how do i remove curePCsolution?
- Thread starter lubo4444
- Start date
lubo4444
Active Member
there is the log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:10 PM, on 11/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\TRIXX\TRIXX.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\Datecs\Flex2K.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [TRIXX] "C:\Program Files\TRIXX\TRIXX.exe" -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\RealMedia\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Global Startup: FlexType 2K.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Blocking access to the document address by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisBlockDocument.html
O8 - Extra context menu item: Blocking access to the image address by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisBlockImage.html
O8 - Extra context menu item: Blocking access to the link address by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisBlockLink.html
O8 - Extra context menu item: Cut proxy addresses from selected text by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisCutProxyFromSelectedTеxt.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1190416363264
O18 - Protocol: bw+0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--
End of file - 21558 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:10 PM, on 11/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\TRIXX\TRIXX.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\Datecs\Flex2K.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [TRIXX] "C:\Program Files\TRIXX\TRIXX.exe" -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\RealMedia\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Global Startup: FlexType 2K.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Blocking access to the document address by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisBlockDocument.html
O8 - Extra context menu item: Blocking access to the image address by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisBlockImage.html
O8 - Extra context menu item: Blocking access to the link address by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisBlockLink.html
O8 - Extra context menu item: Cut proxy addresses from selected text by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisCutProxyFromSelectedTеxt.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1190416363264
O18 - Protocol: bw+0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8F789CCF-EF7E-4F73-AFF4-A19DA71172FE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--
End of file - 21558 bytes
Download and Run ComboFix
- Download this file from either of the two below listed places :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
- Then double click combofix.exe & follow the prompts.
- When finished, it shall produce a log for you. Post that log in your next reply
lubo4444
Active Member
there it is...
ComboFix 07-11-01.1 - LuBo 2007-11-04 18:50:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.485 [GMT -5:00]
Running from: C:\Documents and Settings\LuBo\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-10-04 to 2007-11-04 )))))))))))))))))))))))))))))))
.
2007-11-04 18:49 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-04 12:26 <DIR> d-------- C:\Program Files\XoftSpySE
2007-11-03 17:57 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-02 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2007-11-02 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-11-02 19:33 <DIR> d-------- C:\WINDOWS\DA15D5355E1D4076B5208571346D6238.TMP
2007-11-02 18:52 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-28 00:29 <DIR> dr-h----- C:\Documents and Settings\LuBo\Application Data\SecuROM
2007-10-28 00:29 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-10-27 18:20 <DIR> d-------- C:\Documents and Settings\LuBo\Application Data\IDM
2007-10-27 17:52 <DIR> d-------- C:\Program Files\Rockstar Games
2007-10-26 16:04 <DIR> d-------- C:\Program Files\KONAMI
2007-10-25 19:19 <DIR> d-------- C:\WINDOWS\system32\Trick Daddy Screensaver dir
2007-10-25 19:15 202,240 --a------ C:\WINDOWS\system32\Trick Daddy Screensaver.scr
2007-10-25 08:27 30,728 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-10-25 08:25 33,800 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-10-25 08:25 27,144 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-10-24 15:56 <DIR> d-------- C:\Program Files\Ubisoft
2007-10-24 15:45 <DIR> d-------- C:\Program Files\Mplayer
2007-10-24 15:30 <DIR> d-------- C:\Program Files\EA SPORTS
2007-10-22 01:14 1,156 --a------ C:\WINDOWS\mozver.dat
2007-10-21 12:08 <DIR> d-------- C:\Program Files\Internet Download Manager
2007-10-21 11:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2007-10-21 11:28 <DIR> d-------- C:\Program Files\Easiestutils
