browser redirecting etc

surreyfrog · #1 22-06-09, 13:33

Hi there, I really hope you can help with this.

My laptop was recently infected. At first I was getting fake virus alerts. I found 3 new .exe files that had been downloaded, and got rid of them. The virus alerts stopped, but now when I google something and click on one of the listed items, I'm redirected to spurious sites. Sometimes I get random audio playing. I was unable to run any antivirus scan apart from ad-aware, nor could I get system restore to run (something was stopping it). Ad-aware warned me it had found win32trojantdss but it couldn't remove it. Eventually with the help of a forum member I got malwarebytes to run. It found and removed lots of infections but there is one left, c:windows\system32\uacinit.dll. After rebooting I still get the browser redirection problem. Here's the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:19:57, on 22/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HPCC\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MrHealthy (MrHealthyService) - Symantec Corporation - C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 5183 bytes

Joe_London · #2 22-06-09, 16:26

Hi Surreyfrog,

I read your post in the other forum. As I understand it you used Hijackthis yourself and removed certain entries that looked suspicious to you without consulting anyone.

If that is the case then its best to restore the system from the HJT backup and start again as you may have removed some vital system files.

Can you do that first as a matter of urgency and then do another HJT scan and post the complete log.

Joe.

surreyfrog · #3 22-06-09, 17:11

Hi Joe

OK, I did what you asked, I restored all the entries from the Hijackthis backup.

Here is the latest Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:52, on 22/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HPCC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HPCC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HPCC\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR={C5280A13-4B43-4C21-930D-F62ECB98FE3A}; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" -"http://www.miniclip.com/games/police-chopper/en/"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MrHealthy (MrHealthyService) - Symantec Corporation - C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 6801 bytes

Joe_London · #4 22-06-09, 18:24

Hi again Surreyfrog,

Please open Hijackthis,
Click Config | Misc Tools | Open Unistall Manager.
A list of the entries in Add/remove programs will appear.
Click on Save List...
The list will be saved as 'Uninstall_list.txt'
Copy & Paste the contents in your next reply.

Download Combofix from any of the links below, and save it to your desktop.
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you don't know how to disable some of your security programs have a look :- HERE

Double click on ComboFix.exe & follow the prompts.
<ul type="square">When finished, it will produce a report for you.

[*]Please post the C:\ComboFix.txt along with a new HijackThis log for further review.[/list]
 FOR OTHER USERS, DO NOT RUN COMBOFIX UNLESS YOU ARE ASKED TO DO SO BY A HJT HELPER

Joe.

surreyfrog · #5 22-06-09, 19:11

Joe

followed your Instructions including downloading combofix.exe to desktop.

But when it came to trying to run it, clicking on the icon to run it, the program does not run.

Joe_London · #6 22-06-09, 21:01

Something may be blocking it, the question is what?

First ensure that all your full time protections are turned off.

I see you have Spybot Search & Destroy Teatimer on.

Please disable TeaTimer, it can be re-activated once your HijackThis log is clean at the end of this fix.
<ul type="square">[*]Open Spybot Search & Destroy. [*]In the Mode menu click "Advanced mode" if not already selected. [*]Choose "Yes" at the Warning prompt. [*]Expand the "Tools" menu. [*]Click "Resident". [*]Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box. [*]In the File menu click "Exit" to exit Spybot Search & Destroy.[/list]

If that doesn't work try re-naming combofix.exe to say surreyfrog.exe

Joe.

surreyfrog · #7 22-06-09, 21:22

OK, it has run, I renamed the file and it worked.

UNINSTALL_LIST.TXT:

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office system
3DVIA Player 4.1
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AVG 8.5
CAM UnZip 4.42
CCleaner (remove only)
Cheat Engine 5.3
Cheat Engine 5.5
Conexant HD Audio
Critical Update for Windows Media Player 11 (KB959772)
Driver Detective
DV 5900
EphPod
Express Burn
Free Studio version 4.1
Gabbasoft Cube Demo
Google Earth
Google SketchUp 6
Google SketchUp 6 Exporters
Google SketchUp LayOut 6
Google SketchUp Pro 6
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Home Media Server 4.0.0.0072
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotkey 1.0.4
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 7
Java(TM) 6 Update 10
Java(TM) 6 Update 6
Java(TM) 6 Update 7
LG MC USB Modem driver
LG PC Suite II
Macrogaming SweetIM 2.1
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Movavi Video Converter 6
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicnotes Player V1.22.3
Nero 7 Essentials
Nero BackItUp 2 Essentials
neroxml
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.1
Nokia MTP driver
Nokia PC Connectivity Solution
Nokia PC Suite
Nokia Software Launcher
Norton PC Checkup
Paragon Drive Backup™ 9.0 Express
Photo Story 3 for Windows
Photo Viewer 2.25
Pivot Stickfigure Animator
PowerDVD
QuickTime
Quivic
Sage Instant Accounts v14
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
Samsung New PC Studio
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Sibelius Scorch
Sibelius Scorch (ActiveX Only)
Smart Menus (Windows Live Toolbar)
Soft Data Fax Modem with SmartCP
Spybot - Search & Destroy
SpywareBlaster 4.2
SweetIM For Internet Explorer 3.0b
Switch
The Sims 2
U211 DVD 2
Ulead Photo Explorer 8.0 SE Basic
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb970012)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WavePad Uninstall
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Xdrive Desktop Lite
Xdrive Desktop Lite

