Help Removing gebcc.dll

Gadgetman496 · 24-09-2007 8:29pm #1

I've been getting a report from AVG about wanting to move gebcc.dll to the virus vault, I have moved it but it keeps coming back. Any help removing this little pest would be great.

HighJack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 20:55:56, on 24/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\slrundll.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\abit\abit uGuru\AirPaceWifi.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Xerox One Touch\OneTouchMon.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
C:\Program Files\WinFax\WFXCTL32.EXE
C:\Program Files\Cordless USB Phone\Vtech Cordless Phone Suite.exe
C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [AirPaceWifi] "C:\Program Files\abit\abit uGuru\AirPaceWifi.exe" -nogui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [PP8 Reminder] "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Xerox One Touch\OneTouchMon.exe"
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE
O4 - Global Startup: usb7100 Startup.lnk = C:\Program Files\Cordless USB Phone\Vtech Cordless Phone Suite.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190230945390
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190231013843
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: cbxuroo - C:\WINDOWS\SYSTEM32\cbxuroo.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

ActorSeeksJob · 24-09-2007 8:41pm

Hello

Please download VundoFix.exe to your desktop

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please download RUNSCANNER to your desktop and run it.

When the first page comes up select Beginner Mode
On the next page select Save a binary .Run file (optional) then click Start full computer scan at the bottom.
At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log
Call the file "Select a file name here" and save it to your desktop. You will see the .run file on your desktop. Please zip that file by right clicking and selecting send to Zip file

Then upload that as an attachment along with the log file produced in your next post.

Please also post a new HijackThis log.

Gadgetman496 · 24-09-2007 9:22pm

VundoFix reported that it found no infections.

I have attached the "RunScanner Files"

The ComboFix & New HighJack This log are below.

ComboFix Log:

ComboFix 07-09-21.2 - "Ronan Mulveen" 2007-09-24 21:58:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2416 [GMT 1:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\RONANM~1\APPLIC~1\inst.exe

.
((((((((((((((((((((((((( Files Created from 2007-08-24 to 2007-09-24 )))))))))))))))))))))))))))))))
.

2007-09-24 21:58 51,200 --a

C:\WINDOWS\NirCmd.exe
2007-09-24 21:54 <DIR> d

C:\VundoFix Backups
2007-09-24 20:38 <DIR> d

C:\Program Files\TextBridge Pro 9.0
2007-09-24 20:33 <DIR> d

C:\Program Files\Xerox One Touch
2007-09-24 20:33 <DIR> d

C:\Program Files\Scansoft
2007-09-24 20:25 305,152 --a

C:\WINDOWS\IsUninst.exe
2007-09-24 15:43 <DIR> d

C:\WINDOWS\VizLog
2007-09-24 14:06 <DIR> d

C:\DOCUME~1\RONANM~1\APPLIC~1\Help
2007-09-24 13:46 <DIR> d

C:\Program Files\Common Files\Concord Shared
2007-09-24 13:46 <DIR> d

C:\DOCUME~1\RONANM~1\APPLIC~1\Symantec
2007-09-24 13:46 <DIR> d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-24 13:45 <DIR> d

C:\Program Files\WinFax
2007-09-24 13:45 <DIR> d

C:\Program Files\Symantec
2007-09-24 13:45 <DIR> d

C:\Program Files\Common Files\Symantec Shared
2007-09-24 13:45 <DIR> d

C:\Program Files\Common Files\Novell Shared
2007-09-24 13:16 175,104 --a--c--- C:\WINDOWS\system32\dllcache\csamsp.dll
2007-09-24 13:16 175,104 --a

C:\WINDOWS\system32\csamsp.dll
2007-09-24 13:16 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2007-09-24 13:16 16,128 --a

C:\WINDOWS\system32\drivers\MODEMCSA.sys
2007-09-24 02:48 <DIR> d

C:\Program Files\Screamer Radio
2007-09-24 00:10 3,072 --a

C:\WINDOWS\system32\drivers\vncmirror.sys
2007-09-24 00:10 19,968 --a

C:\WINDOWS\system32\vncmirror.dll
2007-09-24 00:10 <DIR> d

C:\Program Files\RealVNC
2007-09-24 00:04 83,552 --a

C:\WINDOWS\system32\LMIRfsClientNP.dll
2007-09-24 00:04 46,112 --a

C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2007-09-24 00:04 26,176 --a

