Member Avatar for marshal23

Hello, I am having virus problems. My spybot search and destroy keeps finding and removing adware etc. and my symantic antivirus keeps blocking trojans and adware also. I keep geting popups, not even online, and I cant access the add and remove programs on xp. I did a scan using hijackthis and here are the results:
I forgot to say I use mozilla not IE.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:16 PM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
C:\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ip:port
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - C:\WINDOWS\system32\ljjkhif.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [pivgbcrc] rundll32.exe "C:\Program Files\pivgbcrc\fglopgju.dll",Init
O4 - HKLM\..\Run: [oxkbwhut] rundll32.exe "C:\Program Files\jsxsxexa\dejwxerc.dll",Init
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvcug.dll,startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: SonicWALL Global VPN Client.lnk = C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134510653062
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O20 - Winlogon Notify: ljjkhif - C:\WINDOWS\SYSTEM32\ljjkhif.dll
O20 - Winlogon Notify: winopn32 - C:\WINDOWS\SYSTEM32\winopn32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FileSaver_Service - Unknown owner - C:\Program Files\Energizer FileSaver\UPSMON_Service.Exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11732 bytes
Any help would be greatly appreciated!!

  • 4 Contributors
  • 7 Replies
  • 129 Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by crunchie

Recommended Answers

All 7 Replies

Member Avatar for cguan_77

try to download avg anti virus check if it will help, and try also to delete the files on your temp folder, the folder use by the web browser to store temporary files on your computer...

Member Avatar for marshal23

Thanks for our effort, I believe that I solved my problem. After downloading tool and a tutorial from another site I found an outerinfoupdater program that kept downloading adware and a trojan without seeing it in my firewall. I believe it is fully removed now but I'll keep my fingers crossed.

Thanks again for the response

Member Avatar for marshal23

Ok this same file keeps being picked up when I search with AVG antispyware. It was not picked up with spybot search and destroy or adware 2007. The file it keeps finding is: not-a-virus:AdWare.Virtumonde. It said it was located at
C:\System Volume information\_restore{E67E119C-6219-411D-83CF-2388D81DB695}\RP2\A0000073.dll

The origin is C:\WINDOWS\system32\ssqqopm.dll

I want to know how it keep coming back after its cleaned???

Thanks all,

Member Avatar for hmmr90

Marshal 23---Have you ever tried a program called Regseeker?? Download it and do a search in registry for Virtumonde--delete all instances--You can also try other words and phrases in the string--You have to be careful dealing with the registry, but Regseeker has a box to check( make sure it is checked before deletion) You should be OK---hmmr90
PS I think the new version is 1.5 and can be found at www.majorgeeks.com

Member Avatar for crunchie
  • Save it to your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
  • Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.

    "%userprofile%\desktop\ComboFix.exe" /KillAll

    [IMG]http://i5.photobucket.com/albums/y153/crunchie1/RunBox_KillAll.jpg[/IMG]

  • Click OK and this will start ComboFix.
  • When finished, it will produce a log. Please save that log to a Notepad File and include it in your next reply along with a fresh HJT log.

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

* Re-enable all the programs that were disabled prior to the running of ComboFix.

* Post the following logs/Reports:


  • ComboFix.txt
  • Fresh HijackThis log run after all the other tools have performed their cleanup.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Member Avatar for hmmr90

Hi, Crunchie--as per your request here goes:

ComboFix 07-12-31.4 - Ed Sr 2008-01-02 10:36:23.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.634 [GMT -5:00]
Running from: C:\Documents and Settings\Ed Sr\desktop\ComboFix.exe
Command switches used :: /KillAll
.

(((((((((((((((((((((((((   Files Created from 2007-12-02 to 2008-01-02  )))))))))))))))))))))))))))))))
.

