHIBA [Ver = 1, 1, 0, 0 | Size = 159744 bytes | Date = 11/12/2003 14:19 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Drag'n Drop CD+DVD-------------------------------------------------- C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp ( [Ver = 3, 0, 0, 0 | Size = 1175552 bytes | Date = 08/09/2003 12:54 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ezShieldProtector for Px-------------------------------------------- C:\WINDOWS\System32\ezSP_Px.exe (Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Date = 08/20/2002 11:29 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IntelliPoint-------------------------------------------------------- "C:\Program Files\Microsoft IntelliPoint\point32.exe" (Microsoft Corporation [Ver = 5.00.174.0 | Size = 163840 bytes | Date = 05/16/2003 09:41 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Logitech Utility---------------------------------------------------- Logi_MwX.Exe (Logitech Inc. [Ver = 9.80.013 | Size = 20992 bytes | Date = 12/12/2003 03:50 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LtMoh--------------------------------------------------------------- C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems [Ver = 1.69 | Size = 172032 bytes | Date = 01/03/2003 10:16 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mmtask-------------------------------------------------------------- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (TODO: <Company name> [Ver = 1.0.0.1 | Size = 53248 bytes | Date = 10/01/2003 10:01 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MMTray-------------------------------------------------------------- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (MUSICMATCH, Inc. [Ver = 8.00.0126 | Size = 114688 bytes | Date = 10/01/2003 10:01 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe--------------------------------------------------------- NDSTray.exe (File not found)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\PRONoMgr.exe-------------------------------------------------------- c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe (Intel® Corporation [Ver = 6.1.304.0 | Size = 86016 bytes | Date = 12/10/2003 02:36 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SmoothView---------------------------------------------------------- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation [Ver = 2, 0, 0, 13 | Size = 131072 bytes | Date = 12/04/2003 06:26 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched-------------------------------------------------- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ( [Ver = | Size = 32881 bytes | Date = 01/08/2004 06:30 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TAudEffect---------------------------------------------------------- C:\Program Files\Toshiba\TAudEffect\TAudEff.exe /run (TOSHIBA [Ver = 1, 0, 2, 0 | Size = 208972 bytes | Date = 12/26/2003 10:17 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TFncKy-------------------------------------------------------------- TFncKy.exe (File not found)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TFNF5--------------------------------------------------------------- TFNF5.exe (TOSHIBA Corp. [Ver = 2, 5, 0, 0 | Size = 73728 bytes | Date = 11/17/2003 20:42 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TMERzCtl.EXE-------------------------------------------------------- C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service (TOSHIBA [Ver = 1, 0, 2, 14 | Size = 77824 bytes | Date = 10/07/2003 11:43 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TMESBS.EXE---------------------------------------------------------- C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client (TOSHIBA Corporation [Ver = 2, 1, 1, 18 | Size = 86016 bytes | Date = 08/02/2003 08:56 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TMESRV.EXE---------------------------------------------------------- C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon (TOSHIBA [Ver = 3, 1, 44, 0 | Size = 126976 bytes | Date = 12/10/2003 14:50 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TosHKCW.exe--------------------------------------------------------- "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" (TOSHIBA CORPORATION [Ver = 2, 1, 0, 1 | Size = 49152 bytes | Date = 09/10/2002 09:07 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TPSMain------------------------------------------------------------- TPSMain.exe (TOSHIBA Corporation [Ver = 1, 0, 10, 2 | Size = 278528 bytes | Date = 12/16/2003 05:54 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL--------------------------------------------- Installed = 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI---------------------------------------------- Installed = 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS---------------------------------------------- Installed = 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe---------------------------------------------------------- C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 13312 bytes | Date = 03/31/2003 22:00 | Attr = ])
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LDM----------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech [Ver = 2.30.04 | Size = 36864 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSMSGS-------------------------------------------------------------- "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation [Ver = 4.7.0041 | Size = 1511453 bytes | Date = 08/21/2002 09:08 | Attr = ])
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TOSCDSPD------------------------------------------------------------ C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Date = 09/05/2003 21:24 | Attr = ])
Startup Lnks------------------------------------------------------------------------------------------------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini--------------------------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ( [Ver = | Size = 84 bytes | Date = 01/08/2004 05:58 | Attr = HS])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk-------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech [Ver = 2.30.04 | Size = 196608 bytes | Date = 11/04/2005 14:46 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk---------- C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation [Ver = 11.0.5601 | Size = 51776 bytes | Date = 08/07/2003 07:23 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk------------------------------------ C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation [Ver = 10.0.2609 | Size = 83360 bytes | Date = 02/13/2001 16:01 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk--------------------------------------------- C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd. [Ver = 1, 0, 9, 0 | Size = 155648 bytes | Date = 03/14/2003 12:38 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Smart Wizard Wireless Settings.lnk---------------------- C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe ( [Ver = 2, 0, 4, 7 | Size = 1044572 bytes | Date = 08/04/2004 13:54 | Attr = ])
C:\Documents and Settings\Grant Martin\Start Menu\Programs\Startup\desktop.ini------------------------------------------ C:\Documents and Settings\Grant Martin\Start Menu\Programs\Startup\desktop.ini ( [Ver = | Size = 84 bytes | Date = 01/08/2004 05:58 | Attr = HS])
Disabled MSConfig Items-------------------------------------------------------------------------------------------------
User Agent Post Platform------------------------------------------------------------------------------------------------
AppInit DLLs------------------------------------------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs------------------------------------------------- (File not found)
Image File Execution Options--------------------------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path- Debugger = ntsd -d
