Quick Luch Toolbar dissapeared, i suspect some kind of infection.

[pramoduwa]

I know i did install and remove some programs after using a couple of times. But, one of the program (Uniblue Driver scanner, which was downloaded from www.download.com)did not uninstall through add/remove so i downloaded Revo uninstaller to remove that program (again from download.com). After uninstalling that program i noticed that my Quicklunch toolbars next to the start button dissapeared (It may or may not be by that program but thats when i noticed change in my computer). I tried to restore quicklunch toolbar by right clicking on the buttom of the screen-->toolbars-->Quicklunch but it shows error message and says "can not creat toolbar". I do not know what went wrong.
I have win XP home SP3( now), IE 7. AVG antivirus, spyware balsater and spybot search and destroy. No infection has been reported by spybot and AVG, everytime i scan shows only few cookies only.
I have followed the instructions and attaching Attach.txt and Gmer.txt here with this post and DDs.txt is here in below.
Please help me bringing my Quicklunch and remove if there is any infection.
Thanks in advance.

Pramod


DDS (Version 1.0) - NTFSx86
Run by Pramod at 9:59:03.28 on Thu 12/04/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.542 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Documents and Settings\Pramod\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mWinlogon: UIHost=c:\windows\system32\logonuiX.exe
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\avgtoolbar.dll
BHO: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - c:\program files\piclensie\PicLens.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\avgtoolbar.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\avgtoolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe"
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRunOnce: [DelayShred] "c:\progra~1\mcafee\mshr\shrcl.exe" /p7 /q c:\docume~1\pramod\locals~1\tempor~1\content.ie5\g3v1v4z2\favico~3.sh! c:\docume~1\pramod\locals~1\tempor~1\content.ie5\8lk2xuc6\search~1.sh! c:\docume~1\pramod\locals~1\tempor~1\content.ie5\8lk2xuc6\favico~3.sh! c:\docume~1\pramod\locals~1\tempor~1\content.ie5\q4f4louc\favico~1.sh! c:\docume~1\pramod\locals~1\tempor~1\content.ie5\q4f4louc\favico~2.sh! c:\docume~1\pramod\locals~1\tempor~1\content.ie5\8lk2xuc6\favico~2.sh! c:\docume~1\pramod\locals~1\tempor~1\content.ie5\q4f4louc\favico~3.sh! c:\docume~1\pramod\locals~1\tempor~1\content.ie5\g3v1v4z2\fa9455~1.sh! c:\docume~1\pramod\locals~1\tempor~1\content.ie5\ca270kks\favico~4.sh! c:\docume~1\pramod\locals~1\tempor~1\content.ie5\q4f4louc\securi~1.sh! c:\docume~1\pramod\locals~1\tempor~1\content.ie5\ca270kks\fa9455~1.sh! c:\docume~1\pramod\locals~1\tempor~1\content.ie5\ca270kks\hover_~1.sh! c:\docume~1\pramod\locals~1\tempor~1\content.ie5\g3v1v4z2\favico~4.sh! c:\docume~1\pramod\locals~1\tempor~1\content.ie5\8lk2xuc6\fa9455~1.sh! c:\docume~1\pramod\locals~1\tempor~1\content.ie5\ca270kks\getdow~1.sh! c:\docume~1\pramod\locals~1\tempor~1\content.ie5\g3v1v4z2\fa9c55~1.sh! c:\docume~1\pramod\locals~1\tempor~1\content.ie5\g3v1v4z2\fa9065~1.sh! c:\docume~1\pramod\locals~1\tempor~1\content.ie5\q4f4louc\promo-~1.sh! c:\docume~1\pramod\locals~1\tempor~1\content.ie5\019lb6kn\FAVICO~1.SH!
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mPolicies-explorer: Registration = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - {8C85E2EE-9FD6-11D5-B770-504D54C10000}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-1 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-1 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-1 26824]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-1 90632]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-1 231704]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2008-12-1 1212184]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-9-30 935208]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-12-1 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-12-1 29208]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-14 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-14 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-8-14 42112]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.sys [2007-12-27 44928]

=============== Created Last 30 ================

2008-12-04 09:27 250 a------- c:\windows\gmer.ini
2008-12-03 15:28 <DIR> --d----- c:\program files\Photodex Presenter
2008-12-03 15:27 <DIR> --d----- c:\program files\Photodex
2008-12-03 15:27 <DIR> --d----- c:\docume~1\pramod\applic~1\Photodex
2008-12-03 15:01 <DIR> --d----- c:\program files\VS Revo Group
2008-12-03 14:48 <DIR> --d----- c:\program files\Uniblue
2008-12-03 14:38 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{D5ABFFAD-D592-4F98-B02B-587125B4801F}(2)
2008-12-01 13:25 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-12-01 13:25 12,936 a------- c:\windows\system32\drivers\avgrkx86.sys
2008-12-01 13:25 90,632 a------- c:\windows\system32\drivers\avgtdix.sys
2008-12-01 13:25 98,440 a------- c:\windows\system32\drivers\avgldx86.sys
2008-12-01 13:25 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-12-01 13:25 <DIR> --d----- c:\docume~1\pramod\applic~1\AVGTOOLBAR
2008-12-01 13:23 50,968 a------- c:\windows\system32\avgfwdx.dll
2008-12-01 13:23 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2008-12-01 13:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8
2008-12-01 11:02 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-25 19:14 <DIR> --d----- c:\program files\iPod
2008-11-25 19:14 <DIR> --d----- c:\program files\iTunes
2008-11-25 19:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-21 23:04 69 a------- c:\windows\NeroDigital.ini
2008-11-13 06:14 <DIR> --d----- c:\program files\common files\ODBC
2008-11-12 22:11 4,767 a------- c:\windows\Irremote.ini
2008-11-12 13:01 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 13:00 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 11:08 36 a------- c:\windows\mafosav.INI
2008-11-11 10:21 24 a------- c:\windows\LogonStudio.ini
2008-11-11 10:20 187,392 a------- c:\windows\system32\JPGUtils.dll
2008-11-11 10:20 <DIR> --d----- c:\program files\WinCustomize
2008-11-06 09:36 <DIR> --d----- c:\windows\Cache
2008-11-06 09:36 <DIR> --d----- c:\program files\Coupons
2008-11-04 10:30 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30 57,344 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2008-12-04 09:01 <DIR> --d----- c:\program files\SpywareBlaster
2008-12-03 15:23 <DIR> --d----- c:\docume~1\pramod\applic~1\uTorrent
2008-12-02 11:01 <DIR> --d----- c:\docume~1\pramod\applic~1\IObit
2008-12-02 11:01 <DIR> --d----- c:\program files\IObit
2008-11-14 12:47 <DIR> --d----- c:\program files\Comprehensive Review 3e
2008-11-12 22:09 <DIR> --d----- c:\program files\Nero
2008-11-12 21:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2008-11-11 10:29 2,780,672 a------- c:\windows\system32\logonuiX.exe
2008-11-08 14:41 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-07 19:02 <DIR> --d----- c:\program files\Kap.NCLEX
2008-10-03 12:41 6,066,176 a------- c:\windows\system32\dllcache\ieframe.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-15 07:12 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2008-09-10 18:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-09-09 20:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-09 20:14 1,307,648 -------- c:\windows\system32\dllcache\msxml6.dll
2008-09-08 05:41 333,824 -------- c:\windows\system32\dllcache\srv.sys
2008-08-27 19:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony Corporation
2008-07-31 13:45 <DIR> --d----- c:\docume~1\pramod\applic~1\Windows Search
2008-07-06 21:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Launcher
2008-07-05 22:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Graboid Inc
2008-07-05 22:00 <DIR> --d----- c:\docume~1\pramod\applic~1\Graboid Inc
2008-06-22 18:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TomTom
2008-06-22 18:44 <DIR> --d----- c:\docume~1\pramod\applic~1\TomTom
2008-06-21 21:48 <DIR> --d----- c:\docume~1\pramod\applic~1\WinFF
2008-06-16 16:57 <DIR> --d----- c:\docume~1\pramod\applic~1\McAfee
2008-05-16 20:14 <DIR> --d----- c:\docume~1\pramod\applic~1\TAIT3
2008-04-05 00:00 <DIR> --d----- c:\docume~1\pramod\applic~1\Auslogics
2008-03-21 11:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avanquest Software
2008-01-30 16:56 <DIR> --d----- c:\docume~1\pramod\applic~1\MozillaControl
2008-01-06 13:13 <DIR> --d----- c:\docume~1\pramod\applic~1\SuperNZB
2007-12-17 18:15 <DIR> --d----- c:\docume~1\pramod\applic~1\BitTorrent
2007-12-14 20:13 <DIR> --d----- c:\docume~1\pramod\applic~1\scar5
2007-12-07 19:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Grisoft
2007-11-19 17:17 <DIR> --d----- c:\docume~1\pramod\applic~1\OverDrive
2007-11-11 11:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2007-10-08 17:16 <DIR> --d----- c:\docume~1\pramod\applic~1\Symantec
2004-08-10 13:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI
2008-05-15 21:53 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051520080516\index.dat

============= FINISH: 9:59:30.32 ===============

[tetonbob]

Hello -

It seems this is more an issue with the Windows OS, and not a malware removal issue. I see no sign of active malware in those logs.

See if this helps:

http://support.microsoft.com/kb/555525

If not...

Answers to those questions will be better asked in our Windows XP support forum. The staff and members in that area will be better able to assist you with that.

[tetonbob]

Since this issue appears to be resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/secu...oval-help.html