2008-01-02 10:35 . 2000-08-31 08:00 51,200  --a------   C:\WINDOWS\NirCmd.exe
2008-01-02 09:54 . 2008-01-02 09:54 <DIR>    d--------   C:\Documents and Settings\Ed Sr\Application Data\acccore
2008-01-02 09:48 . 2008-01-02 09:48 <DIR>    d--------   C:\Program Files\Common Files\AOL
2008-01-02 09:48 . 2008-01-02 09:48 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-02 09:48 . 2008-01-02 09:50 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-02 09:47 . 2008-01-02 09:48 <DIR>    d--------   C:\Program Files\AIM6
2007-12-31 19:03 . 2008-01-01 13:29 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-27 13:41 . 2007-12-27 13:41 <DIR>    d--------   C:\Documents and Settings\Ed Sr\Application Data\Sonic
2007-12-25 15:30 . 2007-12-25 15:30 <DIR>    d--------   C:\Program Files\Common Files\TiVo Shared
2007-12-25 15:30 . 2007-12-25 15:30 <DIR>    d--------   C:\Program Files\Common Files\Roxio Shared
2007-12-25 15:30 . 2007-12-25 15:30 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Sonic
2007-12-25 15:29 . 2007-12-25 15:33 <DIR>    d--------   C:\WINDOWS\system32\DLA
2007-12-25 15:29 . 2005-11-07 05:20 94,263  --a------   C:\WINDOWS\DLA.EXE
2007-12-25 15:29 . 2005-09-12 03:30 89,264  --a------   C:\WINDOWS\system32\drivers\DRVMCDB.SYS
2007-12-25 15:29 . 2005-11-07 05:20 61,500  --a------   C:\WINDOWS\system32\DLAAPI_W.DLL
2007-12-25 15:29 . 2005-08-12 05:20 40,544  --a------   C:\WINDOWS\system32\drivers\DRVNDDM.SYS
2007-12-25 15:29 . 2005-11-18 12:02 22,684  --a------   C:\WINDOWS\system32\drivers\DLARTL_N.SYS
2007-12-25 15:29 . 2005-11-18 12:02 5,660   --a------   C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2007-12-25 15:28 . 2007-12-25 15:28 <DIR>    d--------   C:\Program Files\Roxio
2007-12-25 15:28 . 2007-12-25 15:29 <DIR>    d--------   C:\Program Files\Common Files\Sonic Shared
2007-12-25 11:32 . 2007-12-25 11:32 <DIR>    d--------   C:\Program Files\Brother
2007-12-25 11:32 . 2007-12-25 11:32 <DIR>    d--------   C:\Brother
2007-12-25 11:32 . 2002-02-13 01:16 176,128 ---------   C:\WINDOWS\system32\Pdrvinst.dll
2007-12-25 11:32 . 2004-04-06 01:00 126,976 ---------   C:\WINDOWS\system32\BrfxD04a.dll
2007-12-25 11:32 . 2002-02-05 01:08 81,920  ---------   C:\WINDOWS\system32\BrWebIns.dll
2007-12-25 11:32 . 2002-02-05 01:07 65,536  ---------   C:\WINDOWS\system32\Brwebup.exe
2007-12-25 11:32 . 2003-05-05 19:30 65,536  ---------   C:\WINDOWS\system32\Brmfrmps.exe
2007-12-25 11:32 . 2001-11-15 01:00 6,224   ---------   C:\WINDOWS\CVRPAGE.BMP
2007-12-25 11:32 . 2003-11-28 18:57 0   --a------   C:\WINDOWS\brdfxspd.dat
2007-12-25 10:53 . 2001-06-27 11:15 131,072 --a------   C:\WINDOWS\BRUNINF2.DLL
2007-12-25 10:52 . 2001-11-13 01:17 208,896 --a------   C:\WINDOWS\system32\ADDRESS.EXE
2007-12-25 10:52 . 2000-11-10 14:17 36,864  --a------   C:\WINDOWS\system32\InstMon.dll
2007-12-25 10:52 . 2001-07-24 17:56 28,672  --a------   C:\WINDOWS\system32\UnInst.exe
2007-12-25 10:52 . 2001-07-11 01:00 10,277  --a------   C:\WINDOWS\system32\bfp.hlp
2007-12-20 07:56 . 2007-12-20 07:56 <DIR>    d--------   C:\cabs
2007-12-12 09:42 . 2008-01-02 10:42 <DIR>    d--------   C:\WINDOWS\system32\CatRoot2
2007-12-11 13:26 . 2007-12-11 13:26 <DIR>    d--------   C:\Program Files\Macrovision Corporation
2007-12-11 13:26 . 2007-12-13 11:15 <DIR>    d--------   C:\Documents and Settings\Ed Sr\Application Data\InstallShield
2007-12-10 13:52 . 2007-12-10 13:52 439,296 --a------   C:\Documents and Settings\Ed Sr\GoToAssist_phone__317_en.exe
2007-12-06 23:13 . 2007-12-06 23:13 <DIR>    d--------   C:\Documents and Settings\Ed Jr\Application Data\Aim
2007-12-06 19:54 . 2008-01-02 09:48 <DIR>    d--------   C:\Program Files\Viewpoint
2007-12-06 19:54 . 2007-12-06 19:54 <DIR>    d--------   C:\Program Files\AOD
2007-12-06 19:54 . 2008-01-02 09:53 <DIR>    d--------   C:\Program Files\AIM
2007-12-06 19:54 . 2008-01-02 09:53 <DIR>    d--------   C:\Documents and Settings\Ed Sr\Application Data\Aim
2007-12-05 13:53 . 2007-12-05 13:53 <DIR>    d--------   C:\Documents and Settings\Ed Sr\Application Data\CyberLink
2007-12-05 13:52 . 2007-12-05 14:37 <DIR>    d--------   C:\Program Files\CyberLink
2007-12-05 10:58 . 2007-12-05 10:58 <DIR>    d--------   C:\Program Files\iTunes
2007-12-05 10:58 . 2007-12-05 10:58 <DIR>    d--------   C:\Program Files\iPod
2007-12-05 07:33 . 2007-12-05 07:33 <DIR>    d--------   C:\Documents and Settings\Ed Sr\Application Data\InterVideo
2007-12-03 17:50 . 2007-12-03 17:50 262,144 --a------   C:\WINDOWS\system32\default_user_class.dat
2007-12-03 14:19 . 2007-12-03 14:19 <DIR>    d--------   C:\Program Files\Common Files\Ulead
2007-12-03 14:19 . 2006-05-11 18:41 654 ---------   C:\WINDOWS\remove.iss
2007-12-02 13:16 . 2007-12-02 13:16 <DIR>    d--------   C:\Program Files\MSXML 4.0