Shell Service Object Delay Load-----------------------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn-------------------------------------- {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation [Ver = 6.00.2800.1233 (xpsp2.030604-1804) | Size = 8240640 bytes | Date = 06/12/2003 07:43 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\PostBootReminder---------------------------- {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation [Ver = 6.00.2800.1233 (xpsp2.030604-1804) | Size = 8240640 bytes | Date = 06/12/2003 07:43 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SysTray------------------------------------- {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 117760 bytes | Date = 03/31/2003 22:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck------------------------------------ {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 258048 bytes | Date = 03/31/2003 22:00 | Attr = ])
Shell Execute Hooks-----------------------------------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}------- CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 73728 bytes | Date = 06/17/2006 00:38 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972}------- URL Exec Hook = shell32.dll (Microsoft Corporation [Ver = 6.00.2800.1233 (xpsp2.030604-1804) | Size = 8240640 bytes | Date = 06/12/2003 07:43 | Attr = ])
Shared Task Scheduler---------------------------------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{438755C2-A8BA-11D1-B96B-00A0C90312E1}----- Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1021952 bytes | Date = 03/31/2003 22:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{8C7461EF-2B13-11d2-BE35-3078302C2030}----- Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1021952 bytes | Date = 03/31/2003 22:00 | Attr = ])
Winlogon----------------------------------------------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit---------------------------------------------------- C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 22016 bytes | Date = 03/31/2003 22:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell------------------------------------------------------- Explorer.exe (Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1004032 bytes | Date = 03/31/2003 22:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System------------------------------------------------------ (File not found)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain------------------------------------------ crypt32.dll (Microsoft Corporation [Ver = 5.131.2600.1123 (xpsp2.020921-0842) | Size = 544256 bytes | Date = 09/24/2002 09:10 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet---------------------------------------------- cryptnet.dll (Microsoft Corporation [Ver = 5.131.2600.0 (xpclient.010817-1148) | Size = 53248 bytes | Date = 03/31/2003 22:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll------------------------------------------------ cscdll.dll (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 89600 bytes | Date = 03/31/2003 22:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp-------------------------------------------- wlnotify.dll (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 86528 bytes | Date = 03/31/2003 22:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule---------------------------------------------- wlnotify.dll (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 86528 bytes | Date = 03/31/2003 22:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy---------------------------------------------- sclgntfy.dll (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 18432 bytes | Date = 03/31/2003 22:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring----------------------------------------------- c:\WINDOWS\System32\LgNotify.dll (Intel Corporation [Ver = 8, 0, 0, 161 | Size = 110592 bytes | Date = 12/16/2003 16:49 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn---------------------------------------------- WlNotify.dll (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 86528 bytes | Date = 03/31/2003 22:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv----------------------------------------------- wlnotify.dll (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 86528 bytes | Date = 03/31/2003 22:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon--------------------------------------------- wlnotify.dll (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 86528 bytes | Date = 03/31/2003 22:00 | Attr = ])
DNS Name Servers--------------------------------------------------------------------------------------------------------
Winsock2 Catalogs (Non-Microsoft only)----------------------------------------------------------------------------------
Protocol Handlers (Non-Microsoft only)----------------------------------------------------------------------------------
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bw+0---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bw+0s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bw-0---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bw00---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bw00s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bw-0s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bw10---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bw10s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bw20---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bw20s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bw30---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bw30s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bw40---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bw40s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bw50---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bw50s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bw60---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bw60s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bw70---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bw70s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bw80---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bw80s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bw90---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bw90s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwa0---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwa0s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwb0---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwb0s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwc0---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwc0s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwd0---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwd0s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwe0---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwe0s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwf0---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwf0s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwfile-8876480------------------------------------------------------------------ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwg0---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwg0s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwh0---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwh0s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwi0---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwi0s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwj0---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwj0s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwk0---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwk0s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwl0---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwl0s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwm0---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwm0s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwn0---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwn0s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwo0---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwo0s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwp0---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwp0s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwq0---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwq0s--------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwr0---------------------------------------------------------------------------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Date = 11/05/2005 05:36 | Attr = ])
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\bwr0s--------------------------------------------------------------------------- C:\Progr

#6 martyaustralia

martyaustralia
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 21 July 2006 - 04:18 AM

[Start Post #2]

Services
Name--------------------------------------------------------Internal Name------------Startup Type---State-----Service Type--------------------------------------Path (Version Info)
Windows Audio-----------------------------------------------AudioSrv-----------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
Computer Browser--------------------------------------------Browser------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
ConfigFree Service------------------------------------------CFSvcs-------------------Automatic------Running---Win32, running in it's own process----------------C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION [Ver = 4, 50, 0, 2 | Size = 28672 bytes | Date = 12/02/2003 18:05 | Attr = ])
Cryptographic Services--------------------------------------CryptSvc-----------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
DHCP Client-------------------------------------------------Dhcp---------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
Logical Disk Manager----------------------------------------dmserver-----------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
DNS Client--------------------------------------------------Dnscache-----------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k NetworkService (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
DVD-RAM_Service---------------------------------------------DVD-RAM_Service----------Automatic------Running---Win32, running in it's own process----------------C:\WINDOWS\System32\DVDRAMSV.exe (Matsubleepa Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Date = 05/23/2003 14:38 | Attr = ])
Error Reporting Service-------------------------------------ERSvc--------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
Event Log---------------------------------------------------Eventlog-----------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\services.exe (Microsoft Corporation [Ver = 5.1.2600.1152 (xpsp2.021217-1051) | Size = 99840 bytes | Date = 12/18/2002 12:20 | Attr = ])
COM+ Event System-------------------------------------------EventSystem--------------On Demand------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
ewido anti-spyware 4.0 guard--------------------------------ewido anti-spyware 4.0 guardAutomatic------Running---Win32, running in it's own process----------------C:\Program Files\ewido anti-spyware 4.0\guard.exe (Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Date = 06/17/2006 00:38 | Attr = ])
Fast User Switching Compatibility---------------------------FastUserSwitchingCompatibilityOn Demand------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
Help and Support--------------------------------------------helpsvc------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
HID Input Service-------------------------------------------HidServ------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
Infrared Monitor--------------------------------------------Irmon--------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
Server------------------------------------------------------lanmanserver-------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
Workstation-------------------------------------------------lanmanworkstation--------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
TCP/IP NetBIOS Helper---------------------------------------LmHosts------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
Network Connections-----------------------------------------Netman-------------------On Demand------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
Network Location Awareness (NLA)----------------------------Nla----------------------On Demand------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
Plug and Play-----------------------------------------------PlugPlay-----------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\services.exe (Microsoft Corporation [Ver = 5.1.2600.1152 (xpsp2.021217-1051) | Size = 99840 bytes | Date = 12/18/2002 12:20 | Attr = ])
IPSEC Services----------------------------------------------PolicyAgent--------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\lsass.exe (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 11776 bytes | Date = 03/31/2003 22:00 | Attr = ])
Protected Storage-------------------------------------------ProtectedStorage---------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\lsass.exe (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 11776 bytes | Date = 03/31/2003 22:00 | Attr = ])
Remote Access Connection Manager----------------------------RasMan-------------------On Demand------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
RegSrvc-----------------------------------------------------RegSrvc------------------Automatic------Running---Win32, running in it's own process----------------C:\WINDOWS\System32\RegSrvc.exe (Intel Corporation [Ver = 8, 0, 0, 161 | Size = 122880 bytes | Date = 12/16/2003 16:41 | Attr = ])
Remote Registry---------------------------------------------RemoteRegistry-----------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
Remote Procedure Call (RPC)---------------------------------RpcSs--------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost -k rpcss (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
Spectrum24 Event Monitor------------------------------------S24EventMonitor----------Automatic------Running---Win32, running in it's own process----------------C:\WINDOWS\System32\S24EvMon.exe (Intel Corporation [Ver = 8, 0, 0, 161 | Size = 311363 bytes | Date = 12/16/2003 16:42 | Attr = ])
Security Accounts Manager-----------------------------------SamSs--------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\lsass.exe (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 11776 bytes | Date = 03/31/2003 22:00 | Attr = ])
Task Scheduler----------------------------------------------Schedule-----------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
Secondary Logon---------------------------------------------seclogon-----------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
System Event Notification-----------------------------------SENS---------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
Shell Hardware Detection------------------------------------ShellHWDetection---------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
SoundMAX Agent Service--------------------------------------SoundMAX Agent Service (default)Automatic------Running---Win32, running in it's own process----------------C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Date = 09/21/2002 10:50 | Attr = ])
Print Spooler-----------------------------------------------Spooler------------------Automatic------Running---Win32, running in it's own process----------------C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 51200 bytes | Date = 03/31/2003 22:00 | Attr = ])
System Restore Service--------------------------------------srservice----------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
SSDP Discovery Service--------------------------------------SSDPSRV------------------On Demand------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
Telephony---------------------------------------------------TapiSrv------------------On Demand------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
Terminal Services-------------------------------------------TermService--------------On Demand------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
Themes------------------------------------------------------Themes-------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
Tmesbs32----------------------------------------------------Tmesbs-------------------Automatic------Running---Win32, running in it's own process----------------"C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (TOSHIBA Corporation [Ver = 2, 1, 1, 18 | Size = 86016 bytes | Date = 08/02/2003 08:56 | Attr = ])
Tmesrv3-----------------------------------------------------Tmesrv-------------------Automatic------Running---Win32, running in it's own process----------------"C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (TOSHIBA [Ver = 3, 1, 44, 0 | Size = 126976 bytes | Date = 12/10/2003 14:50 | Attr = ])
Distributed Link Tracking Client----------------------------TrkWks-------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
Upload Manager----------------------------------------------uploadmgr----------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
Windows Time------------------------------------------------W32Time------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
WebClient---------------------------------------------------WebClient----------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
Windows Management Instrumentation--------------------------winmgmt------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
Automatic Updates-------------------------------------------wuauserv-----------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])
Wireless Zero Configuration---------------------------------WZCSVC-------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Date = 03/31/2003 22:00 | Attr = ])

Files
Full Path--------------------------------------------------------------------------------------------------------------- Details
AllUsers ApplicationData Folder-----------------------------------------------------------------------------------------
C:\Documents and Settings\All Users\Application Data\desktop.ini-------------------------------------------------------- ( [Ver = | Size = 62 bytes | Date = 01/07/2004 21:51 | Attr = HS])
CurrentUser ApplicationData Folder--------------------------------------------------------------------------------------
C:\Documents and Settings\Grant Martin\Application Data\desktop.ini----------------------------------------------------- ( [Ver = | Size = 62 bytes | Date = 01/07/2004 21:51 | Attr = HS])
C:\Documents and Settings\Grant Martin\Application Data\GDIPFONTCACHEV1.DAT--------------------------------------------- ( [Ver = | Size = 29184 bytes | Date = 03/02/2005 16:28 | Attr = ])
DPF files---------------------------------------------------------------------------------------------------------------
{166B1BCA-3F9C-11CF-8075-444553540000}---------------------------------------------------------------------------------- Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}---------------------------------------------------------------------------------- BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab
{6E5A37BF-FD42-463A-877C-4EB7002E68AE}---------------------------------------------------------------------------------- Trend Micro ActiveX Scan Agent 6.5 - CodeBase = http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
{7F8C8173-AD80-4807-AA75-5672F22B4582}---------------------------------------------------------------------------------- ICSScanner Class - CodeBase = http://download.zonelabs.com/bin/promotion...canner37930.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93}---------------------------------------------------------------------------------- Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}---------------------------------------------------------------------------------- ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}---------------------------------------------------------------------------------- Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000}---------------------------------------------------------------------------------- Shockwave Flash Object - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab
Hosts file = 27 bytes. Reading all entries.----------------------------------------------------------------------------- C:\WINDOWS\System32\drivers\etc\Hosts
localhost 127.0.0.1-----------------------------------------------------------------------------------------------

#7 martyaustralia

martyaustralia
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 21 July 2006 - 04:19 AM

[Start Post #3]

AddOn's
File or Key------------------------------------------------------------------------------------------------------------- Info or Value
>>>>Output for AddOn file BotCheck_NoSubs.def<<<<-----------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Ole--------------------------------------------------------------------------------------------- No SUBKEYS
HKLM\SOFTWARE\Microsoft\Ole---------------------------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission-------------------------------------------------------------------- 01 00 04 80 64 00 00 00 80 00 00 00 00 00 00 00 14 00 00 00 02 00 50 00 03 00 00 00 00 00 18 00 01 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 00 00 00 00 18 00 01 00 00 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 00 00 00 00 18 00 01 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 05 00 00 00 00 00 05 15 00 00 00 A0 5F 84 1F 5E 2E 6B 49 CE 12 03 03 F4 01 00 00 01 05 00 00 00 00 00 05 15 00 00 00 A0 5F 84 1F 5E 2E 6B 49 CE 12 03 03 F4 01 00 00
HKLM\SOFTWARE\Microsoft\Ole\\EnableDCOM--------------------------------------------------------------------------------- Y
HKLM\SOFTWARE\Microsoft\Security Center--------------------------------------------------------------------------------- No SUBKEYS
HKLM\SOFTWARE\Microsoft\Security Center not found.----------------------------------------------------------------------
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate------------------------------------------------------------------ No SUBKEYS
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate not found.-------------------------------------------------------
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile---------------------------------------------------------- No SUBKEYS
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile not found.-----------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Lsa------------------------------------------------------------------------------- No SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Control\Lsa-------------------------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages------------------------------------------------------ msv1_0;
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds----------------------------------------------------------------------- 00 30 00 00 00 20 00 00
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages------------------------------------------------------------ kerberos;msv1_0;schannel;wdigest;
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid----------------------------------------------------------------------- 956
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot------------------------------------------------------------------- 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects------------------------------------------------------------- 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail------------------------------------------------------------- 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds----------------------------------------------------------- 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous---------------------------------------------------- 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy---------------------------------------------------------- 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest------------------------------------------------------------------- 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing-------------------------------------------------------- 00
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse-------------------------------------------------------- 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel--------------------------------------------------------- 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner---------------------------------------------------------- 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash--------------------------------------------------------------------- 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous------------------------------------------------------------ 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam--------------------------------------------------------- 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages-------------------------------------------------------- scecli;
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess--------------------------------------------------------------------- No SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess---------------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type--------------------------------------------------------------- 32
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start-------------------------------------------------------------- 3
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl------------------------------------------------------- 1
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath---------------------------------------------------------- %SystemRoot%\System32\svchost.exe -k netsvcs
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName-------------------------------------------------------- Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService---------------------------------------------------- Netman;NLA;RasMan;ALG;
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName--------------------------------------------------------- LocalSystem
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description-------------------------------------------------------- Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv------------------------------------------------------------------------- No SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv-------------------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\\Type------------------------------------------------------------------- 32
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\\Start------------------------------------------------------------------ 2
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl----------------------------------------------------------- 1
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath-------------------------------------------------------------- %systemroot%\system32\svchost.exe -k netsvcs
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName------------------------------------------------------------ Automatic Updates
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName------------------------------------------------------------- LocalSystem
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\\Description------------------------------------------------------------ Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry------------------------------------------------------------------- No SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry-------------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description------------------------------------------------------ Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService-------------------------------------------------- RPCSS;
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName------------------------------------------------------ Remote Registry
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl----------------------------------------------------- 1
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath-------------------------------------------------------- %SystemRoot%\system32\svchost.exe -k LocalService
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName------------------------------------------------------- NT AUTHORITY\LocalService
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start------------------------------------------------------------ 2
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type------------------------------------------------------------- 32
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions--------------------------------------------------- 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry----------------------------------------------------------------------- No SUBKEYS
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry-----------------------------------------------------------------------
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\\Description---------------------------------------------------------- Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\\DependOnService------------------------------------------------------ RPCSS;
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\\DisplayName---------------------------------------------------------- Remote Registry
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\\ErrorControl--------------------------------------------------------- 1
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\\ImagePath------------------------------------------------------------ %SystemRoot%\system32\svchost.exe -k LocalService
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\\ObjectName----------------------------------------------------------- NT AUTHORITY\LocalService
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\\Group----------------------------------------------------------------
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\\Start---------------------------------------------------------------- 2
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\\Type----------------------------------------------------------------- 32
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\\FailureActions------------------------------------------------------- 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr-------------------------------------------------------------------------- No SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr--------------------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type-------------------------------------------------------------------- 16
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start------------------------------------------------------------------- 4