C:\WINDOWS\system32\LMIport.dll
2007-09-24 00:03 63,040 --a

C:\WINDOWS\system32\LMIinit.dll
2007-09-24 00:03 <DIR> d

C:\Program Files\LogMeIn
2007-09-23 22:21 384,512 --a

C:\WINDOWS\system32\MFCO40.DLL
2007-09-23 22:21 358,400 --a

C:\WINDOWS\system32\MFC30.DLL
2007-09-23 22:21 28,672 --a

C:\WINDOWS\Photo Express 3.scr
2007-09-23 22:21 151,040 --a

C:\WINDOWS\system32\MFCO30.DLL
2007-09-23 22:20 <DIR> d

C:\Program Files\Ulead Systems
2007-09-23 22:19 <DIR> d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
2007-09-23 22:11 86,016 --a

C:\WINDOWS\system32\odbctl32.dll
2007-09-23 22:11 78,608 --a

C:\WINDOWS\system32\Vb5db.dll
2007-09-23 22:11 421,888 --a

C:\WINDOWS\system32\Msrepl35.dll
2007-09-23 22:11 262,144 --a

C:\WINDOWS\system32\msrd2x35.dll
2007-09-23 22:11 24,848 --a

C:\WINDOWS\system32\msjter35.dll
2007-09-23 22:11 123,664 --a

C:\WINDOWS\system32\msjint35.dll
2007-09-23 22:11 1,045,776 --a

C:\WINDOWS\system32\msjet35.dll
2007-09-23 22:03 <DIR> d

C:\Program Files\Common Files\scansoft shared
2007-09-23 22:02 270,336 --a

C:\WINDOWS\IHelper.exe
2007-09-23 21:56 <DIR> d

C:\WINDOWS\pss
2007-09-23 21:46 98,304 --a

C:\WINDOWS\system\CamExL20.dll
2007-09-23 21:46 73,728 --a

C:\WINDOWS\system32\LVUI2RC.dll
2007-09-23 21:46 69,632 --a

C:\WINDOWS\system32\lvcoinst.dll
2007-09-23 21:46 57,344 --a

C:\WINDOWS\system32\LVComC.dll
2007-09-23 21:46 371,766 --a

C:\WINDOWS\system32\drivers\CamDrL21.sys
2007-09-23 21:46 12,112 --a

C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-09-23 21:46 110,592 --a

C:\WINDOWS\system32\LVUI2.dll
2007-09-23 21:46 <DIR> d

C:\Program Files\directx
2007-09-23 21:45 167,936 --a

C:\WINDOWS\system32\lvcodec2.dll
2007-09-23 21:45 102,400 --a

C:\WINDOWS\system32\LVComS.exe
2007-09-23 21:45 <DIR> d

C:\Program Files\Common Files\Logitech
2007-09-23 21:43 <DIR> d--h

C:\WINDOWS\msdownld.tmp
2007-09-23 21:43 <DIR> d

C:\Program Files\Windows Media Components
2007-09-23 21:42 <DIR> d

C:\Program Files\Logitech
2007-09-23 21:34 35,840 --a

C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-09-23 21:33 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-09-23 21:33 25,856 --a

C:\WINDOWS\system32\drivers\usbprint.sys
2007-09-23 21:26 <DIR> d

C:\Program Files\HP
2007-09-23 21:26 <DIR> d

C:\Program Files\Hewlett-Packard
2007-09-23 21:19 <DIR> dr

C:\DOCUME~1\RONANM~1\My Private Folder
2007-09-23 21:17 <DIR> d

C:\Program Files\Microsoft Private Folder 1.0
2007-09-23 20:50 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-09-23 20:50 59,264 --a

C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-09-23 20:50 <DIR> d

C:\Program Files\Cordless USB Phone
2007-09-23 19:45 <DIR> d

C:\Program Files\SIM MagicV70
2007-09-23 19:29 48,640

C:\WINDOWS\system32\drivers\ser2pl.sys
2007-09-23 19:23 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-09-23 19:23 9,600 --a

C:\WINDOWS\system32\drivers\hidusb.sys
2007-09-23 19:23 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-09-23 19:23 31,616 --a