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 14:48    ---------   d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-02 14:39    ---------   d-----w C:\Documents and Settings\Ed Sr\Application Data\CallingID
2008-01-02 14:35    ---------   d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-02 14:34    ---------   d-----w C:\Program Files\Trojan Remover
2008-01-01 22:28    ---------   d-----w C:\Documents and Settings\Kids\Application Data\CallingID
2008-01-01 18:24    ---------   d-----w C:\Documents and Settings\Ed Jr\Application Data\CallingID
2008-01-01 00:13    ---------   d-----w C:\Program Files\Google
2007-12-31 14:28    ---------   d-----w C:\Program Files\SpiralFrog
2007-12-30 22:25    ---------   d-----w C:\Program Files\Windows Live Safety Center
2007-12-29 17:55    ---------   d-----w C:\Program Files\Secunia
2007-12-27 14:45    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-25 16:32    ---------   d-----w C:\Program Files\Common Files\InstallShield
2007-12-25 16:31    ---------   d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 16:17    ---------   d-----w C:\Program Files\UltimateZip 2007
2007-12-24 02:00    ---------   d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-18 14:10    ---------   d-----w C:\Documents and Settings\Robin\Application Data\CallingID
2007-12-10 19:22    ---------   d-----w C:\Program Files\verizon
2007-12-09 22:39    ---------   d-----w C:\Documents and Settings\Lee\Application Data\CallingID
2007-12-05 19:41    ---------   d-----w C:\Program Files\Apple Software Update
2007-12-01 12:39    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Spiralfrog
2007-11-30 18:56    ---------   d-----w C:\Program Files\UPHClean
2007-11-26 17:57    ---------   d-----w C:\Program Files\ATI Technologies
2007-11-26 17:47    ---------   d-----w C:\Program Files\Common Files\ATI Technologies
2007-11-24 13:44    ---------   d-----w C:\Program Files\Video DVD Maker
2007-11-24 09:51    ---------   d-----w C:\Documents and Settings\Ed Jr\Application Data\VersionTracker Pro
2007-11-22 20:07    ---------   d-----w C:\Documents and Settings\LocalService\Application Data\CallingID
2007-11-20 18:29    ---------   d-----w C:\Program Files\Microsoft User Agent String Utility
2007-11-20 00:09    5   ----a-w C:\WINDOWS\system32\drivers\DELL_XPS_Dell DM051                   .MRK
2007-11-20 00:09    5   ----a-w C:\WINDOWS\system32\drivers\1028_DELL_XPS_Dell DM051                   .MRK
2007-11-19 14:55    ---------   d-----w C:\Program Files\GPL MPEG Decoder
2007-11-19 13:58    ---------   d--h--w C:\Documents and Settings\Ed Jr\Application Data\Gtek
2007-11-19 13:58    ---------   d-----w C:\Program Files\DellSupport
2007-11-19 13:58    ---------   d-----w C:\Documents and Settings\Robin\Application Data\Gtek
2007-11-19 13:58    ---------   d-----w C:\Documents and Settings\Lee\Application Data\Gtek
2007-11-19 13:58    ---------   d-----w C:\Documents and Settings\Kids\Application Data\Gtek
2007-11-19 13:58    ---------   d-----w C:\Documents and Settings\Guest\Application Data\Gtek
2007-11-19 13:31    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Dell
2007-11-19 13:30    ---------   d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-11-19 13:29    ---------   d-----w C:\Program Files\Dell Support Center
2007-11-19 13:29    ---------   d-----w C:\Program Files\Common Files\SupportSoft
2007-11-18 19:35    ---------   d--h--w C:\Documents and Settings\Ed Sr\Application Data\Move Networks
2007-11-16 04:43    ---------   d-----w C:\Program Files\Western Digital Technologies
2007-11-13 10:25    20,480  ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2006-12-05 19:52    9,160   ------w C:\Documents and Settings\Ed Sr\r119567.zip
2006-12-05 19:37    9,040   ----a-w C:\Program Files\R119567.zip
2006-08-28 18:39    4,228,275   -c----w C:\Documents and Settings\Ed Sr\trsetup.exe
2006-08-28 18:39    4,228,275   -c----w C:\Documents and Settings\Administrator\trsetup.exe
2006-07-12 16:59    3,278,400   -c--a-w C:\Program Files\procexp.exe
2006-07-12 16:59    3,278,400   -c----w C:\Documents and Settings\Administrator\procexp.exe
2006-04-27 20:40    72,418  -c--a-w C:\Program Files\procexp.chm
2006-03-10 19:38    987 -c--a-w C:\Program Files\Readme.txt
2006-02-11 04:45    7,916   -c--a-w C:\Program Files\1707fp.cat
2006-02-11 04:45    2,085   -c--a-w C:\Program Files\1707FP.inf
2006-02-11 04:41    2,964   -c--a-w C:\Program Files\1707FP.icm
2004-04-30 18:41    271,344 -c----w C:\Documents and Settings\Ed Sr\DVI_Recover_FLOPPY.exe
2006-05-01 21:36    88  --sha-r C:\WINDOWS\system32\4C2A9E9F9A.sys
2006-05-09 22:59    56  --sha-r C:\WINDOWS\system32\9A9F9E2A4C.sys
2006-09-12 14:09    5,852   --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09 460784]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 17:23 68856]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-12-18 14:04 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 18:47 579072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"LinkScanner Monitor"="C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerMonitor.exe" [2007-08-20 23:00 1742104]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 13:46 57393]
"CTXFIREG"="CTXFIREG.EXE" [2006-08-11 14:53 42496 C:\WINDOWS\system32\CTXFIREG.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 10:51 49152]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 16:37 936960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-11-07 05:20 122940]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-16 07:15 219136]