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl------------------------------------------------------------ 1
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath--------------------------------------------------------------- C:\WINDOWS\System32\tlntsvr.exe
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName------------------------------------------------------------- Telnet
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService--------------------------------------------------------- RPCSS;TCPIP;NTLMSSP;
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup-----------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName-------------------------------------------------------------- LocalSystem
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description------------------------------------------------------------- Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
HKLM\SYSTEM\ControlSet001\Services\TlntSvr------------------------------------------------------------------------------ No SUBKEYS
HKLM\SYSTEM\ControlSet001\Services\TlntSvr------------------------------------------------------------------------------
HKLM\SYSTEM\ControlSet001\Services\TlntSvr\\Type------------------------------------------------------------------------ 16
HKLM\SYSTEM\ControlSet001\Services\TlntSvr\\Start----------------------------------------------------------------------- 4
HKLM\SYSTEM\ControlSet001\Services\TlntSvr\\ErrorControl---------------------------------------------------------------- 1
HKLM\SYSTEM\ControlSet001\Services\TlntSvr\\ImagePath------------------------------------------------------------------- C:\WINDOWS\System32\tlntsvr.exe
HKLM\SYSTEM\ControlSet001\Services\TlntSvr\\DisplayName----------------------------------------------------------------- Telnet
HKLM\SYSTEM\ControlSet001\Services\TlntSvr\\DependOnService------------------------------------------------------------- RPCSS;TCPIP;NTLMSSP;
HKLM\SYSTEM\ControlSet001\Services\TlntSvr\\DependOnGroup---------------------------------------------------------------
HKLM\SYSTEM\ControlSet001\Services\TlntSvr\\ObjectName------------------------------------------------------------------ LocalSystem
HKLM\SYSTEM\ControlSet001\Services\TlntSvr\\Description----------------------------------------------------------------- Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings----- No SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings-----
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable 0
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings-------- No SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings--------
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable 0
>>>>Output for AddOn file BotCheck_Subs.def<<<<-------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Ole--------------------------------------------------------------------------------------------- Include SUBKEYS
HKLM\SOFTWARE\Microsoft\Ole---------------------------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission-------------------------------------------------------------------- 01 00 04 80 64 00 00 00 80 00 00 00 00 00 00 00 14 00 00 00 02 00 50 00 03 00 00 00 00 00 18 00 01 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 00 00 00 00 18 00 01 00 00 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 00 00 00 00 18 00 01 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 05 00 00 00 00 00 05 15 00 00 00 A0 5F 84 1F 5E 2E 6B 49 CE 12 03 03 F4 01 00 00 01 05 00 00 00 00 00 05 15 00 00 00 A0 5F 84 1F 5E 2E 6B 49 CE 12 03 03 F4 01 00 00
HKLM\SOFTWARE\Microsoft\Ole\\EnableDCOM--------------------------------------------------------------------------------- Y
HKLM\SOFTWARE\Microsoft\Ole\NONREDIST-----------------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll----------------------------------------------
HKLM\SOFTWARE\Microsoft\Security Center--------------------------------------------------------------------------------- Include SUBKEYS
HKLM\SOFTWARE\Microsoft\Security Center not found.----------------------------------------------------------------------
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate------------------------------------------------------------------ Include SUBKEYS
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate not found.-------------------------------------------------------
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile---------------------------------------------------------- Include SUBKEYS
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile not found.-----------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Lsa------------------------------------------------------------------------------- Include SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Control\Lsa-------------------------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages------------------------------------------------------ msv1_0;
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds----------------------------------------------------------------------- 00 30 00 00 00 20 00 00
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages------------------------------------------------------------ kerberos;msv1_0;schannel;wdigest;
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid----------------------------------------------------------------------- 956
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot------------------------------------------------------------------- 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects------------------------------------------------------------- 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail------------------------------------------------------------- 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds----------------------------------------------------------- 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous---------------------------------------------------- 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy---------------------------------------------------------- 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest------------------------------------------------------------------- 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing-------------------------------------------------------- 00
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse-------------------------------------------------------- 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel--------------------------------------------------------- 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner---------------------------------------------------------- 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash--------------------------------------------------------------------- 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous------------------------------------------------------------ 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam--------------------------------------------------------- 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages-------------------------------------------------------- scecli;
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders---------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder------------------------------------------------ Windows NT Access Provider;
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider------------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath---------------------- %SystemRoot%\system32\ntmarta.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Data--------------------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern----------------------------------------------------------------- F2 35 04 5B D8 21 AF 5A 68 E3 CB 3C 2E 8B A4 C6 64 66 64 30 31 34 65 34 00 00 00 00 01 00 00 00 C0 01 00 00 C4 01 00 00 34 CA 06 00 45 9D BF 71 04 00 00 00 10 00 00 00 00 00 00 00 47 13 D4 73
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\GBG---------------------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup------------------------------------------------------------ B2 7E A4 0A B2 D2 8D 00 AE
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\JD----------------------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup-------------------------------------------------------------------- E9 3A 6D 30 8A C4
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos----------------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains--------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache-------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0------------------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132--------------------------------------------------------------- IISSUBA
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec------------------------------------------------------ 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec------------------------------------------------------ 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Skew1-------------------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix------------------------------------------------------------- 61 9A 03 E8 BE D1 80 C6 85 D8 05 3F E9 25 3F 18
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SSO---------------------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4---------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL------------------------------------------------------- http://www.passport.com
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache---------------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time--------------------------------------------------------------- F0 94 4C B9 3C B0 C4 01
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll----------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name---------------------------------------------------- Digest
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment------------------------------------------------- Digest SSPI Authentication Package
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities-------------------------------------------- 16464
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId--------------------------------------------------- 65535
