Solve : help re: HJT log please.?

1.	Solve : help re: HJT log please.?
Answer» ComboFix 09-06-07.02 - mike 07/06/2009 22:43:52.2 - NTFSx86 Microsoft Windows XP HOME Edition 5.1.2600.3.1252.44.1033.18.959.488 [GMT 1:00] Running from: C:\Documents and Settings\mike\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ZONEALARM Firewall enabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 ))))))))))))))))))))))))))))))) . 2009-06-07 21:19:29 . 2009-06-07 21:24:21 0 d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP 2009-06-07 16:22:51 . 2009-06-07 16:23:00 0 d-----w- C:\Program Files\Spybot - Search & Destroy 2009-05-31 12:56:59 . 2009-05-31 13:02:31 0 d-----w- C:\Documents and Settings\mike\Application Data\HouseCall 6.6 2009-05-30 11:00:55 . 2009-05-26 12:20:08 40160 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2009-05-30 11:00:54 . 2009-06-07 17:02:30 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware 2009-05-30 11:00:54 . 2009-05-26 12:19:56 19096 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys 2009-05-30 10:49:38 . 2009-05-31 09:56:35 0 d-----w- C:\Program Files\SUPERAntiSpyware 2009-05-14 18:09:18 . 2009-05-14 18:09:18 0 d-----w- C:\Documents and Settings\mike\Local Settings\Application Data\Ahead . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-07 21:23:11 . 2008-12-27 14:36:49 0 d-----w- C:\Program Files\Google 2009-06-07 21:05:23 . 2008-12-28 19:09:59 0 d-----w- C:\Documents and Settings\All Users\Application Data\Google Updater 2009-06-07 16:35:36 . 2008-12-28 18:43:30 0 d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-06-07 16:14:26 . 2009-04-02 20:16:59 117760 ----a-w- C:\Documents and Settings\mike\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-06-07 15:47:50 . 2009-06-07 15:48:26 1664000 ----a-w- C:\WINDOWS\Internet Logs\xDB5.tmp 2009-05-31 13:10:13 . 2008-12-27 14:16:35 0 d-----w- C:\Program Files\Common Files\Wise Installation Wizard 2009-05-31 10:24:47 . 2008-12-28 19:12:42 1324 ----a-w- C:\WINDOWS\system32\d3d9caps.dat 2009-05-28 16:53:21 . 2009-05-28 16:56:04 341504 ----a-w- C:\WINDOWS\Internet Logs\xDB4.tmp 2009-05-27 17:32:38 . 2009-01-29 19:33:37 0 d-----w- C:\Documents and Settings\All Users\Application Data\WinZip 2009-05-20 17:50:42 . 2008-12-27 13:59:29 11952 ----a-w- C:\WINDOWS\system32\avgrsstx.dll 2009-05-20 17:50:42 . 2008-12-27 13:59:25 325896 ----a-w- C:\WINDOWS\system32\drivers\avgldx86.sys 2009-05-20 17:50:42 . 2008-12-27 13:59:24 27784 ----a-w- C:\WINDOWS\system32\drivers\avgmfx86.sys 2009-05-20 17:50:38 . 2008-12-27 13:59:28 108552 ----a-w- C:\WINDOWS\system32\drivers\avgtdix.sys 2009-05-17 19:02:32 . 2009-05-18 18:44:20 322048 ----a-w- C:\WINDOWS\Internet Logs\xDB3.tmp 2009-05-13 18:53:53 . 2008-12-27 19:51:33 0 d-----w- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-05-12 20:18:56 . 2009-05-13 18:11:08 2709504 ----a-w- C:\WINDOWS\Internet Logs\xDB2.tmp 2009-04-17 18:36:45 . 2009-04-13 18:16:10 0 d-----w- C:\Program Files\Common Files\Adobe AIR 2009-04-17 18:36:39 . 2009-04-13 18:09:58 38208 ----a-w- C:\Documents and Settings\mike\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-04-17 18:23:20 . 2009-04-17 18:23:20 0 d-----w- C:\Program Files\Secunia 2009-04-13 18:15:38 . 2008-12-27 19:16:34 0 d-----w- C:\Program Files\Common Files\Adobe 2009-04-13 18:10:05 . 2009-04-13 18:10:05 0 d-----w- C:\Documents and Settings\mike\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-04-13 17:59:25 . 2008-12-27 14:11:26 0 d-----w- C:\Program Files\Java 2009-04-13 17:58:33 . 2009-04-13 17:58:33 152576 ----a-w- C:\Documents and Settings\mike\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-04-09 17:37:26 . 2009-04-02 19:28:36 0 d-----w- C:\Documents and Settings\All Users\Application Data\STOPzilla! 2009-03-24 11:03:08 . 2009-03-24 11:03:08 7808 ----a-w- C:\WINDOWS\system32\drivers\psi_mf.sys 2009-03-15 20:00:26 . 2009-03-16 09:29:22 2754560 ----a-w- C:\WINDOWS\Internet Logs\xDB1.tmp . ((((((((((((((((((((((((((((( [emailprotected]_15.59.06 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-07 21:25:25 . 2009-06-07 21:25:25 16384 C:\WINDOWS\Temp\Perflib_Perfdata_664.dat + 2006-02-28 12:00:00 . 2009-06-07 21:29:29 60740 C:\WINDOWS\system32\perfc009.dat - 2006-02-28 12:00:00 . 2009-06-07 15:52:29 60740 C:\WINDOWS\system32\perfc009.dat + 2006-02-28 12:00:00 . 