C:\WINDOWS\system32\drivers\usbccgp.sys
2007-09-23 19:22 <DIR> d

C:\Program Files\Marks&Spencer
2007-09-23 19:21 299,520 --a

C:\WINDOWS\uninst.exe
2007-09-23 19:19 <DIR> d

C:\DOCUME~1\RONANM~1\WINDOWS
2007-09-23 19:08 <DIR> d

C:\DOCUME~1\RONANM~1\APPLIC~1\Apple Computer
2007-09-23 18:55 <DIR> d

C:\DOCUME~1\RONANM~1\Bluetooth Software
2007-09-23 18:54 <DIR> d

C:\Program Files\Sitecom
2007-09-23 18:53 51,848 -ra

C:\WINDOWS\system32\drivers\btwusb.sys
2007-09-23 18:53 17,484 -ra

C:\WINDOWS\system32\drivers\frmupgr.sys
2007-09-23 18:52 77,824 -ra

C:\WINDOWS\system32\btw_ci.dll
2007-09-23 18:39 <DIR> d

C:\Program Files\Skype
2007-09-23 18:39 <DIR> d

C:\Program Files\Common Files\Skype
2007-09-23 18:39 <DIR> d

C:\DOCUME~1\RONANM~1\APPLIC~1\Skype
2007-09-23 18:39 <DIR> d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-09-23 17:28 <DIR> d

C:\Program Files\My Kazaa Gold
2007-09-23 17:19 <DIR> d

C:\Program Files\FrostWire
2007-09-23 17:19 <DIR> d

C:\DOCUME~1\RONANM~1\APPLIC~1\FrostWire
2007-09-23 17:02 34,816 --a

C:\WINDOWS\system32\cbxuroo.dll
2007-09-23 16:44 <DIR> d

C:\DOCUME~1\RONANM~1\Incomplete
2007-09-23 16:40 <DIR> d

C:\Program Files\LimeWire
2007-09-23 16:40 <DIR> d

C:\DOCUME~1\RONANM~1\APPLIC~1\LimeWire
2007-09-21 05:27 <DIR> d

C:\WINDOWS\ImageShackToolbar
2007-09-21 05:17 <DIR> d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-09-21 05:09 427,864 --a