2007-10-14 12:27 <DIR> d-------- C:\Program Files\Google
2007-10-09 19:07 <DIR> d-------- C:\Documents and Settings\LuBo\Application Data\Ahead
2007-10-09 19:04 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-10-09 18:56 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-10-09 12:20 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-04 23:48 --------- d-----w C:\Program Files\Orbitdownloader
2007-11-04 23:48 --------- d-----w C:\Documents and Settings\LuBo\Application Data\Orbit
2007-11-04 23:41 --------- d-----w C:\Program Files\Steam
2007-11-04 23:38 --------- d-----w C:\Documents and Settings\LuBo\Application Data\Skype
2007-11-04 23:33 --------- d-----w C:\Documents and Settings\LuBo\Application Data\DMCache
2007-11-04 05:38 --------- d-----w C:\Program Files\SwiftSwitch
2007-10-27 22:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-27 16:30 --------- d-----w C:\Documents and Settings\LuBo\Application Data\LimeWire
2007-10-26 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\SwiftSwitch
2007-10-24 21:03 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-24 19:41 --------- d-----w C:\Program Files\Dictionary
2007-10-23 17:22 --------- d-----w C:\Program Files\Java
2007-10-10 00:04 --------- d-----w C:\Program Files\Nero
2007-10-10 00:00 --------- d-----w C:\Program Files\Common Files\Simple Star Shared
2007-10-10 00:00 --------- d-----w C:\Documents and Settings\LuBo\Application Data\Nero
2007-10-10 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-10-03 18:48 --------- d-----w C:\Program Files\Arjaloc
2007-09-30 16:47 --------- d-----w C:\Program Files\Zoom Player
2007-09-30 16:47 --------- d-----w C:\Program Files\SHOUTcast Source
2007-09-30 16:47 --------- d-----w C:\Program Files\RealMedia
2007-09-30 16:47 --------- d-----w C:\Program Files\OpenSource Flash Video Splitter
2007-09-30 16:47 --------- d-----w C:\Program Files\Haali
2007-09-30 16:47 --------- d-----w C:\Program Files\DScaler5
2007-09-30 16:47 --------- d-----w C:\Program Files\DS-MP3 Source
2007-09-30 16:47 --------- d-----w C:\Program Files\DirectVobSub
2007-09-30 16:47 --------- d-----w C:\Program Files\CD Audio Reader Filter
2007-09-30 16:45 --------- d-----w C:\Documents and Settings\LuBo\Application Data\Media Player Classic
2007-09-29 22:50 --------- d-----w C:\Documents and Settings\LuBo\Application Data\ATI
2007-09-29 22:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2007-09-29 22:48 --------- d-----w C:\Program Files\ATI Technologies
2007-09-26 21:20 --------- d-----w C:\Program Files\MSN Messenger
2007-09-26 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-09-26 19:12 --------- d-----w C:\Program Files\MTA San Andreas
2007-09-25 00:08 --------- d-----w C:\Program Files\Creative Zone
2007-09-23 03:33 --------- d-----w C:\Program Files\EnsignGames
2007-09-23 03:03 --------- d-----w C:\Documents and Settings\LuBo\Application Data\Oxin's Style!
2007-09-22 22:49 --------- d-----w C:\Program Files\BitLord
2007-09-22 21:41 --------- d-----w C:\Program Files\San Andreas Mod Installer
2007-09-22 04:43 --------- d-----w C:\Program Files\Winamp
2007-09-22 04:39 --------- d-----w C:\Documents and Settings\LuBo\Application Data\DivX
2007-09-22 04:26 --------- d-----w C:\Program Files\WinCustomize
2007-09-22 04:22 --------- d-----w C:\Program Files\Stardock
2007-09-22 04:22 --------- d-----w C:\Program Files\Common Files\Stardock
2007-09-22 04:13 --------- d-----w C:\Program Files\DivX
2007-09-22 04:10 --------- d-----w C:\Program Files\VideoLAN
2007-09-22 04:10 --------- d-----w C:\Documents and Settings\LuBo\Application Data\vlc
2007-09-22 04:08 --------- d-----w C:\Program Files\Winamp Voice Control
2007-09-22 04:08 --------- d-----w C:\Program Files\Webteh
2007-09-22 04:07 --------- d-----w C:\Program Files\VirtualDJ
2007-09-22 04:07 --------- d-----w C:\Program Files\DFX
2007-09-22 04:05 --------- d-----w C:\Program Files\GeoVid
2007-09-22 04:05 --------- d-----w C:\Documents and Settings\LuBo\Application Data\GeoVid
2007-09-22 04:03 --------- d-----w C:\Program Files\PowerISO
2007-09-22 03:56 --------- d-----w C:\Program Files\QuickTime
2007-09-22 03:56 --------- d-----w C:\Documents and Settings\LuBo\Application Data\InterVideo
2007-09-22 03:55 --------- d-----w C:\Program Files\InterVideo Information Service
2007-09-22 03:55 --------- d-----w C:\Program Files\Common Files\Ulead
2007-09-22 03:55 --------- d-----w C:\Program Files\Apple Software Update
2007-09-22 03:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-22 03:54 --------- d-----w C:\Program Files\InterVideo
2007-09-22 03:54 --------- d-----w C:\Program Files\Common Files\InterVideo
2007-09-22 03:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-22 03:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-09-22 03:51 --------- d-----w C:\Program Files\HyCam2