2009-06-07 21:29:29 400772 C:\WINDOWS\system32\perfh009.dat - 2006-02-28 12:00:00 . 2009-06-07 15:52:29 400772 C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "STManager"="C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-10-16 13:25:32 118784] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 00:12:28 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38:38 866816] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-05-20 17:50:39 1947928] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50:42 155648] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22:30 155648] "OpwareSE3"="C:\Program Files\ScanSoft\OmniPageSE3.0\OpwareSE3.exe" [2005-05-23 19:22:14 57344] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00:48 33648] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-09-17 23:55:00 13574144] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-09-17 23:55:00 86016] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 15:18:56 981904] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-03-09 04:19:17 148888] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 16:10:28 35696] "nwiz"="nwiz.exe" - C:\WINDOWS\system32\nwiz.exe [2008-09-17 23:55:00 1657376] C:\Documents and Settings\mike\Start Menu\Programs\STARTUP\ Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe [2009-3-24 748840] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-9-23 415072] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 09:13:36 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05:34 356352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-05-20 17:50:42 11952 ----a-w- C:\WINDOWS\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "RTHDCPL"=RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [27/12/2008 14:59:25 325896] R1 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [27/12/2008 14:59:28 108552] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [26/05/2009 10:05:54 9968] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [26/05/2009 10:05:52 72944] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [27/12/2008 14:59:21 908568] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [27/12/2008 14:59:20 298776] R2 olMntrService;olMntrService;C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe [03/01/2006 12:36:32 69632] R3 PSI;PSI;C:\WINDOWS\system32\drivers\psi_mf.sys [24/03/2009 12:03:08 7808] S2 gupdate1c969202e758636;Google Update Service (gupdate1c969202e758636);C:\Program Files\Google\Update\GoogleUpdate.exe [28/12/2008 20:12:04 133104] S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe --> C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [?] S3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [26/05/2009 10:05:56 7408] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-06-07 C:\WINDOWS\Tasks\Google Software Updater.job - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-27 14:36:54 . 2009-03-26 19:18:30] 2009-06-07 C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2008-12-28 19:12:04 . 2009-02-11 19:15:25] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms} IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {B87CCE2B-6BD3-40FB-8856-4D7E8D914875} = 193.36.79.100 80.10.246.1 . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-07 22:45:24 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 **********************************************************************Looks Ok. Is there a reason that this is in the NteSvcs? HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUpMy Dad used to have Tune up Utilities installed. Thanks again for all your help.Your WELCOME. Sorry to pressure you but it's kind of frustrating feeling like I may be leaving a computer half fixed. These are important steps to finish up. Click START then RUN Now type Combofix /u in the runbox Make sure there's a space between Combofix and /u Then hit Enter. . . The above procedure will: Delete: ComboFix and its associated files and folders. Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Set a new, clean Restore Point. . ---------- Use the Secunia Software Inspector to check for out of date software. Click Start Now Check the box next to Enable thorough system inspection. Click Start** Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