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version------------------------------------------------- 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize----------------------------------------------- 65535
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time---------------------------------------------------- 00 E0 23 0E 7D F7 C2 01
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type---------------------------------------------------- 49
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll--------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name-------------------------------------------------- DPA
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment----------------------------------------------- DPA Security Package
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities------------------------------------------ 55
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId------------------------------------------------- 17
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version----------------------------------------------- 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize--------------------------------------------- 768
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time-------------------------------------------------- 00 E0 23 0E 7D F7 C2 01
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type-------------------------------------------------- 49
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll---------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name--------------------------------------------------- MSN
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment------------------------------------------------ MSN Security Package
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities------------------------------------------- 55
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId-------------------------------------------------- 18
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version------------------------------------------------ 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize---------------------------------------------- 768
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time--------------------------------------------------- 00 E0 23 0E 7D F7 C2 01
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type--------------------------------------------------- 49
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess--------------------------------------------------------------------- Include SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess---------------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type--------------------------------------------------------------- 32
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start-------------------------------------------------------------- 3
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl------------------------------------------------------- 1
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath---------------------------------------------------------- %SystemRoot%\System32\svchost.exe -k netsvcs
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName-------------------------------------------------------- Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService---------------------------------------------------- Netman;NLA;RasMan;ALG;
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName--------------------------------------------------------- LocalSystem
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description-------------------------------------------------------- Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters----------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll---------------------------------------------- %SystemRoot%\System32\ipnathlp.dll
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy-------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile-----------------------------
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications------
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List-
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile---------------------------
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications----
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Security------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security-------------------------------------------------- 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv------------------------------------------------------------------------- Include SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv-------------------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\\Type------------------------------------------------------------------- 32
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\\Start------------------------------------------------------------------ 2
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl----------------------------------------------------------- 1
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath-------------------------------------------------------------- %systemroot%\system32\svchost.exe -k netsvcs
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName------------------------------------------------------------ Automatic Updates
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName------------------------------------------------------------- LocalSystem
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\\Description------------------------------------------------------------ Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters--------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll-------------------------------------------------- C:\WINDOWS\System32\wuauserv.dll
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Security----------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security------------------------------------------------------ 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Enum--------------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0----------------------------------------------------------------- Root\LEGACY_WUAUSERV\0000
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count------------------------------------------------------------- 1
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance------------------------------------------------------ 1
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry------------------------------------------------------------------- Include SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry-------------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description------------------------------------------------------ Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService-------------------------------------------------- RPCSS;
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName------------------------------------------------------ Remote Registry
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl----------------------------------------------------- 1
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath-------------------------------------------------------- %SystemRoot%\system32\svchost.exe -k LocalService
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName------------------------------------------------------- NT AUTHORITY\LocalService
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start------------------------------------------------------------ 2
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type------------------------------------------------------------- 32
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions--------------------------------------------------- 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters--------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll-------------------------------------------- %SystemRoot%\system32\regsvc.dll
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security----------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security------------------------------------------------ 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum--------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0----------------------------------------------------------- Root\LEGACY_REMOTEREGISTRY\0000
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count------------------------------------------------------- 1
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance------------------------------------------------ 1
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry----------------------------------------------------------------------- Include SUBKEYS
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry-----------------------------------------------------------------------
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\\Description---------------------------------------------------------- Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\\DependOnService------------------------------------------------------ RPCSS;
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\\DisplayName---------------------------------------------------------- Remote Registry
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\\ErrorControl--------------------------------------------------------- 1
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\\ImagePath------------------------------------------------------------ %SystemRoot%\system32\svchost.exe -k LocalService
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\\ObjectName----------------------------------------------------------- NT AUTHORITY\LocalService
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\\Group----------------------------------------------------------------
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\\Start---------------------------------------------------------------- 2
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\\Type----------------------------------------------------------------- 32