C:\WINDOWS\system32\XceedZip.dll
2007-09-21 05:09 <DIR> d

C:\Program Files\Driver-Soft
2007-09-21 04:59 <DIR> d

C:\Program Files\DAEMON Tools
2007-09-21 04:41 646,392 --a

C:\WINDOWS\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-24 13:46

d--h

C:\Program Files\InstallShield Installation Information
2007-09-23 19:29

d

C:\Program Files\Common Files\InstallShield
2007-09-21 01:03 359808 --a

C:\WINDOWS\system32\drivers\tcpip.sys
2007-09-19 18:37 9216 --a

C:\WINDOWS\system32\avgwlntf.dll
2007-09-19 18:37 499712 --a

C:\WINDOWS\system32\msvcp71.dll
2007-09-19 18:37 348160 --a

C:\WINDOWS\system32\msvcr71.dll
2007-09-19 18:37 110592 --a

C:\WINDOWS\system32\avgfwafu.dll
2007-09-19 17:34

d

C:\Program Files\muvee Technologies
2007-09-19 17:34

d

C:\Program Files\Common Files\muvee Technologies
2007-09-19 17:34

d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
2007-09-19 17:28

d

C:\Program Files\Realtek
2007-09-19 17:08

d

C:\Program Files\microsoft frontpage
2007-07-30 19:19 92504 --a

C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a

C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a

C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 325976 --a

C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a

C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a

C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a

C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 207736 --a

C:\WINDOWS\system32\muweb.dll
2007-06-26 07:08 1104896 --a

C:\WINDOWS\system32\msxml3.dll
2003-07-15 15:33 225280 --a

C:\WINDOWS\inf\i386\rtscan.dll
2002-10-09 10:11 61440 --a

C:\WINDOWS\inf\i386\onetUSD.dll
2002-08-23 15:06 13824 --a

C:\WINDOWS\inf\i386\Usbscan.sys
2002-07-09 09:23 36864 --a

C:\WINDOWS\inf\i386\Vizmicro.dll
2002-05-20 09:20 172032 --a

C:\WINDOWS\inf\i386\viceo.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2006-04-07 10:37]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 10:21 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe]
"Gainward"="C:\WINDOWS\TBPanel.exe" [2007-03-23 09:32]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-22 03:50]
"nwiz"="nwiz.exe" [2007-03-22 03:50 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-03-22 03:50]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-20 22:55]
"THGuard"="C:\Program Files\TrojanHunter 4.6\THGuard.exe" [2006-09-21 15:29]
"AirPaceWifi"="C:\Program Files\abit\abit uGuru\AirPaceWifi.exe" [2006-12-18 10:40]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-21 01:42]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 21:01]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 13:42]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2002-06-10 14:21]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-09-11 12:58]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-09-11 12:57]
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2002-09-23 09:50]
"PP8 Reminder"="C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" [2002-09-26 07:06]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03]
"WFXSwtch"="C:\PROGRA~1\WinFax\WFXSWTCH.exe" [2002-12-12 13:45]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2002-12-12 13:45 C:\WINDOWS\system32\WFXSNT40.EXE]
"OneTouch Monitor"="C:\Program Files\Xerox One Touch\OneTouchMon.exe" [2003-06-12 16:14]
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [2000-06-19 08:51]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [2000-06-19 08:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-23 16:04]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 11:45]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-31 17:40]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"RegisterDropHandler"=C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
BTTray.lnk - C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe [2003-12-01 15:28:00]
Controller.LNK - C:\Program Files\WinFax\WFXCTL32.EXE [2007-09-24 13:45:41]
usb7100 Startup.lnk - C:\Program Files\Cordless USB Phone\Vtech Cordless Phone Suite.exe [2007-09-23 20:50:23]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F8C5BB1-8D81-497D-8E4C-4F81490B8FB8}"= C:\WINDOWS\system32\cbxuroo.dll [2007-09-23 17:02 34816]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Program Files\WinFax\WfxSeh32.Dll [1998-07-27 04:54 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-09-19 18:37 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxuroo]
cbxuroo.dll 2007-09-23 17:02 34816 C:\WINDOWS\system32\cbxuroo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

R0 Si3531;SiI-3531 SATA Controller;C:\WINDOWS\system32\DRIVERS\Si3531.sys
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
R2 Prvflder;Prvflder;C:\WINDOWS\system32\DRIVERS\prvflder.sys
R2 TBPanel;TBPanel;C:\WINDOWS\system32\drivers\TBPanel.sys
R2 wfxsvc;WinFax PRO;C:\WINDOWS\system32\WFXSVC.EXE
R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys
R3 vncmirror;vncmirror;C:\WINDOWS\system32\DRIVERS\vncmirror.sys
S3 AR2425;abit AirPace Wi-Fi Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\aw5006.sys
S3 Cardex;Cardex;\??\C:\WINDOWS\system32\drivers\TBPANEL.SYS
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\H:\NTGLM7X.sys

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-24 21:59:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-24 21:59:52
C:\ComboFix-quarantined-files.txt ... 2007-09-24 21:59
.
--- E O F ---

New HighJack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 22:05:49, on 24/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\TBPanel.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\abit\abit uGuru\AirPaceWifi.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Xerox One Touch\OneTouchMon.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
C:\Program Files\WinFax\WFXCTL32.EXE
C:\Program Files\Cordless USB Phone\Vtech Cordless Phone Suite.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Private Folder 1.0\ShellHelper.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [AirPaceWifi] "C:\Program Files\abit\abit uGuru\AirPaceWifi.exe" -nogui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [PP8 Reminder] "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Xerox One Touch\OneTouchMon.exe"
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE
O4 - Global Startup: usb7100 Startup.lnk = C:\Program Files\Cordless USB Phone\Vtech Cordless Phone Suite.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190230945390
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190231013843
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: cbxuroo - C:\WINDOWS\SYSTEM32\cbxuroo.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

ActorSeeksJob · 24-09-2007 9:52pm

Hello

Please go to UploadMalware to upload a suspicious file for analysis.

Enter your username from this forum
Copy and paste the link to this thread
Browse for this filename: C:\WINDOWS\system32\cbxuroo.dll
In the comments, please mention that I asked you to upload this file
Click on Send File

Open notepad (Start > Run and type notepad > click Ok) and copy/paste the text in the quote box below into it:

File::
C:\WINDOWS\system32\cbxuroo.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F8C5BB1-8D81-497D-8E4C-4F81490B8FB8}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxuroo]

Save this as CFScript

Refering to the picture above, drag CFScript into ComboFix.exe

Run ComboFix again and post the resultant log file.

Download the zipped attachment at the end of this post(this will be your runscanner as fixed by me)

Unzip it to your desktop then double click the runscanner icon this will run the program.
You will notice several entries in ORANGE with a tick, right click them individually and select delete.
Accept the warning then repeat until they are all gone.

So post back with the ComboFix log and a new HijackThis log please.

Gadgetman496 · 24-09-2007 10:26pm

OK ActorSeeksJob,

I have followed your instructions to the letter, so here are the logs.

New ComboFix Log:

ComboFix 07-09-21.2 - "Ronan Mulveen" 2007-09-24 23:09:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2379 [GMT 1:00]
Command switches used :: C:\Documents and Settings\Ronan Mulveen\Desktop\New Rig\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\cbxuroo.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\cbxuroo.dll
C:\WINDOWS\system32\ddayy.dll

.
((((((((((((((((((((((((( Files Created from 2007-08-24 to 2007-09-24 )))))))))))))))))))))))))))))))
.

2007-09-24 22:42 51,072 --a

C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-09-24 22:42 30,592 --a

C:\WINDOWS\system32\drivers\ikhfile.sys
2007-09-24 22:42 <DIR> d-a

C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-24 22:42 <DIR> d

C:\Program Files\Spyware Doctor
2007-09-24 22:42 <DIR> d

C:\DOCUME~1\RONANM~1\APPLIC~1\PC Tools
2007-09-24 21:58 51,200 --a

C:\WINDOWS\NirCmd.exe
2007-09-24 21:54 <DIR> d

C:\VundoFix Backups
2007-09-24 20:38 <DIR> d

C:\Program Files\TextBridge Pro 9.0
2007-09-24 20:33 <DIR> d

C:\Program Files\Xerox One Touch
2007-09-24 20:33 <DIR> d

C:\Program Files\Scansoft
2007-09-24 20:25 305,152 --a

C:\WINDOWS\IsUninst.exe
2007-09-24 15:43 <DIR> d

C:\WINDOWS\VizLog
2007-09-24 14:06 <DIR> d

C:\DOCUME~1\RONANM~1\APPLIC~1\Help
2007-09-24 13:46 <DIR> d

C:\Program Files\Common Files\Concord Shared
2007-09-24 13:46 <DIR> d

C:\DOCUME~1\RONANM~1\APPLIC~1\Symantec
2007-09-24 13:46 <DIR> d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-24 13:45 <DIR> d

C:\Program Files\WinFax
2007-09-24 13:45 <DIR> d

C:\Program Files\Symantec
2007-09-24 13:45 <DIR> d

C:\Program Files\Common Files\Symantec Shared
2007-09-24 13:45 <DIR> d

C:\Program Files\Common Files\Novell Shared
2007-09-24 13:16 175,104 --a--c--- C:\WINDOWS\system32\dllcache\csamsp.dll
2007-09-24 13:16 175,104 --a

C:\WINDOWS\system32\csamsp.dll
2007-09-24 13:16 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2007-09-24 13:16 16,128 --a

C:\WINDOWS\system32\drivers\MODEMCSA.sys
2007-09-24 02:48 <DIR> d

C:\Program Files\Screamer Radio
2007-09-24 00:10 3,072 --a

C:\WINDOWS\system32\drivers\vncmirror.sys
2007-09-24 00:10 19,968 --a

C:\WINDOWS\system32\vncmirror.dll
2007-09-24 00:10 <DIR> d

C:\Program Files\RealVNC
2007-09-24 00:04 83,552 --a

C:\WINDOWS\system32\LMIRfsClientNP.dll
2007-09-24 00:04 46,112 --a

C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2007-09-24 00:04 26,176 --a