Answer»

ComboFix 09-06-07.02 - mike 07/06/2009 22:43:52.2 - NTFSx86
Microsoft Windows XP HOME Edition 5.1.2600.3.1252.44.1033.18.959.488 [GMT 1:00]
Running from: C:\Documents and Settings\mike\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZONEALARM Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 )))))))))))))))))))))))))))))))
.

2009-06-07 21:19:29 . 2009-06-07 21:24:21 0 d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2009-06-07 16:22:51 . 2009-06-07 16:23:00 0 d-----w- C:\Program Files\Spybot - Search & Destroy
2009-05-31 12:56:59 . 2009-05-31 13:02:31 0 d-----w- C:\Documents and Settings\mike\Application Data\HouseCall 6.6
2009-05-30 11:00:55 . 2009-05-26 12:20:08 40160 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-05-30 11:00:54 . 2009-06-07 17:02:30 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-30 11:00:54 . 2009-05-26 12:19:56 19096 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2009-05-30 10:49:38 . 2009-05-31 09:56:35 0 d-----w- C:\Program Files\SUPERAntiSpyware
2009-05-14 18:09:18 . 2009-05-14 18:09:18 0 d-----w- C:\Documents and Settings\mike\Local Settings\Application Data\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 21:23:11 . 2008-12-27 14:36:49 0 d-----w- C:\Program Files\Google
2009-06-07 21:05:23 . 2008-12-28 19:09:59 0 d-----w- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-06-07 16:35:36 . 2008-12-28 18:43:30 0 d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-07 16:14:26 . 2009-04-02 20:16:59 117760 ----a-w- C:\Documents and Settings\mike\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-07 15:47:50 . 2009-06-07 15:48:26 1664000 ----a-w- C:\WINDOWS\Internet Logs\xDB5.tmp
2009-05-31 13:10:13 . 2008-12-27 14:16:35 0 d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2009-05-31 10:24:47 . 2008-12-28 19:12:42 1324 ----a-w- C:\WINDOWS\system32\d3d9caps.dat
2009-05-28 16:53:21 . 2009-05-28 16:56:04 341504 ----a-w- C:\WINDOWS\Internet Logs\xDB4.tmp
2009-05-27 17:32:38 . 2009-01-29 19:33:37 0 d-----w- C:\Documents and Settings\All Users\Application Data\WinZip
2009-05-20 17:50:42 . 2008-12-27 13:59:29 11952 ----a-w- C:\WINDOWS\system32\avgrsstx.dll
2009-05-20 17:50:42 . 2008-12-27 13:59:25 325896 ----a-w- C:\WINDOWS\system32\drivers\avgldx86.sys
2009-05-20 17:50:42 . 2008-12-27 13:59:24 27784 ----a-w- C:\WINDOWS\system32\drivers\avgmfx86.sys
2009-05-20 17:50:38 . 2008-12-27 13:59:28 108552 ----a-w- C:\WINDOWS\system32\drivers\avgtdix.sys
2009-05-17 19:02:32 . 2009-05-18 18:44:20 322048 ----a-w- C:\WINDOWS\Internet Logs\xDB3.tmp
2009-05-13 18:53:53 . 2008-12-27 19:51:33 0 d-----w- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-05-12 20:18:56 . 2009-05-13 18:11:08 2709504 ----a-w- C:\WINDOWS\Internet Logs\xDB2.tmp
2009-04-17 18:36:45 . 2009-04-13 18:16:10 0 d-----w- C:\Program Files\Common Files\Adobe AIR
2009-04-17 18:36:39 . 2009-04-13 18:09:58 38208 ----a-w- C:\Documents and Settings\mike\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-04-17 18:23:20 . 2009-04-17 18:23:20 0 d-----w- C:\Program Files\Secunia
2009-04-13 18:15:38 . 2008-12-27 19:16:34 0 d-----w- C:\Program Files\Common Files\Adobe
2009-04-13 18:10:05 . 2009-04-13 18:10:05 0 d-----w- C:\Documents and Settings\mike\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-04-13 17:59:25 . 2008-12-27 14:11:26 0 d-----w- C:\Program Files\Java
2009-04-13 17:58:33 . 2009-04-13 17:58:33 152576 ----a-w- C:\Documents and Settings\mike\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-09 17:37:26 . 2009-04-02 19:28:36 0 d-----w- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2009-03-24 11:03:08 . 2009-03-24 11:03:08 7808 ----a-w- C:\WINDOWS\system32\drivers\psi_mf.sys
2009-03-15 20:00:26 . 2009-03-16 09:29:22 2754560 ----a-w- C:\WINDOWS\Internet Logs\xDB1.tmp
.