COMBOFIX LOG:

ComboFix 09-06-21.01 - HPCC 22/06/2009 21:00.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.766.620 [GMT 1:00]
Running from: c:\documents and settings\HPCC\Desktop\dave.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1311457910-2216357783-1963112701-500
c:\recycler\S-1-5-21-1311457910-2216357783-1963112701-500\desktop.ini
c:\recycler\S-1-5-21-1311457910-2216357783-1963112701-500\INFO2
c:\windows\system32\drivers\UACnmrinqorivkcksjgc.s ys
c:\windows\system32\UACercriuhnqvmaapstk.dll
c:\windows\system32\UACfalkyxuwqeefotfit.dll
c:\windows\system32\UACfiblqwpjwxnclwkls.log
c:\windows\system32\UACibvvtstnioffumyrv.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkdqlcemidvbjljvts.dll
c:\windows\system32\UAClespwivxeeolctims.dll
c:\windows\system32\UACossfanoronsbnrerr.dll
c:\windows\system32\UACqmdbwnaqhwbdwfodc.log
c:\windows\system32\UACuxxtpelwkppyymseb.dat
E:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 )))))))))))))))))))))))))))))))
.

2009-07-02 17:24 . 2009-07-02 17:24 -------- d-----w- c:\program files\LG Electronics
2009-07-02 17:21 . 2007-11-08 15:26 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2009-07-02 17:21 . 2009-07-02 17:21 -------- d-----w- c:\documents and settings\HPCC\Application Data\LG Electronics
2009-07-02 17:21 . 2009-07-02 17:22 -------- d-----w- c:\program files\LG PC Suite II
2009-07-02 17:20 . 2009-07-02 17:20 -------- d-----w- c:\documents and settings\HPCC\Application Data\InstallShield
2009-06-29 10:09 . 2009-06-29 10:09 -------- d-----w- c:\program files\CAM Development
2009-06-22 19:31 . 2009-06-22 19:31 -------- d-----w- C:\Com
2009-06-22 19:30 . 2009-06-22 19:31 -------- d-----w- C:\32788R22FWJFW.1.tmp
2009-06-22 19:30 . 2009-06-22 19:30 -------- d-----w- C:\Fix
2009-06-22 19:30 . 2009-06-22 19:30 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-06-22 10:10 . 2009-06-22 10:10 -------- d-----w- c:\documents and settings\HPCC\Application Data\Malwarebytes
2009-06-22 10:07 . 2009-06-22 10:07 -------- d-----w- c:\program files\mwb
2009-06-21 21:24 . 2009-06-22 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-21 21:03 . 2009-06-22 18:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-21 17:10 . 2009-06-22 18:01 -------- d-----w- c:\program files\Lavasoft
2009-06-21 17:10 . 2009-06-21 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-21 07:28 . 2009-06-18 08:58 2052888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-06-20 14:55 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-20 14:55 . 2009-06-22 12:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-20 14:55 . 2009-06-20 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-20 14:55 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-18 08:59 . 2009-06-09 07:49 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-06-18 08:59 . 2009-06-09 07:49 1261344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll
2009-06-18 08:59 . 2009-06-09 07:49 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-06-16 09:06 . 2009-06-16 09:06 -------- d-----w- c:\documents and settings\HPCC\Local Settings\Application Data\Sage
2009-06-16 09:00 . 2009-06-16 09:00 -------- d-----w- c:\program files\Common Files\InstallEngine
2009-06-16 08:57 . 2009-06-16 08:57 -------- d-----w- c:\program files\Common Files\Sage Shared
2009-06-16 08:55 . 2009-06-16 08:57 -------- d-----w- c:\program files\Common Files\Sage Line50
2009-06-16 08:55 . 2009-06-16 09:07 -------- d-----w- c:\program files\Common Files\Sage SBD
2009-06-16 08:55 . 2009-06-16 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Sage
2009-06-16 08:55 . 2009-06-16 08:58 -------- d-----w- c:\program files\Common Files\Sage Report Designer 2007
2009-06-16 08:54 . 2009-06-16 08:54 -------- d-----w- c:\program files\Sage
2009-06-09 12:08 . 2009-06-09 12:08 -------- d-----w- c:\documents and settings\HPCC\Local Settings\Application Data\AVG Security Toolbar
2009-06-09 08:23 . 2009-06-09 08:24 -------- d-----w- c:\documents and settings\HPCC\Local Settings\Application Data\Deployment
2009-06-09 08:22 . 2009-06-02 12:38 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-09 07:50 . 2009-06-09 07:49 826344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-06-09 07:49 . 2009-06-11 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-09 07:48 . 2009-06-09 07:48 1452312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-01 07:14 . 2008-02-22 14:33 14976 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2009-06-01 07:14 . 2008-02-22 14:33 12160 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2009-06-01 07:14 . 2008-02-22 14:33 12160 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2009-06-01 07:14 . 2008-02-22 14:33 114304 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2009-06-01 07:14 . 2008-02-22 14:33 87936 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2009-06-01 07:14 . 2008-02-22 14:33 12160 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2009-06-01 07:14 . 2008-02-22 14:33 12160 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2009-06-01 07:14 . 2009-06-01 07:14 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2009-06-01 07:14 . 2009-01-08 08:42 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2009-06-01 07:14 . 2009-01-08 08:42 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2009-06-01 07:14 . 2009-01-08 08:42 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2009-06-01 07:14 . 2009-06-01 07:14 -------- d-----w- c:\documents and settings\HPCC\Application Data\Samsung
2009-06-01 07:13 . 2009-06-01 07:13 -------- d-----w- c:\program files\MarkAny
2009-06-01 07:13 . 2009-06-01 07:13 -------- d-----w- c:\program files\Samsung