2007-09-22 03:48 --------- d-----w C:\Program Files\NeroInstall.bak
2007-09-22 03:39 --------- d-----w C:\Documents and Settings\LuBo\Application Data\Simple Star
2007-09-22 03:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simple Star Shared
2007-09-22 03:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-09-22 03:26 --------- d-----w C:\Program Files\SVD
2007-09-22 03:26 --------- d-----w C:\Program Files\FDRLab
2007-09-22 03:26 --------- d-----w C:\Program Files\CursorXP
2007-09-22 03:25 --------- d-----w C:\Program Files\Bluetooth Remote Control
2007-09-22 03:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-09-22 03:10 --------- d-----w C:\Program Files\Logitech
2007-09-22 03:10 --------- d-----w C:\Program Files\Common Files\logishrd
2007-09-22 03:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-09-22 02:27 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-22 02:26 --------- d-----w C:\Program Files\MSBuild
2007-09-22 02:23 --------- d-----w C:\Program Files\Reference Assemblies
2007-09-22 02:22 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-22 00:22 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd1997.sys
2007-09-21 23:39 --------- d-----w C:\Program Files\MSXML 4.0
2007-09-21 23:35 --------- d-----w C:\Program Files\XP Codec Pack
2007-09-21 23:11 --------- d-----w C:\Program Files\DVD Shrink
2007-09-21 23:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-09-21 23:08 --------- d-----w C:\Program Files\LimeWire
2007-09-21 23:08 --------- d-----w C:\Program Files\Filesweb
2007-09-21 23:05 --------- d--ha-w C:\Documents and Settings\All Users\Application Data\GTek
2007-09-21 23:05 --------- d--h--w C:\Documents and Settings\LuBo\Application Data\GTek
2007-09-21 23:05 --------- d-----w C:\Program Files\Video DVD Maker
2007-09-21 23:05 --------- d-----w C:\Program Files\Linksys EasyLink Advisor
2007-09-21 23:05 --------- d-----w C:\Documents and Settings\Default User\Application Data\Gtek
2007-09-21 23:02 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-21 22:54 --------- d-----w C:\Program Files\Real
2007-09-21 22:54 --------- d-----w C:\Program Files\Common Files\xing shared
2007-09-21 22:54 --------- d-----w C:\Program Files\Common Files\Real
2007-09-21 22:53 --------- d-----w C:\Program Files\XVid;-)
2007-09-21 22:52 --------- d-----w C:\Program Files\MPEG4 Direct Maker
2007-09-21 22:48 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-09-21 22:48 --------- d-----w C:\Program Files\Common Files\L&H
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TRIXX"="C:\Program Files\TRIXX\TRIXX.exe" [2005-08-16 06:18]
"TkBellExe"="C:\Program Files\RealMedia\Update_OB\realsched.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-05-20 05:13]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 17:38]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" []
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 04:50 C:\WINDOWS\LOGI_MWX.EXE]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 16:34]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 11:35]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:56 C:\WINDOWS\system32\bthprops.cpl]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-10-25 08:26]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"Steam"="c:\program files\steam\steam.exe" [2007-10-04 21:11]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" []
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2003-03-01 16:25]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" []
"DLD.EXE"="C:\Program Files\Download Direct\DLD.exe" []
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-10-27 18:21]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
FlexType 2K.lnk - C:\WINDOWS\Datecs\Flex2K.exe [2007-09-21 17:32:51]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2006-03-25 10:54 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger Agent.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE]
C:\Program Files\Download Direct\DLD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
"C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
R1 TRIXX;TRIXX;\??\C:\Program Files\TRIXX\TRIXXDriver.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
R2 elagopro;GoProto Protocol Driver for LELA;C:\WINDOWS\system32\DRIVERS\elagopro.sys
R2 elaunidr;UniDriver for LELA;C:\WINDOWS\system32\DRIVERS\elaunidr.sys
R3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
S3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-11-03 16:41:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-02 19:00:19 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-11-04 17:35:48 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-04 18:52:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-04 18:53:34
.