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\\FailureActions------------------------------------------------------- 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\Parameters------------------------------------------------------------
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\Parameters\\ServiceDll------------------------------------------------ %SystemRoot%\system32\regsvc.dll
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\Security--------------------------------------------------------------
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\Security\\Security---------------------------------------------------- 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\Enum------------------------------------------------------------------
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\Enum\\0--------------------------------------------------------------- Root\LEGACY_REMOTEREGISTRY\0000
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\Enum\\Count----------------------------------------------------------- 1
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry\Enum\\NextInstance---------------------------------------------------- 1
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr-------------------------------------------------------------------------- Include SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr--------------------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type-------------------------------------------------------------------- 16
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start------------------------------------------------------------------- 4
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl------------------------------------------------------------ 1
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath--------------------------------------------------------------- C:\WINDOWS\System32\tlntsvr.exe
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName------------------------------------------------------------- Telnet
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService--------------------------------------------------------- RPCSS;TCPIP;NTLMSSP;
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup-----------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName-------------------------------------------------------------- LocalSystem
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description------------------------------------------------------------- Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\Security-----------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security------------------------------------------------------- 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\ControlSet001\Services\TlntSvr------------------------------------------------------------------------------ Include SUBKEYS
HKLM\SYSTEM\ControlSet001\Services\TlntSvr------------------------------------------------------------------------------
HKLM\SYSTEM\ControlSet001\Services\TlntSvr\\Type------------------------------------------------------------------------ 16
HKLM\SYSTEM\ControlSet001\Services\TlntSvr\\Start----------------------------------------------------------------------- 4
HKLM\SYSTEM\ControlSet001\Services\TlntSvr\\ErrorControl---------------------------------------------------------------- 1
HKLM\SYSTEM\ControlSet001\Services\TlntSvr\\ImagePath------------------------------------------------------------------- C:\WINDOWS\System32\tlntsvr.exe
HKLM\SYSTEM\ControlSet001\Services\TlntSvr\\DisplayName----------------------------------------------------------------- Telnet
HKLM\SYSTEM\ControlSet001\Services\TlntSvr\\DependOnService------------------------------------------------------------- RPCSS;TCPIP;NTLMSSP;
HKLM\SYSTEM\ControlSet001\Services\TlntSvr\\DependOnGroup---------------------------------------------------------------
HKLM\SYSTEM\ControlSet001\Services\TlntSvr\\ObjectName------------------------------------------------------------------ LocalSystem
HKLM\SYSTEM\ControlSet001\Services\TlntSvr\\Description----------------------------------------------------------------- Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
HKLM\SYSTEM\ControlSet001\Services\TlntSvr\Security---------------------------------------------------------------------
HKLM\SYSTEM\ControlSet001\Services\TlntSvr\Security\\Security----------------------------------------------------------- 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings----- Include SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings-----
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable 0
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings-------- Include SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings--------
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable 0
>>>>Output for AddOn file HKCC_Services.def<<<<-------------------------------------------------------------------------
HKCC\System\CurrentControlSet\SERVICES---------------------------------------------------------------------------------- Include SUBKEYS
HKCC\System\CurrentControlSet\SERVICES not found.-----------------------------------------------------------------------
>>>>Output for AddOn file HKCU_IEDesktop.def<<<<------------------------------------------------------------------------
HKCU\Software\Microsoft\Internet Explorer\Desktop----------------------------------------------------------------------- Include SUBKEYS
HKCU\Software\Microsoft\Internet Explorer\Desktop-----------------------------------------------------------------------
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components------------------------------------------------------------
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\\DeskHtmlVersion------------------------------------------- 272
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\\DeskHtmlMinorVersion-------------------------------------- 5
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\\Settings-------------------------------------------------- 1
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\\GeneralFlags---------------------------------------------- 0
HKCU\Software\Microsoft\Internet Explorer\Desktop\General---------------------------------------------------------------
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\\BackupWallpaper----------------------------------------------
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\\WallpaperFileTime-------------------------------------------- 00 00 00 00 00 00 00 00
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\\WallpaperLocalFileTime--------------------------------------- 00 10 AC D1 53 00 00 00
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\\TileWallpaper------------------------------------------------ 0
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\\WallpaperStyle----------------------------------------------- 2
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\\Wallpaper---------------------------------------------------- %SystemRoot%\Web\Wallpaper\Ascent.jpg
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\\ComponentsPositioned----------------------------------------- 1
HKCU\Software\Microsoft\Internet Explorer\Desktop\Old WorkAreas---------------------------------------------------------
HKCU\Software\Microsoft\Internet Explorer\Desktop\Old WorkAreas\\NoOfOldWorkAreas--------------------------------------- 1
HKCU\Software\Microsoft\Internet Explorer\Desktop\Old WorkAreas\\OldWorkAreaRects--------------------------------------- 00 00 00 00 00 00 00 00 00 04 00 00 E2 02 00 00
HKCU\Software\Microsoft\Internet Explorer\Desktop\SafeMode--------------------------------------------------------------
HKCU\Software\Microsoft\Internet Explorer\Desktop\SafeMode\Components---------------------------------------------------
HKCU\Software\Microsoft\Internet Explorer\Desktop\SafeMode\Components\\DeskHtmlVersion---------------------------------- 272
HKCU\Software\Microsoft\Internet Explorer\Desktop\SafeMode\Components\\DeskHtmlMinorVersion----------------------------- 5
HKCU\Software\Microsoft\Internet Explorer\Desktop\SafeMode\Components\\Settings----------------------------------------- 1
HKCU\Software\Microsoft\Internet Explorer\Desktop\SafeMode\Components\\GeneralFlags------------------------------------- 0
HKCU\Software\Microsoft\Internet Explorer\Desktop\SafeMode\General------------------------------------------------------
HKCU\Software\Microsoft\Internet Explorer\Desktop\SafeMode\General\\Wallpaper------------------------------------------- %SystemRoot%\Web\SafeMode.htt
HKCU\Software\Microsoft\Internet Explorer\Desktop\SafeMode\General\\VisitGallery---------------------------------------- 0
HKCU\Software\Microsoft\Internet Explorer\Desktop\Scheme----------------------------------------------------------------
HKCU\Software\Microsoft\Internet Explorer\Desktop\Scheme\\Edit----------------------------------------------------------
HKCU\Software\Microsoft\Internet Explorer\Desktop\Scheme\\Display-------------------------------------------------------
>>>>Output for AddOn file HKCU_PowerCfg.def<<<<-------------------------------------------------------------------------
HKCU\Control Panel\PowerCfg--------------------------------------------------------------------------------------------- Include SUBKEYS
HKCU\Control Panel\PowerCfg---------------------------------------------------------------------------------------------
HKCU\Control Panel\PowerCfg\\CurrentPowerPolicy------------------------------------------------------------------------- 7
HKCU\Control Panel\PowerCfg\GlobalPowerPolicy---------------------------------------------------------------------------
HKCU\Control Panel\PowerCfg\GlobalPowerPolicy\\Policies----------------------------------------------------------------- 01 00 00 00 00 00 00 00 03 00 00 00 10 00 00 00 00 00 00 00 03 00 00 00 10 00 00 00 00 00 00 00 03 00 00 00 08 00 00 00 00 00 00 00 03 00 00 00 08 00 00 00 00 00 00 00 03 00 00 00 00 00 00 80 00 00 00 00 03 00 00 00 00 00 00 80 01 00 00 00 02 00 00 00 00 00 00 00 07 00 00 00 01 00 00 00 04 00 00 00 01 00 00 00 0A 00 00 00 00 00 00 00 03 00 00 00 01 00 01 00 04 00 00 00 00 00 00 00 00 00

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:44 AM

Posted 21 July 2006 - 04:20 PM

Please download FixWareout from one of these sites:

http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log into this topic.


==================


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 martyaustralia

martyaustralia
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 23 July 2006 - 03:35 AM

Hi Sam,

Reports are as follows.

Fixwareout


Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\daolnwodi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\onisacputes
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

Search by size and names...

Misc files

Checking for older varients covered by the Rem3 tool


Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
Other suspects
Directory of C:\WINDOWS\system32
{0853AA8C-7B45-44E2-94FB-ADFE3727E151}.exe
{4A863EA2-D0F2-4BE8-A9EC-CD5C44E1A3C4}.exe


HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 6:33:10 PM, on 23/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\TPSBattM.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\Toshiba\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37930.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bw+0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)



Thanks for your continued help sam.

Anthony

#10 martyaustralia

martyaustralia
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 23 July 2006 - 04:19 AM

sorry also the Kaspersky report as follows: Looks like some sort of trojan infection...


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, July 23, 2006 7:16:20 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 23/07/2006
Kaspersky Anti-Virus database records: 209350
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 32312
Number of viruses found: 5
Number of infected objects: 9 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:20:37

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Grant Martin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfge.class-47275ab6-436fc571.class Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\Grant Martin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Grant Martin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Grant Martin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Grant Martin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Grant Martin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Grant Martin\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Grant Martin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Grant Martin\Data\BWDocMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Grant Martin\Data\BWInfopakMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Grant Martin\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Grant Martin\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Grant Martin\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Grant Martin\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Grant Martin\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Grant Martin\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Grant Martin\Data\L0000012.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Grant Martin\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Grant Martin\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Grant Martin\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Grant Martin\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Grant Martin\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Grant Martin\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Grant Martin\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Grant Martin\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Grant Martin\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Grant Martin\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Grant Martin\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Grant Martin\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Grant Martin\Data\storydb.idx Object is locked skipped
C:\System Volume Information\_restore{C6576765-8289-479E-B04F-4EA9B6B68371}\RP129\A0028232.exe Infected: Trojan.Win32.Dialer.mw skipped
C:\System Volume Information\_restore{C6576765-8289-479E-B04F-4EA9B6B68371}\RP142\A0031612.dll Infected: Trojan-Clicker.Win32.Agent.ac skipped
C:\System Volume Information\_restore{C6576765-8289-479E-B04F-4EA9B6B68371}\RP142\A0031615.exe Infected: Trojan.Win32.Dialer.mw skipped
C:\System Volume Information\_restore{C6576765-8289-479E-B04F-4EA9B6B68371}\RP142\A0031619.exe Infected: Trojan.Win32.Small.gq skipped
C:\System Volume Information\_restore{C6576765-8289-479E-B04F-4EA9B6B68371}\RP148\A0032129.exe Infected: Trojan.Win32.DNSChanger.ef skipped
C:\System Volume Information\_restore{C6576765-8289-479E-B04F-4EA9B6B68371}\RP148\A0032178.exe Infected: Trojan.Win32.DNSChanger.ef skipped
C:\System Volume Information\_restore{C6576765-8289-479E-B04F-4EA9B6B68371}\RP148\A0032232.exe Infected: Trojan.Win32.DNSChanger.ef skipped
C:\System Volume Information\_restore{C6576765-8289-479E-B04F-4EA9B6B68371}\RP148\A0032247.exe Infected: Trojan.Win32.DNSChanger.ef skipped
C:\System Volume Information\_restore{C6576765-8289-479E-B04F-4EA9B6B68371}\RP150\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{CFA9B702-D8E8-4E18-8F43-1BEC5F6C711C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:44 AM

Posted 23 July 2006 - 02:11 PM

Flush your system restore, this will delete any restore points that you have but it will also make sure that any malware hiding in system restore will be booted off.

Turn off System Restore:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Restart your computer, turn it back on and create a restore point.

Create a restore point:
  • Click Start and point to All Programs.
  • Mouse over Accessories, then System Tools, and select System Restore.
  • In the System Restore wizard, select the box next the text labeled "Create a
    restore point" and click the Next button.
  • Type a description for your new restore point. Something like "After
    cleanup". Click Create and you're done.
===============


Now lets check some settings on your system.
  • Enter your Control Panel and double-click on Network Connections
  • Then right click on your Default Connection
    • Usually Local Area Connection for Cable and DSL
  • Left click on Properties
  • Double-Click on the Internet Protocol (TCP/IP) item
  • Select the radio dial that says Obtain DNS Servers Automatically
  • Press OK twice to get out of the properties screen and reboot if it asks
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)


=================


Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    C:\WINDOWS\system32\{0853AA8C-7B45-44E2-94FB-ADFE3727E151}.exe
    C:\WINDOWS\system32\{4A863EA2-D0F2-4BE8-A9EC-CD5C44E1A3C4}.exe



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

  • After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
  • Post this log in your next reply.
Also post a new hijackthis log.
Let me know how things are working now. Any improvement?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 martyaustralia

martyaustralia
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 24 July 2006 - 05:43 AM

Hi Sam,

There has definitely been some improvement in scrolling thorugh web pages. Not as sluggish as before. Still seems to be some lag. Below are the Killbox and new HJT logs.

Thanks for your continued support on this.



Pocket Killbox version 2.0.0.648
Running on Windows XP as Grant Martin(Administrator)
was started @ Sunday, July 16, 2006, 12:53 PM

# 1 [Files to Delete]
Path = C:\Program Files\Time Sync\time.exe
*This file does not seem to exist

# 2 [Files to Delete]
Path = C:\WINDOWS\switpc.dat
*This file does not seem to exist

# 3 [Files to Delete]
Path = C:\WINDOWS\system32\scvvhost.exe
*This file does not seem to exist

# 4 [Files to Delete]
Path = WINDOWS\system32\svphost.exe
*This file does not seem to exist

Killbox Closed(Exit) @ 12:54:52 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Grant Martin(Administrator)
was started @ Monday, July 24, 2006, 8:31 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\{0853AA8C-7B45-44E2-94FB-ADFE3727E151}.exe


# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\{4A863EA2-D0F2-4BE8-A9EC-CD5C44E1A3C4}.exe


I Rebooted @ 8:33:40 PM
Killbox Closed(Exit) @ 8:33:42 PM
__________________________________________________


Logfile of HijackThis v1.99.1
Scan saved at 8:41:24 PM, on 24/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\Toshiba\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37930.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bw+0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:44 AM

Posted 24 July 2006 - 04:34 PM

Let's clean up your log a bit to get rid of some of the unnecessary stuff.

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O18 - Protocol: bw+0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {746B8B79-6281-4A87-95C3-F6C177980EFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll



==============


Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 martyaustralia

martyaustralia
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 25 July 2006 - 07:30 AM

Hi Sam,

Both reports posted below:

VundoFix V5.1.5

Checking Java version...

Java version is 1.4.2.3

Scan started at 10:17:09 PM 25/07/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V5.1.5

Checking Java version...

Java version is 1.4.2.3

Scan started at 10:18:29 PM 25/07/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...



Logfile of HijackThis v1.99.1
Scan saved at 10:29:03 PM, on 25/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\TPSBattM.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\Toshiba\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37930.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)



Thanks for your time.

Cheers

Anthony

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:44 AM

Posted 25 July 2006 - 07:38 AM

No signs of Vundo, but due to a serious security risk you need to update your version of Java.

Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
Otherwise your log looks good to me.
Does it still seem a little slow to you? How are things working?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users