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-22 17:37 . 2009-04-02 17:42 -------- d-----w- c:\program files\Cheat Engine
2009-06-21 15:08 . 2008-08-31 19:54 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-20 10:11 . 2008-03-10 20:24 -------- d-----w- c:\program files\Windows Live Toolbar
2009-06-18 08:58 . 2007-04-05 10:18 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 09:00 . 2007-01-15 17:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-14 06:08 . 2007-04-05 10:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-09 07:49 . 2009-03-27 16:37 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-01 07:14 . 2007-12-25 11:51 -------- d-----w- c:\program files\DIFX
2009-05-28 10:15 . 2008-08-06 08:54 34 ----a-w- c:\documents and settings\HPCC\jagex_runescape_preferences.dat
2009-05-07 15:44 . 2006-01-30 17:59 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2006-01-30 17:59 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2006-01-30 17:59 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-26 14:47 . 2008-11-03 22:07 -------- d-----w- c:\documents and settings\HPCC\Application Data\Ahead
2009-04-25 07:41 . 2009-03-27 16:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-04-25 07:41 . 2009-03-27 16:37 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-25 07:40 . 2009-03-27 16:37 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-04-17 09:58 . 2006-01-30 17:59 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:26 . 2006-01-30 17:59 583168 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-07 18:51 . 2009-04-07 18:51 127 ----a-w- c:\documents and settings\HPCC\Local Settings\Application Data\fusioncache.dat
2002-04-16 09:27 . 2002-04-16 09:27 5 --sha-w- c:\windows\system32\CdI5T.drv
1998-03-19 23:00 . 1998-03-19 23:00 1048 --sha-w- c:\windows\system32\flfnlf.sys
1998-03-19 23:00 . 1998-03-19 23:00 1048 --sha-w- c:\windows\system32\rlfnlf.sys
1998-03-19 23:00 . 1998-03-19 23:00 1048 --sha-w- c:\windows\system32\TMail3FL.SYS
1998-03-19 23:00 . 1998-03-19 23:00 1048 --sha-w- c:\windows\system32\TMailRL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-25 07:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\ avgrkx86.sys [27/03/2009 17:37 12552]
R0 hotcore3;hc3ServiceName;c:\windows\system32\driver s\hotcore3.sys [08/11/2008 12:10 40464]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [27/03/2009 17:37 108552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [27/03/2009 17:37 327688]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [27/03/2009 17:37 906520]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [27/03/2009 17:37 298776]
S2 azkl;azkl;c:\windows\system32\drivers\tcym.sys --> c:\windows\system32\drivers\tcym.sys [?]
S2 Ca536av;DV 5900(Video);c:\windows\system32\drivers\Ca536av.sy s [30/03/2008 14:57 514859]
S2 MrHealthyService;MrHealthy;c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service --> c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbE xDisk.Sys [01/06/2009 08:14 36608]
S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm. sys [15/01/2007 18:40 659456]
S3 USBCamera;DV 5900(Still);c:\windows\system32\drivers\Bulk536.sy s [30/03/2008 14:57 11048]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\ FsUsbExService.Exe [01/06/2009 08:14 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-06-22 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3121785044-16713964-2988421403-1005.job
- c:\documents and settings\HPCC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-09 08:24]