C:\WINDOWS\system32\LMIport.dll
2007-09-24 00:03 63,040 --a

C:\WINDOWS\system32\LMIinit.dll
2007-09-24 00:03 <DIR> d

C:\Program Files\LogMeIn
2007-09-23 22:21 384,512 --a

C:\WINDOWS\system32\MFCO40.DLL
2007-09-23 22:21 358,400 --a

C:\WINDOWS\system32\MFC30.DLL
2007-09-23 22:21 28,672 --a

C:\WINDOWS\Photo Express 3.scr
2007-09-23 22:21 151,040 --a

C:\WINDOWS\system32\MFCO30.DLL
2007-09-23 22:20 <DIR> d

C:\Program Files\Ulead Systems
2007-09-23 22:19 <DIR> d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
2007-09-23 22:11 86,016 --a

C:\WINDOWS\system32\odbctl32.dll
2007-09-23 22:11 78,608 --a

C:\WINDOWS\system32\Vb5db.dll
2007-09-23 22:11 421,888 --a

C:\WINDOWS\system32\Msrepl35.dll
2007-09-23 22:11 262,144 --a

C:\WINDOWS\system32\msrd2x35.dll
2007-09-23 22:11 24,848 --a

C:\WINDOWS\system32\msjter35.dll
2007-09-23 22:11 123,664 --a

C:\WINDOWS\system32\msjint35.dll
2007-09-23 22:11 1,045,776 --a

C:\WINDOWS\system32\msjet35.dll
2007-09-23 22:03 <DIR> d

C:\Program Files\Common Files\scansoft shared
2007-09-23 22:02 270,336 --a

C:\WINDOWS\IHelper.exe
2007-09-23 21:56 <DIR> d

C:\WINDOWS\pss
2007-09-23 21:46 98,304 --a

C:\WINDOWS\system\CamExL20.dll
2007-09-23 21:46 73,728 --a

C:\WINDOWS\system32\LVUI2RC.dll
2007-09-23 21:46 69,632 --a

C:\WINDOWS\system32\lvcoinst.dll
2007-09-23 21:46 57,344 --a

C:\WINDOWS\system32\LVComC.dll
2007-09-23 21:46 371,766 --a

C:\WINDOWS\system32\drivers\CamDrL21.sys
2007-09-23 21:46 12,112 --a

C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-09-23 21:46 110,592 --a

C:\WINDOWS\system32\LVUI2.dll
2007-09-23 21:46 <DIR> d

C:\Program Files\directx
2007-09-23 21:45 167,936 --a

C:\WINDOWS\system32\lvcodec2.dll
2007-09-23 21:45 102,400 --a

C:\WINDOWS\system32\LVComS.exe
2007-09-23 21:45 <DIR> d

C:\Program Files\Common Files\Logitech
2007-09-23 21:43 <DIR> d--h

C:\WINDOWS\msdownld.tmp
2007-09-23 21:43 <DIR> d

C:\Program Files\Windows Media Components
2007-09-23 21:42 <DIR> d

C:\Program Files\Logitech
2007-09-23 21:34 35,840 --a

C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-09-23 21:33 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-09-23 21:33 25,856 --a

C:\WINDOWS\system32\drivers\usbprint.sys
2007-09-23 21:26 <DIR> d

C:\Program Files\HP
2007-09-23 21:26 <DIR> d

C:\Program Files\Hewlett-Packard
2007-09-23 21:19 <DIR> dr

C:\DOCUME~1\RONANM~1\My Private Folder
2007-09-23 21:17 <DIR> d

C:\Program Files\Microsoft Private Folder 1.0
2007-09-23 20:50 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-09-23 20:50 59,264 --a

C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-09-23 20:50 <DIR> d

C:\Program Files\Cordless USB Phone
2007-09-23 19:45 <DIR> d

C:\Program Files\SIM MagicV70
2007-09-23 19:29 48,640

C:\WINDOWS\system32\drivers\ser2pl.sys
2007-09-23 19:23 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-09-23 19:23 9,600 --a

C:\WINDOWS\system32\drivers\hidusb.sys
2007-09-23 19:23 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-09-23 19:23 31,616 --a