--- E O F ---
ComboFix 07-11-01.1 - LuBo 2007-11-04 18:50:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.485 [GMT -5:00]
Running from: C:\Documents and Settings\LuBo\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-10-04 to 2007-11-04 )))))))))))))))))))))))))))))))
.
2007-11-04 18:49 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-04 12:26 <DIR> d-------- C:\Program Files\XoftSpySE
2007-11-03 17:57 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-02 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2007-11-02 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-11-02 19:33 <DIR> d-------- C:\WINDOWS\DA15D5355E1D4076B5208571346D6238.TMP
2007-11-02 18:52 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-28 00:29 <DIR> dr-h----- C:\Documents and Settings\LuBo\Application Data\SecuROM
2007-10-28 00:29 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-10-27 18:20 <DIR> d-------- C:\Documents and Settings\LuBo\Application Data\IDM
2007-10-27 17:52 <DIR> d-------- C:\Program Files\Rockstar Games
2007-10-26 16:04 <DIR> d-------- C:\Program Files\KONAMI
2007-10-25 19:19 <DIR> d-------- C:\WINDOWS\system32\Trick Daddy Screensaver dir
2007-10-25 19:15 202,240 --a------ C:\WINDOWS\system32\Trick Daddy Screensaver.scr
2007-10-25 08:27 30,728 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-10-25 08:25 33,800 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-10-25 08:25 27,144 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-10-24 15:56 <DIR> d-------- C:\Program Files\Ubisoft
2007-10-24 15:45 <DIR> d-------- C:\Program Files\Mplayer
2007-10-24 15:30 <DIR> d-------- C:\Program Files\EA SPORTS
2007-10-22 01:14 1,156 --a------ C:\WINDOWS\mozver.dat
2007-10-21 12:08 <DIR> d-------- C:\Program Files\Internet Download Manager
2007-10-21 11:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2007-10-21 11:28 <DIR> d-------- C:\Program Files\Easiestutils
2007-10-14 12:27 <DIR> d-------- C:\Program Files\Google
2007-10-09 19:07 <DIR> d-------- C:\Documents and Settings\LuBo\Application Data\Ahead
2007-10-09 19:04 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-10-09 18:56 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-10-09 12:20 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-04 23:48 --------- d-----w C:\Program Files\Orbitdownloader
2007-11-04 23:48 --------- d-----w C:\Documents and Settings\LuBo\Application Data\Orbit
2007-11-04 23:41 --------- d-----w C:\Program Files\Steam
2007-11-04 23:38 --------- d-----w C:\Documents and Settings\LuBo\Application Data\Skype
2007-11-04 23:33 --------- d-----w C:\Documents and Settings\LuBo\Application Data\DMCache
2007-11-04 05:38 --------- d-----w C:\Program Files\SwiftSwitch
2007-10-27 22:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-27 16:30 --------- d-----w C:\Documents and Settings\LuBo\Application Data\LimeWire
2007-10-26 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\SwiftSwitch
2007-10-24 21:03 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-24 19:41 --------- d-----w C:\Program Files\Dictionary
2007-10-23 17:22 --------- d-----w C:\Program Files\Java
2007-10-10 00:04 --------- d-----w C:\Program Files\Nero
2007-10-10 00:00 --------- d-----w C:\Program Files\Common Files\Simple Star Shared
2007-10-10 00:00 --------- d-----w C:\Documents and Settings\LuBo\Application Data\Nero
2007-10-10 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-10-03 18:48 --------- d-----w C:\Program Files\Arjaloc
2007-09-30 16:47 --------- d-----w C:\Program Files\Zoom Player
2007-09-30 16:47 --------- d-----w C:\Program Files\SHOUTcast Source
2007-09-30 16:47 --------- d-----w C:\Program Files\RealMedia
2007-09-30 16:47 --------- d-----w C:\Program Files\OpenSource Flash Video Splitter
2007-09-30 16:47 --------- d-----w C:\Program Files\Haali
2007-09-30 16:47 --------- d-----w C:\Program Files\DScaler5
2007-09-30 16:47 --------- d-----w C:\Program Files\DS-MP3 Source
2007-09-30 16:47 --------- d-----w C:\Program Files\DirectVobSub
2007-09-30 16:47 --------- d-----w C:\Program Files\CD Audio Reader Filter
2007-09-30 16:45 --------- d-----w C:\Documents and Settings\LuBo\Application Data\Media Player Classic
2007-09-29 22:50 --------- d-----w C:\Documents and Settings\LuBo\Application Data\ATI
2007-09-29 22:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2007-09-29 22:48 --------- d-----w C:\Program Files\ATI Technologies
2007-09-26 21:20 --------- d-----w C:\Program Files\MSN Messenger
2007-09-26 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-09-26 19:12 --------- d-----w C:\Program Files\MTA San Andreas
2007-09-25 00:08 --------- d-----w C:\Program Files\Creative Zone
2007-09-23 03:33 --------- d-----w C:\Program Files\EnsignGames
2007-09-23 03:03 --------- d-----w C:\Documents and Settings\LuBo\Application Data\Oxin's Style!
2007-09-22 22:49 --------- d-----w C:\Program Files\BitLord
2007-09-22 21:41 --------- d-----w C:\Program Files\San Andreas Mod Installer
2007-09-22 04:43 --------- d-----w C:\Program Files\Winamp
2007-09-22 04:39 --------- d-----w C:\Documents and Settings\LuBo\Application Data\DivX
2007-09-22 04:26 --------- d-----w C:\Program Files\WinCustomize
2007-09-22 04:22 --------- d-----w C:\Program Files\Stardock
2007-09-22 04:22 --------- d-----w C:\Program Files\Common Files\Stardock
2007-09-22 04:13 --------- d-----w C:\Program Files\DivX
2007-09-22 04:10 --------- d-----w C:\Program Files\VideoLAN
2007-09-22 04:10 --------- d-----w C:\Documents and Settings\LuBo\Application Data\vlc
2007-09-22 04:08 --------- d-----w C:\Program Files\Winamp Voice Control
2007-09-22 04:08 --------- d-----w C:\Program Files\Webteh
2007-09-22 04:07 --------- d-----w C:\Program Files\VirtualDJ
2007-09-22 04:07 --------- d-----w C:\Program Files\DFX
2007-09-22 04:05 --------- d-----w C:\Program Files\GeoVid
2007-09-22 04:05 --------- d-----w C:\Documents and Settings\LuBo\Application Data\GeoVid
2007-09-22 04:03 --------- d-----w C:\Program Files\PowerISO
2007-09-22 03:56 --------- d-----w C:\Program Files\QuickTime
2007-09-22 03:56 --------- d-----w C:\Documents and Settings\LuBo\Application Data\InterVideo
2007-09-22 03:55 --------- d-----w C:\Program Files\InterVideo Information Service
2007-09-22 03:55 --------- d-----w C:\Program Files\Common Files\Ulead
2007-09-22 03:55 --------- d-----w C:\Program Files\Apple Software Update
2007-09-22 03:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-22 03:54 --------- d-----w C:\Program Files\InterVideo
2007-09-22 03:54 --------- d-----w C:\Program Files\Common Files\InterVideo
2007-09-22 03:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-22 03:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-09-22 03:51 --------- d-----w C:\Program Files\HyCam2
2007-09-22 03:48 --------- d-----w C:\Program Files\NeroInstall.bak
2007-09-22 03:39 --------- d-----w C:\Documents and Settings\LuBo\Application Data\Simple Star
2007-09-22 03:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simple Star Shared
2007-09-22 03:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-09-22 03:26 --------- d-----w C:\Program Files\SVD
2007-09-22 03:26 --------- d-----w C:\Program Files\FDRLab
2007-09-22 03:26 --------- d-----w C:\Program Files\CursorXP
2007-09-22 03:25 --------- d-----w C:\Program Files\Bluetooth Remote Control
2007-09-22 03:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-09-22 03:10 --------- d-----w C:\Program Files\Logitech
2007-09-22 03:10 --------- d-----w C:\Program Files\Common Files\logishrd
2007-09-22 03:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-09-22 02:27 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-22 02:26 --------- d-----w C:\Program Files\MSBuild
2007-09-22 02:23 --------- d-----w C:\Program Files\Reference Assemblies
2007-09-22 02:22 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-22 00:22 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd1997.sys
2007-09-21 23:39 --------- d-----w C:\Program Files\MSXML 4.0
2007-09-21 23:35 --------- d-----w C:\Program Files\XP Codec Pack
2007-09-21 23:11 --------- d-----w C:\Program Files\DVD Shrink
2007-09-21 23:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-09-21 23:08 --------- d-----w C:\Program Files\LimeWire
2007-09-21 23:08 --------- d-----w C:\Program Files\Filesweb
2007-09-21 23:05 --------- d--ha-w C:\Documents and Settings\All Users\Application Data\GTek
2007-09-21 23:05 --------- d--h--w C:\Documents and Settings\LuBo\Application Data\GTek
2007-09-21 23:05 --------- d-----w C:\Program Files\Video DVD Maker
2007-09-21 23:05 --------- d-----w C:\Program Files\Linksys EasyLink Advisor
2007-09-21 23:05 --------- d-----w C:\Documents and Settings\Default User\Application Data\Gtek
2007-09-21 23:02 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-21 22:54 --------- d-----w C:\Program Files\Real
2007-09-21 22:54 --------- d-----w C:\Program Files\Common Files\xing shared
2007-09-21 22:54 --------- d-----w C:\Program Files\Common Files\Real
2007-09-21 22:53 --------- d-----w C:\Program Files\XVid;-)
2007-09-21 22:52 --------- d-----w C:\Program Files\MPEG4 Direct Maker
2007-09-21 22:48 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-09-21 22:48 --------- d-----w C:\Program Files\Common Files\L&H
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TRIXX"="C:\Program Files\TRIXX\TRIXX.exe" [2005-08-16 06:18]
"TkBellExe"="C:\Program Files\RealMedia\Update_OB\realsched.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-05-20 05:13]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 17:38]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" []
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 04:50 C:\WINDOWS\LOGI_MWX.EXE]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 16:34]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 11:35]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:56 C:\WINDOWS\system32\bthprops.cpl]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-10-25 08:26]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"Steam"="c:\program files\steam\steam.exe" [2007-10-04 21:11]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" []
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2003-03-01 16:25]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" []
"DLD.EXE"="C:\Program Files\Download Direct\DLD.exe" []
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-10-27 18:21]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
FlexType 2K.lnk - C:\WINDOWS\Datecs\Flex2K.exe [2007-09-21 17:32:51]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2006-03-25 10:54 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger Agent.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE]
C:\Program Files\Download Direct\DLD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
"C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
R1 TRIXX;TRIXX;\??\C:\Program Files\TRIXX\TRIXXDriver.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
R2 elagopro;GoProto Protocol Driver for LELA;C:\WINDOWS\system32\DRIVERS\elagopro.sys
R2 elaunidr;UniDriver for LELA;C:\WINDOWS\system32\DRIVERS\elaunidr.sys
R3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
S3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-11-03 16:41:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-02 19:00:19 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-11-04 17:35:48 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-04 18:52:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-04 18:53:34
.
--- E O F ---
alternatively go here and try the link for a removal program
http://www.spywareremove.com/removeCurePCSolution.html
if that still does not work, follow the directions and do it manually..... cheers
http://www.spywareremove.com/removeCurePCSolution.html
if that still does not work, follow the directions and do it manually..... cheers