2009-06-17 c:\windows\Tasks\Norton PC Checkup Weekday Scanner.job
- c:\program files\Norton PC Checkup\PC_Checkup.exe [2009-01-29 22:10]

2009-06-21 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\Norton PC Checkup\PC_Checkup.exe [2009-01-29 22:10]
.
- - - - ORPHANS REMOVED - - - -

HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR={C5280A13-4B43-4C21-930D-F62ECB98FE3A}; GTB6; .NET CLR 1.1.4322; .NET
HKLM-Run-NPSStartup - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={sear...f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 21:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2009-06-22 21:08
ComboFix-quarantined-files.txt 2009-06-22 20:08

Pre-Run: 34,650,185,728 bytes free
Post-Run: 34,712,920,064 bytes free

198 --- E O F --- 2009-06-14 06:08

surreyfrog · #8 22-06-09, 21:34

Joe - dare I say it, after doing the above it all seems back to normal.

Joe_London · #9 22-06-09, 23:43

[ QUOTE ]

Joe - dare I say it, after doing the above it all seems back to normal.

[/ QUOTE ]
Thought it might but we still have work to do.

Please go to the add/remove utility in the control panel and uninstall all the following programmes:
Ask Toolbar
J2SE Runtime Environment 5.0 Update 7
Java(TM) 6 Update 10
Java(TM) 6 Update 6
Java(TM) 6 Update 7
SweetIM For Internet Explorer 3.0b

I suggest reviewing your securities as you appear to have some duplication

I recommend uninstalling the following as well as it does much the same job as other programmes you have on there.
Ad-Aware
Ad-Aware
Now run Ccleaner.
Now run malwarebytes and post the report/log (Be sure to update definitions first.)

Do you recognise these drivers? Its possible Mbam will remove them if they are dodgy. Do not remove them otherwise.

2002-04-16 09:27 . 2002-04-16 09:27 5 --sha-w- c:\windows\system32\CdI5T.drv
1998-03-19 23:00 . 1998-03-19 23:00 1048 --sha-w- c:\windows\system32\flfnlf.sys
1998-03-19 23:00 . 1998-03-19 23:00 1048 --sha-w- c:\windows\system32\rlfnlf.sys
1998-03-19 23:00 . 1998-03-19 23:00 1048 --sha-w- c:\windows\system32\TMail3FL.SYS
1998-03-19 23:00 . 1998-03-19 23:00 1048 --sha-w- c:\windows\system32\TMailRL.sys

What firewall do you have?

Post the following:

The Malwarebytes log.
Another Hijackthis log
Another Uninstall List.
The Requested Information.

This may not remove all the infections present. It is important that you post back and complete the fix.

Please post in this thread for further review and evaluation.
Please provide details of any problems you encountered whilst performing the above steps & update us on how the Computer is running.

Joe.

surreyfrog · #10 23-06-09, 07:06

[ QUOTE ]

Please go to the add/remove utility in the control panel and uninstall all the following programmes:
Ask Toolbar
J2SE Runtime Environment 5.0 Update 7
Java(TM) 6 Update 10
Java(TM) 6 Update 6
Java(TM) 6 Update 7
SweetIM For Internet Explorer 3.0b

[/ QUOTE ]

Joe sorry to be a pain, but it's not clear to me which button to hit.

HJT gives a list of programs that can be removed.

I first selected ASK toolbar

I saw three buttons I could use: 'delete this entry' 'edit uninstall command' and 'open add/remove software list'

I hit 'delete this entry'

Having done so I wondered if I had done the right thing, and maybe I should have used 'open add/remove software list'

Can you advise please?

Webuser.co.uk

Web User Alerts

Web User Network

Site Policies

Magazine Subscription

Contacts

Search