C:\WINDOWS\system32\drivers\usbccgp.sys
2007-09-23 19:22 <DIR> d

C:\Program Files\Marks&Spencer
2007-09-23 19:21 299,520 --a

C:\WINDOWS\uninst.exe
2007-09-23 19:19 <DIR> d

C:\DOCUME~1\RONANM~1\WINDOWS
2007-09-23 19:08 <DIR> d

C:\DOCUME~1\RONANM~1\APPLIC~1\Apple Computer
2007-09-23 18:55 <DIR> d

C:\DOCUME~1\RONANM~1\Bluetooth Software
2007-09-23 18:54 <DIR> d

C:\Program Files\Sitecom
2007-09-23 18:53 51,848 -ra

C:\WINDOWS\system32\drivers\btwusb.sys
2007-09-23 18:53 17,484 -ra

C:\WINDOWS\system32\drivers\frmupgr.sys
2007-09-23 18:52 77,824 -ra

C:\WINDOWS\system32\btw_ci.dll
2007-09-23 18:39 <DIR> d

C:\Program Files\Skype
2007-09-23 18:39 <DIR> d

C:\Program Files\Common Files\Skype
2007-09-23 18:39 <DIR> d

C:\DOCUME~1\RONANM~1\APPLIC~1\Skype
2007-09-23 18:39 <DIR> d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-09-23 17:28 <DIR> d

C:\Program Files\My Kazaa Gold
2007-09-23 17:19 <DIR> d

C:\Program Files\FrostWire
2007-09-23 17:19 <DIR> d

C:\DOCUME~1\RONANM~1\APPLIC~1\FrostWire
2007-09-23 16:44 <DIR> d

C:\DOCUME~1\RONANM~1\Incomplete
2007-09-23 16:40 <DIR> d

C:\Program Files\LimeWire
2007-09-23 16:40 <DIR> d

C:\DOCUME~1\RONANM~1\APPLIC~1\LimeWire
2007-09-21 05:27 <DIR> d

C:\WINDOWS\ImageShackToolbar
2007-09-21 05:17 <DIR> d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-24 13:46

d--h

C:\Program Files\InstallShield Installation Information
2007-09-23 19:29

d

C:\Program Files\Common Files\InstallShield
2007-09-21 01:03 359808 --a

C:\WINDOWS\system32\drivers\tcpip.sys
2007-09-19 18:37 9216 --a

C:\WINDOWS\system32\avgwlntf.dll
2007-09-19 18:37 499712 --a

C:\WINDOWS\system32\msvcp71.dll
2007-09-19 18:37 348160 --a

C:\WINDOWS\system32\msvcr71.dll
2007-09-19 18:37 110592 --a

C:\WINDOWS\system32\avgfwafu.dll
2007-09-19 17:34

d

C:\Program Files\muvee Technologies
2007-09-19 17:34

d

C:\Program Files\Common Files\muvee Technologies
2007-09-19 17:34

d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
2007-09-19 17:28

d

C:\Program Files\Realtek
2007-09-19 17:08

d

C:\Program Files\microsoft frontpage
2007-07-30 19:19 92504 --a

C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a

C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a

C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 325976 --a

C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a

C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a

C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a

C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 207736 --a

C:\WINDOWS\system32\muweb.dll
2007-06-26 07:08 1104896 --a

C:\WINDOWS\system32\msxml3.dll
2003-07-15 15:33 225280 --a

C:\WINDOWS\inf\i386\rtscan.dll
2002-10-09 10:11 61440 --a

C:\WINDOWS\inf\i386\onetUSD.dll
2002-08-23 15:06 13824 --a

C:\WINDOWS\inf\i386\Usbscan.sys
2002-07-09 09:23 36864 --a

C:\WINDOWS\inf\i386\Vizmicro.dll
2002-05-20 09:20 172032 --a

C:\WINDOWS\inf\i386\viceo.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2006-04-07 10:37]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 10:21 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe]
"Gainward"="C:\WINDOWS\TBPanel.exe" [2007-03-23 09:32]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-22 03:50]
"nwiz"="nwiz.exe" [2007-03-22 03:50 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-03-22 03:50]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-20 22:55]
"THGuard"="C:\Program Files\TrojanHunter 4.6\THGuard.exe" [2006-09-21 15:29]
"AirPaceWifi"="C:\Program Files\abit\abit uGuru\AirPaceWifi.exe" [2006-12-18 10:40]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-21 01:42]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 21:01]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 13:42]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2002-06-10 14:21]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-09-11 12:58]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-09-11 12:57]
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2002-09-23 09:50]
"PP8 Reminder"="C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" [2002-09-26 07:06]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03]
"WFXSwtch"="C:\PROGRA~1\WinFax\WFXSWTCH.exe" [2002-12-12 13:45]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2002-12-12 13:45 C:\WINDOWS\system32\WFXSNT40.EXE]
"OneTouch Monitor"="C:\Program Files\Xerox One Touch\OneTouchMon.exe" [2003-06-12 16:14]
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [2000-06-19 08:51]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [2000-06-19 08:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-23 16:04]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 11:45]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-31 17:40]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"RegisterDropHandler"=C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
BTTray.lnk - C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe [2003-12-01 15:28:00]
Controller.LNK - C:\Program Files\WinFax\WFXCTL32.EXE [2007-09-24 13:45:41]
usb7100 Startup.lnk - C:\Program Files\Cordless USB Phone\Vtech Cordless Phone Suite.exe [2007-09-23 20:50:23]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Program Files\WinFax\WfxSeh32.Dll [1998-07-27 04:54 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-09-19 18:37 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

R0 Si3531;SiI-3531 SATA Controller;C:\WINDOWS\system32\DRIVERS\Si3531.sys
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
R2 Prvflder;Prvflder;C:\WINDOWS\system32\DRIVERS\prvflder.sys
R2 TBPanel;TBPanel;C:\WINDOWS\system32\drivers\TBPanel.sys
R2 wfxsvc;WinFax PRO;C:\WINDOWS\system32\WFXSVC.EXE
R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys
R3 vncmirror;vncmirror;C:\WINDOWS\system32\DRIVERS\vncmirror.sys
S3 AR2425;abit AirPace Wi-Fi Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\aw5006.sys
S3 Cardex;Cardex;\??\C:\WINDOWS\system32\drivers\TBPANEL.SYS
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\H:\NTGLM7X.sys

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-24 23:12:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-24 23:13:50 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-24 23:13
C:\ComboFix2.txt ... 2007-09-24 21:59
.
--- E O F ---

New HighJack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 23:25:47, on 24/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\TBPanel.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\abit\abit uGuru\AirPaceWifi.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Xerox One Touch\OneTouchMon.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
C:\Program Files\WinFax\WFXCTL32.EXE
C:\Program Files\Cordless USB Phone\Vtech Cordless Phone Suite.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [AirPaceWifi] "C:\Program Files\abit\abit uGuru\AirPaceWifi.exe" -nogui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [PP8 Reminder] "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Xerox One Touch\OneTouchMon.exe"
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE
O4 - Global Startup: usb7100 Startup.lnk = C:\Program Files\Cordless USB Phone\Vtech Cordless Phone Suite.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190230945390
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190231013843
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

ActorSeeksJob · 24-09-2007 11:55pm

Looking good. Your PC having any problems?

Gadgetman496 · 25-09-2007 12:06am

ActorSeeksJob wrote:

Looking good. Your PC having any problems?

None whatsoever ActorSeeksJob.

Looks like you've struck again

The little nasty appears to have been eradicated :eek:

The machine was a brand new build & I had spent hours installing & tweaking stuff to get it just the way I wanted it. I have a sneaking idea as to what caused the problem & it won't be doing it again

As a last resort I was going to re-install but your expert ability has saved me all that pain.

A huge sincere "Thank you ActorSeeksJob"

-

ActorSeeksJob · 25-09-2007 12:37am

Great to hear everything is working ok

You should delete the tools we used to be safe

ComboFix.exe
runscanner.exe
VundoFix.exe

If I knew I was going to be posting so much on boards when I made this account, I would have made a better name !!

Glad to be of help. Enjoy your week.

Gadgetman496 · 25-09-2007 12:49am

ActorSeeksJob wrote:

Great to hear everything is working ok

You should delete the tools we used to be safe
ComboFix.exe

runscanner.exe

VundoFix.exe

Done,

The name is great, it gives you the drop on the nasties, their looking out for names like "Terminator" "I'm going to get you" Oh! & I nearly forgot "Norton":D

Sleep well.

Help Removing gebcc.dll

Comments