C:\Documents and Settings\Ed Sr\Start Menu\Programs\Startup\
Secunia PSI (RC1).lnk - C:\Program Files\Secunia\PSI (RC1)\psi.exe [2007-12-18 08:18:52]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-31 19:03:43]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-12-25 11:32:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ    scecli scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ed Sr^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ed Sr^Start Menu^Programs^Startup^Secunia PSI (BETA).lnk.disabled]
path=C:\Documents and Settings\Ed Sr\Start Menu\Programs\Startup\Secunia PSI (BETA).lnk.disabled
backup=C:\WINDOWS\pss\Secunia PSI (BETA).lnk.disabledStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
            C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2006-02-09 21:05    344064  --a------   C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
            C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2004-04-14 14:04    40960   --a------   C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
            C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
            C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
            C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-15 13:11    267048  --a------   C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
            C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2006-06-23 11:33    438359  --a------   C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpiralFrog]
            C:\Program Files\SpiralFrog\Spiralfrog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 00:11    132496  --a------   C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-03-30 17:23    68856   --a------   C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=C:\WINDOWS\UpdReg.EXE

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 20:15]
R3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2007-09-20 20:52]
S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2004-08-10 06:00]
S3 P1Scanner;MUSTEK P1 Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-03 21:58]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2003-05-07 14:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
CtServ  REG_MULTI_SZ    CtServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb
.
Contents of the 'Scheduled Tasks' folder
"2008-01-01 23:45:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-01-02 10:42:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2008-01-02 10:47:10 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt  2008-01-02 15:47:07
.
2007-12-12 11:28:32 --- E O F ---  
And..........

Logfile of HijackThis v1.99.1
Scan saved at 10:49:37 AM, on 1/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerMonitor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Secunia\PSI (RC1)\psi.exe
C:\Documents and Settings\Ed Sr\Desktop\antispy  antivirus\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerIE.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LinkScanner Monitor] C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerMonitor.exe /auto
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [CTXFIREG] CTXFIREG.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - Startup: Secunia PSI (RC1).lnk = C:\Program Files\Secunia\PSI (RC1)\psi.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O15 - Trusted Zone: *.bnet.com
O15 - Trusted Zone: *.com.com
O15 - Trusted Zone: *.zdnet.com
O16 - DPF: vzTCPConfig - [url]http://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB[/url]
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - [url]http://support.dell.com/systemprofiler/SysPro.CAB[/url]
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - [url]https://support.microsoft.com/OAS/ActiveX/MSDcode.cab[/url]
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - [url]http://www.creative.com/su/ocx/15026/CTSUEng.cab[/url]
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[/url]
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - 
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url]http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab[/url]
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - [url]http://www.cyberlink.com/winxp/CheckDVD.cab[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195185922187[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181067661796[/url]
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - [url]http://entimg.msn.com/client/msnediag4616.cab[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - [url]http://entimg.msn.com/client/msnmusax4616.cab[/url]
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - [url]http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5170/mcfscan.cab[/url]
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - [url]http://www.creative.com/su/ocx/15028/CTPID.cab[/url]
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Thanks

Edited by mike_2000_17 because: Fixed formatting
Member Avatar for crunchie

hmmr90. My post was directed at the original poster :). If you are having a problem, you need to start your own thread.
I don't see anything in your log anyway.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.