((((((((((((((((((((((((((((( [emailprotected]_15.59.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-07 21:25:25 . 2009-06-07 21:25:25 16384 C:\WINDOWS\Temp\Perflib_Perfdata_664.dat
+ 2006-02-28 12:00:00 . 2009-06-07 21:29:29 60740 C:\WINDOWS\system32\perfc009.dat
- 2006-02-28 12:00:00 . 2009-06-07 15:52:29 60740 C:\WINDOWS\system32\perfc009.dat
+ 2006-02-28 12:00:00 . 2009-06-07 21:29:29 400772 C:\WINDOWS\system32\perfh009.dat
- 2006-02-28 12:00:00 . 2009-06-07 15:52:29 400772 C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STManager"="C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-10-16 13:25:32 118784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 00:12:28 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38:38 866816]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-05-20 17:50:39 1947928]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50:42 155648]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22:30 155648]
"OpwareSE3"="C:\Program Files\ScanSoft\OmniPageSE3.0\OpwareSE3.exe" [2005-05-23 19:22:14 57344]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00:48 33648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-09-17 23:55:00 13574144]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-09-17 23:55:00 86016]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 15:18:56 981904]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-03-09 04:19:17 148888]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 16:10:28 35696]
"nwiz"="nwiz.exe" - C:\WINDOWS\system32\nwiz.exe [2008-09-17 23:55:00 1657376]

C:\Documents and Settings\mike\Start Menu\Programs\STARTUP\
Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe [2009-3-24 748840]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-9-23 415072]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 09:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05:34 356352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-20 17:50:42 11952 ----a-w- C:\WINDOWS\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RTHDCPL"=RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [27/12/2008 14:59:25 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [27/12/2008 14:59:28 108552]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [26/05/2009 10:05:54 9968]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [26/05/2009 10:05:52 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [27/12/2008 14:59:21 908568]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [27/12/2008 14:59:20 298776]
R2 olMntrService;olMntrService;C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe [03/01/2006 12:36:32 69632]
R3 PSI;PSI;C:\WINDOWS\system32\drivers\psi_mf.sys [24/03/2009 12:03:08 7808]
S2 gupdate1c969202e758636;Google Update Service (gupdate1c969202e758636);C:\Program Files\Google\Update\GoogleUpdate.exe [28/12/2008 20:12:04 133104]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe --> C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [26/05/2009 10:05:56 7408]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-06-07 C:\WINDOWS\Tasks\Google Software Updater.job
- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-27 14:36:54 . 2009-03-26 19:18:30]

2009-06-07 C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2008-12-28 19:12:04 . 2009-02-11 19:15:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {B87CCE2B-6BD3-40FB-8856-4D7E8D914875} = 193.36.79.100 80.10.246.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-07 22:45:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************Looks Ok.

Is there a reason that this is in the NteSvcs?

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUpMy Dad used to have Tune up Utilities installed.
Thanks again for all your help.Your WELCOME. Sorry to pressure you but it's kind of frustrating feeling like I may be leaving a computer half fixed.

These are important steps to finish up.

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

.
.
The above procedure will:

Delete: ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

.
----------

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

Solve : help re: HJT log please.?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment